From patchwork Thu Dec 8 19:04:48 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Grant Grundler X-Patchwork-Id: 130213 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 934341007D1 for ; Fri, 9 Dec 2011 06:04:57 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751105Ab1LHTEv (ORCPT ); Thu, 8 Dec 2011 14:04:51 -0500 Received: from mail-gx0-f174.google.com ([209.85.161.174]:61926 "EHLO mail-gx0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751051Ab1LHTEt convert rfc822-to-8bit (ORCPT ); Thu, 8 Dec 2011 14:04:49 -0500 Received: by ggnr5 with SMTP id r5so2337707ggn.19 for ; Thu, 08 Dec 2011 11:04:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-system-of-record; bh=RLbJfnHxI+WUxyNzkNGKnkg+SJVos0dwCczzvMltdn4=; b=XzNhF9b5msV1C624gqkfMsOx0jdSZFlG+HpEhuU9tTMYIQ8o5iZMfyK4bP4C1fC1jx QFL+o3s3ZwNTa2ndrtsg== Received: by 10.182.188.34 with SMTP id fx2mr951997obc.31.1323371088799; Thu, 08 Dec 2011 11:04:48 -0800 (PST) MIME-Version: 1.0 Received: by 10.182.188.34 with SMTP id fx2mr951989obc.31.1323371088690; Thu, 08 Dec 2011 11:04:48 -0800 (PST) Received: by 10.182.53.3 with HTTP; Thu, 8 Dec 2011 11:04:48 -0800 (PST) In-Reply-To: <20111208180208.GA16883@kroah.com> References: <20111208180208.GA16883@kroah.com> Date: Thu, 8 Dec 2011 11:04:48 -0800 X-Google-Sender-Auth: DgR8rULjKruDYl50BLY_9CIv-DQ Message-ID: Subject: Re: 3.0.8 kernel : NULL ptr deref in skb_queue_purge() From: Grant Grundler To: Greg KH Cc: netdev@vger.kernel.org, linux-usb@vger.kernel.org X-System-Of-Record: true Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Thu, Dec 8, 2011 at 10:02 AM, Greg KH wrote: > On Wed, Dec 07, 2011 at 02:40:49PM -0800, Grant Grundler wrote: >> Hi, >> I'm testing asix (USB 100BT ethernet adapter with AX88772) driver >> initialization (and shut down) paths and reproduced a >> "skb_queue_purge" panic 3 times after a few hundred/thousand >> iterations of rmmod/modprobe. I'm inclined to believe >> skb_queue_purge() is a victim and not a culprit here. >> >>  I don't know if all 3 "spontaneous reboots" I've seen have the same >> stack trace as the one I have a record for: > > Have you tried this on 3.1, and especially, 3.2-rc? Hi Greg, I haven't tried any thing later yet. I would consider it if someone could point at a change(s) that might be relevant to the symptom. >  A number of asix > patches have gone into the 3.2-rc series, perhaps they might have > resolved this problem already? I'm the one who submitted those changes. :) asix.c driver I'm testing was pulled directly from davem's net-next tree and I believe that's what is in 3.2-rc series now. Those changes only relate to AX88772 and AX88178 bind and reset code. suspend/resume support is unchanged - though I suspect ax*_reset functions get called in resume. It's possible this code path in asix.c has *always* been broken. I see two drivesr/net/usbnet USB drivers that do this: drivers/net/usb/cdc_ether.c 614 .reset_resume = usbnet_resume, drivers/net/usb/cdc_ncm.c 1193 .reset_resume = usbnet_resume, Even though most usbnet drivers don't, I'm tempted to add this code and "just try it": thanks! grant --- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/net/usb/asix.c b/drivers/net/usb/asix.c index e6fed4d..b2de65f 100644 --- a/drivers/net/usb/asix.c +++ b/drivers/net/usb/asix.c @@ -1666,6 +1666,7 @@ static struct usb_driver asix_driver = { .probe = usbnet_probe, .suspend = usbnet_suspend, .resume = usbnet_resume, + .reset_resume = usbnet_reset_resume, .disconnect = usbnet_disconnect, .supports_autosuspend = 1, };