git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7650cd9)
USB: serial: sierra driver indat_callback fix
authorElina Pasheva <epasheva@sierrawireless.com>
Mon, 15 Feb 2010 22:50:14 +0000 (14:50 -0800)
committerGreg Kroah-Hartman <gregkh@suse.de>
Tue, 2 Mar 2010 22:55:03 +0000 (14:55 -0800)
A crash has been reported with sierra driver on disconnect with
Ubuntu/Lucid distribution based on kernel-2.6.32.
The cause of the crash was determined as "NULL tty pointer was being
referenced" and the NULL pointer was passed by sierra_indat_callback().

This patch modifies sierra_indat_callback() function to check for NULL
tty structure pointer. This modification prevents a crash from happening
when the device is disconnected.

This patch fixes the bug reported in Launchpad:
  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/511157

Signed-off-by: Elina Pasheva <epasheva@sierrawireless.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/usb/serial/sierra.c patch | blob | history

diff --git a/drivers/usb/serial/sierra.c b/drivers/usb/serial/sierra.c
index 6aeea40..fcec466 100644 (file)
--- a/drivers/usb/serial/sierra.c
+++ b/drivers/usb/serial/sierra.c
@@ -594,14 +594,17 @@ static void sierra_indat_callback(struct urb *urb)
        } else {
                if (urb->actual_length) {
                        tty = tty_port_tty_get(&port->port);
-
-                       tty_buffer_request_room(tty, urb->actual_length);
-                       tty_insert_flip_string(tty, data, urb->actual_length);
-                       tty_flip_buffer_push(tty);
-
-                       tty_kref_put(tty);
-                       usb_serial_debug_data(debug, &port->dev, __func__,
-                               urb->actual_length, data);
+                       if (tty) {
+                               tty_buffer_request_room(tty,
+                                       urb->actual_length);
+                               tty_insert_flip_string(tty, data,
+                                       urb->actual_length);
+                               tty_flip_buffer_push(tty);
+
+                               tty_kref_put(tty);
+                               usb_serial_debug_data(debug, &port->dev,
+                                       __func__, urb->actual_length, data);
+                       }
                } else {
                        dev_dbg(&port->dev, "%s: empty read urb"
                                " received\n", __func__);
Pandora Kernel Repository