diff options
| author | Denis Joseph Barrow <D.Barow@option.com> | 2008-11-25 03:27:50 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-11-25 03:27:50 -0500 |
| commit | 4a3e818181e1baf970e9232ca8b747e233176b87 (patch) | |
| tree | 81b61003ba0ab52b89cca0792fab63c12aeff344 /drivers | |
| parent | bab04c3adbb55aeb5e8db60522f14ce0bb0d4179 (diff) | |
hso: Fix crashes on close.
Moved serial_open_count in hso_serial_open to
prevent crashes owing to the serial structure being made NULL
when hso_serial_close is called even though hso_serial_open
returned -ENODEV, Alan Cox pointed out this happens,
also put in sanity check in hso_serial_close
to check for a valid serial structure which should prevent
the most reproducable crash in the driver when the hso device
is disconnected while in use.
Signed-off-by: Denis Joseph Barrow <D.Barow@option.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/net/usb/hso.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c index cee1d2a280bd..d5857321979b 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c | |||
| @@ -1235,6 +1235,11 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) | |||
| 1235 | } | 1235 | } |
| 1236 | 1236 | ||
| 1237 | mutex_lock(&serial->parent->mutex); | 1237 | mutex_lock(&serial->parent->mutex); |
| 1238 | /* check for port already opened, if not set the termios */ | ||
| 1239 | /* The serial->open count needs to be here as hso_serial_close | ||
| 1240 | * will be called even if hso_serial_open returns -ENODEV. | ||
| 1241 | */ | ||
| 1242 | serial->open_count++; | ||
| 1238 | result = usb_autopm_get_interface(serial->parent->interface); | 1243 | result = usb_autopm_get_interface(serial->parent->interface); |
| 1239 | if (result < 0) | 1244 | if (result < 0) |
| 1240 | goto err_out; | 1245 | goto err_out; |
| @@ -1246,8 +1251,6 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) | |||
| 1246 | tty->driver_data = serial; | 1251 | tty->driver_data = serial; |
| 1247 | serial->tty = tty; | 1252 | serial->tty = tty; |
| 1248 | 1253 | ||
| 1249 | /* check for port already opened, if not set the termios */ | ||
| 1250 | serial->open_count++; | ||
| 1251 | if (serial->open_count == 1) { | 1254 | if (serial->open_count == 1) { |
| 1252 | tty->low_latency = 1; | 1255 | tty->low_latency = 1; |
| 1253 | serial->rx_state = RX_IDLE; | 1256 | serial->rx_state = RX_IDLE; |
| @@ -1285,6 +1288,10 @@ static void hso_serial_close(struct tty_struct *tty, struct file *filp) | |||
| 1285 | u8 usb_gone; | 1288 | u8 usb_gone; |
| 1286 | 1289 | ||
| 1287 | D1("Closing serial port"); | 1290 | D1("Closing serial port"); |
| 1291 | if (serial == NULL || serial->magic != HSO_SERIAL_MAGIC) { | ||
| 1292 | D1("invalid serial structure bailing out.\n"); | ||
| 1293 | return; | ||
| 1294 | } | ||
| 1288 | 1295 | ||
| 1289 | mutex_lock(&serial->parent->mutex); | 1296 | mutex_lock(&serial->parent->mutex); |
| 1290 | usb_gone = serial->parent->usb_gone; | 1297 | usb_gone = serial->parent->usb_gone; |