lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20110330210420.06ED33E1A05@tassilo.jf.intel.com>
Date:	Wed, 30 Mar 2011 14:04:19 -0700 (PDT)
From:	Andi Kleen <andi@...stfloor.org>
To:	ionut.nicu@...il.com, ionut.nicu@...dbit.ro, gregkh@...e.de,
	ak@...ux.intel.com, linux-kernel@...r.kernel.org,
	stable@...nel.org, tim.bird@...sony.com
Subject: [PATCH] [25/275] USB: ti_usb: fix module removal

2.6.35-longterm review patch.  If anyone has any objections, please let me know.

------------------
From: Ionut Nicu <ionut.nicu@...il.com>

commit b14de3857227cd978f515247853fd15cc2425d3e upstream.

If usb_deregister() is called after usb_serial_deregister() when
the device is plugged in, the following Oops occurs:

[   95.337377] BUG: unable to handle kernel NULL pointer dereference at 00000010
[   95.338236] IP: [<c0776b2d>] klist_put+0x12/0x62
[   95.338356] *pdpt = 000000003001a001 *pde = 0000000000000000
[   95.338356] Oops: 0000 [#1] SMP
[   95.340499] last sysfs file: /sys/devices/pci0000:00/0000:00:1d.2/usb8/idVendor
[   95.340499] Modules linked in: ti_usb_3410_5052(-) usbserial cpufreq_ondemand acpi_cpufreq mperf iptable_nat nf_nat iptable_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables ipv6 uinput arc4 ecb iwlagn iwlcore mac80211 cfg80211 microcode pcspkr acer_wmi joydev wmi sky2 [last unloaded: scsi_wait_scan]
[   95.341908]
[   95.341908] Pid: 1532, comm: modprobe Not tainted 2.6.37-rc7+ #6 Eiger                          /Aspire 5930
[   95.341908] EIP: 0060:[<c0776b2d>] EFLAGS: 00010246 CPU: 0
[   95.341908] EIP is at klist_put+0x12/0x62
[   95.341908] EAX: 00000000 EBX: eedc0c84 ECX: c09c21b4 EDX: 00000001
[   95.341908] ESI: 00000000 EDI: efaa0c1c EBP: f214fe2c ESP: f214fe1c
[   95.341908]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[   95.341908] Process modprobe (pid: 1532, ti=f214e000 task=efaaf080 task.ti=f214e000)
[   95.341908] Stack:
[   95.341908]  f214fe24 eedc0c84 efaaf080 efaa0c1c f214fe34 c0776ba8 f214fe5c c0776c76
[   95.341908]  c09c21b4 c09c21b4 eedc0c84 efaaf080 00000000 c0634398 eafe2d1c f7b515f0
[   95.341908]  f214fe6c c0631b5c eafe2d50 eafe2d1c f214fe7c c0631ba2 eafe2d1c eafe2c00
[   95.341908] Call Trace:
[   95.341908]  [<c0776ba8>] ? klist_del+0xd/0xf
[   95.341908]  [<c0776c76>] ? klist_remove+0x48/0x74
[   95.341908]  [<c0634398>] ? devres_release_all+0x49/0x51
[   95.341908]  [<c0631b5c>] ? __device_release_driver+0x7b/0xa4
[   95.341908]  [<c0631ba2>] ? device_release_driver+0x1d/0x28
[   95.341908]  [<c06317c4>] ? bus_remove_device+0x92/0xa1
[   95.341908]  [<c062f3d8>] ? device_del+0xf9/0x13e
[   95.341908]  [<f7b06146>] ? usb_serial_disconnect+0xd9/0x116 [usbserial]
[   95.341908]  [<c0681e3f>] ? usb_disable_interface+0x32/0x40
[   95.341908]  [<c0683972>] ? usb_unbind_interface+0x48/0xfd
[   95.341908]  [<c0631b43>] ? __device_release_driver+0x62/0xa4
[   95.341908]  [<c06320b9>] ? driver_detach+0x62/0x81
[   95.341908]  [<c0631a41>] ? bus_remove_driver+0x8f/0xae
[   95.341908]  [<c063214c>] ? driver_unregister+0x50/0x57
[   95.341908]  [<c0682f95>] ? usb_deregister+0x77/0x84
[   95.341908]  [<f7b505b6>] ? ti_exit+0x26/0x28 [ti_usb_3410_5052]
[   95.341908]  [<c046a307>] ? sys_delete_module+0x181/0x1de
[   95.341908]  [<c04e2727>] ? path_put+0x1a/0x1d
[   95.341908]  [<c047f4c5>] ? audit_syscall_entry+0x116/0x138
[   95.341908]  [<c04094df>] ? sysenter_do_call+0x12/0x28
[   95.341908] Code: 00 83 7d f0 00 74 09 85 f6 74 05 89 f0 ff 55 f0 8b 43 04 5a 5b 5e 5f 5d c3 55 89 e5 57 56 53 89 c3 83 ec 04 8b 30 83 e6 fe 89 f0 <8b> 7e 10 88 55 f0 e8 47 26 01 00 8a 55 f0 84 d2 74 17 f6 03 01
[   95.341908] EIP: [<c0776b2d>] klist_put+0x12/0x62 SS:ESP 0068:f214fe1c
[   95.341908] CR2: 0000000000000010
[   95.342357] ---[ end trace 8124d00ad871ad18 ]---

Signed-off-by: Ionut Nicu <ionut.nicu@...dbit.ro>
Signed-off-by: Greg Kroah-Hartman <gregkh@...e.de>
Signed-off-by: Andi Kleen <ak@...ux.intel.com>

---
 drivers/usb/serial/ti_usb_3410_5052.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: linux-2.6.35.y/drivers/usb/serial/ti_usb_3410_5052.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/serial/ti_usb_3410_5052.c	2011-03-29 22:51:58.334230542 -0700
+++ linux-2.6.35.y/drivers/usb/serial/ti_usb_3410_5052.c	2011-03-29 23:02:58.728332710 -0700
@@ -365,9 +365,9 @@
 
 static void __exit ti_exit(void)
 {
+	usb_deregister(&ti_usb_driver);
 	usb_serial_deregister(&ti_1port_device);
 	usb_serial_deregister(&ti_2port_device);
-	usb_deregister(&ti_usb_driver);
 }
 
 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ