From patchwork Mon Jul 27 09:59:05 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Young X-Patchwork-Id: 30259 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@bilbo.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from ozlabs.org (ozlabs.org [203.10.76.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mx.ozlabs.org", Issuer "CA Cert Signing Authority" (verified OK)) by bilbo.ozlabs.org (Postfix) with ESMTPS id 3B8BFB6EDF for ; Mon, 27 Jul 2009 19:59:24 +1000 (EST) Received: by ozlabs.org (Postfix) id 2BC60DDD01; Mon, 27 Jul 2009 19:59:24 +1000 (EST) Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id 9126DDDD0C for ; Mon, 27 Jul 2009 19:59:23 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755946AbZG0J7N (ORCPT ); Mon, 27 Jul 2009 05:59:13 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1755916AbZG0J7N (ORCPT ); Mon, 27 Jul 2009 05:59:13 -0400 Received: from mail-pz0-f204.google.com ([209.85.222.204]:63016 "EHLO mail-pz0-f204.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755913AbZG0J7M (ORCPT ); Mon, 27 Jul 2009 05:59:12 -0400 Received: by pzk42 with SMTP id 42so3227pzk.33 for ; Mon, 27 Jul 2009 02:59:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=aWq1QTLwkvlC/UVkJ21xhLnXUZ9CorA5vTJNeOQnpL4=; b=OXruocODSwSkprR7ZtRmiNThPMGMvRIFDbOp1ME6z+iOKyIuEbtDbcGT0ICH8TN/2X ot6riEL1yXrE80g5n1RCaQ4vneUkjSRGX70cYn8hn1ByWp73hP8DDp8/Pxyy3FF2XvTR 74zMU+9TcIX6n012gBGStJ/SooUy1Hnl320jY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=GQH3yMXiMbuHj2TARx8VeWQ/ULt/VN8LBZqgawEjMestFxM+MRCJ1QTHHpql0wIRTT aUAKLYUBN4wlJxTzZSWmQmWHuqgw775sa1Ij9Q+UNZZbthDFwIqnTCMABUyzkJS0efeu vilcoCAbXAGlEyj5FERzOiPyyP8Wek7tuL6oc= Received: by 10.115.19.4 with SMTP id w4mr9750847wai.90.1248688752477; Mon, 27 Jul 2009 02:59:12 -0700 (PDT) Received: from darkstar ([123.115.187.111]) by mx.google.com with ESMTPS id f21sm21296498rvb.0.2009.07.27.02.59.08 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 27 Jul 2009 02:59:11 -0700 (PDT) Date: Mon, 27 Jul 2009 17:59:05 +0800 From: Dave Young To: Alan Cox Cc: Marcel Holtmann , Oliver Hartkopp , Linux Netdev List , linux-bluetooth@vger.kernel.org Subject: Re: tty_register_device NULL pointer dereference in 2.6.31-rc4 Message-ID: <20090727095904.GA5442@darkstar> References: <4A6AD807.6060706@hartkopp.net> <20090725115011.7ddf8d00@lxorguk.ukuu.org.uk> <1248520053.28545.156.camel@violet> <20090725131046.0f076f37@lxorguk.ukuu.org.uk> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20090725131046.0f076f37@lxorguk.ukuu.org.uk> User-Agent: Mutt/1.5.19 (2009-01-05) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Sat, Jul 25, 2009 at 01:10:46PM +0100, Alan Cox wrote: > > > tty_register_device appears to have been called with a NULL pointer. Not > > > sure why however. > > > > if that is the pointer for the struct device, then that used to be fine > > in the past. Not all RFCOMM device have a parent when they are created. > > The tty layer doesn't care about the struct device really. Nothing there > has changed. The NULL passed appears to be the driver argument. Agree with you, because in rfcomm_init, rfcomm thread run before tty initilized, the following patch may fix the problem. oliver, could you verify it it fix your problem? --- rfcomm tty may be used before rfcomm_tty_driver initilized, reporting in: http://marc.info/?l=linux-bluetooth&m=124404919324542&w=2 make 3 changes: 1. remove #ifdef in rfcomm/core.c, make it blank function when rfcomm tty not selected in rfcomm.h 2. tune the rfcomm_init error patch to ensure tty driver initilized before any usage. 3. remove __exit for rfcomm_cleanup_sockets because above change need call it in a __init function. CC: Alan Cox Reported-by: Oliver Hartkopp Signed-off-by: Dave Young -- include/net/bluetooth/rfcomm.h | 13 ++++++++++++- net/bluetooth/rfcomm/core.c | 31 +++++++++++++++++++++---------- net/bluetooth/rfcomm/sock.c | 2 +- 3 files changed, 34 insertions(+), 12 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html --- linux-2.6.orig/include/net/bluetooth/rfcomm.h 2009-04-09 16:23:03.000000000 +0800 +++ linux-2.6/include/net/bluetooth/rfcomm.h 2009-07-27 17:14:43.000000000 +0800 @@ -355,7 +355,18 @@ struct rfcomm_dev_list_req { }; int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg); + +#ifdef CONFIG_BT_RFCOMM_TTY int rfcomm_init_ttys(void); void rfcomm_cleanup_ttys(void); - +#else +static inline int rfcomm_init_ttys(void) +{ + return 0; +} +static inline int rfcomm_cleanup_ttys(void) +{ + return 0; +} +#endif #endif /* __RFCOMM_H */ --- linux-2.6.orig/net/bluetooth/rfcomm/core.c 2009-06-16 17:39:32.000000000 +0800 +++ linux-2.6/net/bluetooth/rfcomm/core.c 2009-07-27 17:24:27.000000000 +0800 @@ -2080,28 +2080,41 @@ static CLASS_ATTR(rfcomm_dlc, S_IRUGO, r /* ---- Initialization ---- */ static int __init rfcomm_init(void) { + int ret; + l2cap_load(); + ret = rfcomm_init_sockets(); + if (ret) + goto out_sock; + + ret = rfcomm_init_ttys(); + if (ret) + goto out_tty; + hci_register_cb(&rfcomm_cb); rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); if (IS_ERR(rfcomm_thread)) { - hci_unregister_cb(&rfcomm_cb); - return PTR_ERR(rfcomm_thread); + ret = PTR_ERR(rfcomm_thread); + goto out_thread; } if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) BT_ERR("Failed to create RFCOMM info file"); - rfcomm_init_sockets(); - -#ifdef CONFIG_BT_RFCOMM_TTY - rfcomm_init_ttys(); -#endif - BT_INFO("RFCOMM ver %s", VERSION); return 0; + +out_thread: + hci_unregister_cb(&rfcomm_cb); +out_tty: + rfcomm_cleanup_ttys(); +out_sock: + rfcomm_cleanup_sockets(); + + return ret; } static void __exit rfcomm_exit(void) @@ -2112,9 +2125,7 @@ static void __exit rfcomm_exit(void) kthread_stop(rfcomm_thread); -#ifdef CONFIG_BT_RFCOMM_TTY rfcomm_cleanup_ttys(); -#endif rfcomm_cleanup_sockets(); } --- linux-2.6.orig/net/bluetooth/rfcomm/sock.c 2009-04-09 16:23:04.000000000 +0800 +++ linux-2.6/net/bluetooth/rfcomm/sock.c 2009-07-27 17:39:43.000000000 +0800 @@ -1132,7 +1132,7 @@ error: return err; } -void __exit rfcomm_cleanup_sockets(void) +void rfcomm_cleanup_sockets(void) { class_remove_file(bt_class, &class_attr_rfcomm);