rpms/kernel/F-11 linux-2.6-ftdi-oops.patch,1.1,1.2
David Woodhouse
dwmw2 at fedoraproject.org
Tue May 19 09:52:55 UTC 2009
Author: dwmw2
Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10346
Modified Files:
linux-2.6-ftdi-oops.patch
Log Message:
update changelog now it's upstream
linux-2.6-ftdi-oops.patch:
Index: linux-2.6-ftdi-oops.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/linux-2.6-ftdi-oops.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- linux-2.6-ftdi-oops.patch 18 May 2009 12:34:36 -0000 1.1
+++ linux-2.6-ftdi-oops.patch 19 May 2009 09:52:54 -0000 1.2
@@ -1,3 +1,35 @@
+commit 80193195f87ebca6d7417516d6edeb3969631c15
+Author: David Woodhouse <dwmw2 at infradead.org>
+Date: Mon May 18 13:07:35 2009 +0100
+
+ Fix oops on close of hot-unplugged FTDI serial converter
+
+ Commit c45d6320 ("fix reference counting of ftdi_private") stopped
+ ftdi_sio_port_remove() from directly freeing the port-private data, with
+ the intention if the port was still open, it would be freed when
+ ftdi_close() is eventually called and releases the last refcount on the
+ structure.
+
+ That's all very well, but ftdi_sio_port_remove() still contains a call
+ to usb_set_serial_port_data(port, NULL) -- so by the time we get to
+ ftdi_close() for the port which was unplugged, it _still_ oopses on
+ dereferencing that NULL pointer, as it did before (and does in 2.6.29).
+
+ The fix is just not to clear the private data in ftdi_sio_port_remove().
+ Then the refcount is properly reduced to zero when the final kref_put()
+ happens in ftdi_close().
+
+ Remove a bogus comment too, while we're at it. And stop doing things
+ inside "if (priv)" -- it must _always_ be there.
+
+ Based loosely on an earlier patch by Daniel Mack, and suggestions by
+ Alan Stern.
+
+ Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
+ Tested-by: Daniel Mack <daniel at caiaq.de>
+ Cc: stable at kernel.org
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
commit c45d63202fbaccef7ef7946c03f27f72c809b1cc
Author: Alan Stern <stern at rowland.harvard.edu>
Date: Thu Apr 30 10:06:19 2009 -0400
@@ -19,28 +51,6 @@ Date: Thu Apr 30 10:06:19 2009 -0400
Cc: stable <stable at kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
-
-Subject: [PATCH] Fix oops on close of hot-unplugged FTDI serial converter
-Date: Mon, 18 May 2009 00:53:17 +0100
-
-When the device is removed, ftdi_sio_port_remove() calls
-usb_set_serial_port_data(port, NULL).
-
-When userspace subsequently _closes_ the device, ftdi_close() oopses on
-dereferencing that NULL pointer.
-
-The fix is just not to clear the private data in ftdi_sio_port_remove().
-The refcount on the structure reaches zero when the port is closed by
-userspace and the final kref_put() happens in ftdi_close().
-
-Remove a bogus comment too, while we're at it. And stop doing things
-inside "if (priv)" -- it must _always_ be there.
-
-Based loosely on an earlier patch by Daniel Mack, and suggestions by
-Alan Stern.
-
-Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
-
--- a/drivers/usb/serial/ftdi_sio.c.29 2009-05-18 12:18:13.000000000 +0100
+++ b/drivers/usb/serial/ftdi_sio.c 2009-05-18 12:18:18.000000000 +0100
@@ -56,6 +56,7 @@ static __u16 vendor = FTDI_VID;
More information about the scm-commits
mailing list