[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110518004420.2b8f5da9@bob.linux.org.uk>
Date: Wed, 18 May 2011 00:44:20 +0100
From: Alan Cox <alan@...ux.intel.com>
To: Frederic Weisbecker <fweisbec@...il.com>
Cc: Kay Sievers <kay.sievers@...y.org>,
Greg Kroah-Hartman <gregkh@...e.de>,
Arnd Bergmann <arnd@...db.de>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: BUG: NULL pointer deref in tty port / uart
> echo 1 > /dev/ttyS4 # which blocks
>
> And on another console:
>
> cat /dev/ttyS4 # which blocks
>
> Then Ctrl + C the echo in the first console. This produces the
> following trace:
First cat is in tty_port_block_til_ready, second cat joins it there. ^C
causes one to close, which wakes the second which goes around the loop
again, tries to raise the carrier and explodes, it seems because
someone trashed memory it is using.
Not quite sure why at this point
On the first exit of the open path port->count is 1 which is as we want
it. Close takes it down to zero which triggers the port shutdown path
which is as we want. We clean up port->tty and shut down the port.
Seeing the second pending open we wake it which is when it goes kaboom
Nothing obvious strikes me from reading the code.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists