234746 – reading/writing ftdi_sio's device attributes through sysfs produces Oops

Bug 234746 - reading/writing ftdi_sio's device attributes through sysfs produces Oops

Summary: reading/writing ftdi_sio's device attributes through sysfs produces Oops

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	427887
TreeView+	depends on / blocked

Reported:	2007-04-01 12:34 UTC by Boris Zingerman
Modified:	2008-02-08 04:27 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-02-08 04:27:20 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
call trace from dmesg output (2.72 KB, text/plain) 2007-04-27 10:28 UTC, Tuomas Mursu	no flags	Details
View All

Description Boris Zingerman 2007-04-01 12:34:04 UTC

Description of problem:

reading/writing latency_timer file created by ftdio_sio
driver in sysfs produces NULL pointer dereferencing. The problem is 
that these lines: 

struct usb_serial_port *port = to_usb_serial_port(dev);
struct ftdi_private *priv = usb_get_serial_port_data(port);

in all sysfs attribute callbacks produce wrong pointer to
usb_serial_port, because "struct device" pointer passed to
device_create_file in "create_sysfs_attrs" doesn't points
to "struct device" embedded in usb_serial_port. (In my case
above "priv" pointer turns out to be NULL, but kernel could
crash even earlier while dereferencing "port" pointer)


Version-Release number of selected component (if applicable):

kernel-2.6.20-1.2933.fc6

How reproducible:


Steps to Reproduce:
1. Connect device with FTDI chip
2. read above mentioned latency_timer file from sysfs
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Tuomas Mursu 2007-04-27 10:25:05 UTC

This causes my FTDI device not to work at all in F7T3 and F7T4. After plugging
in the device I get Oops and a Call Trace, and the kernel never notices the
device again.

Comment 2 Tuomas Mursu 2007-04-27 10:28:01 UTC

Created attachment 153596 [details]
call trace from dmesg output

Comment 3 Tuomas Mursu 2007-06-07 14:31:01 UTC

This still applies on F7. Connecting the device causes the same crash as seen on
T3 and T4, and also seems to bump load averages up to constant 2.00+.

Comment 4 Jon Stanley 2008-01-08 01:54:13 UTC

(This is a mass-update to all current FC6 kernel bugs in NEW state)

Hello,

I'm reviewing this bug list as part of the kernel bug triage project, an attempt
to isolate current bugs in the Fedora kernel.

http://fedoraproject.org/wiki/KernelBugTriage

I am CC'ing myself to this bug, however this version of Fedora is no longer
maintained.

Please attempt to reproduce this bug with a current version of Fedora (presently
Fedora 8). If the bug no longer exists, please close the bug or I'll do so in a
few days if there is no further information lodged.

Thanks for using Fedora!

Comment 5 Jon Stanley 2008-02-08 04:27:20 UTC

Per the previous comment in this bug, I am closing it as INSUFFICIENT_DATA,
since no information has been lodged for over 30 days.

Please re-open this bug or file a new one if you can provide the requested data,
and thanks for filing the original report!

Note You need to log in before you can comment on or make changes to this bug.