* cdc-acm problems
@ 2004-01-13 12:05 Colin Leroy
2004-01-13 20:46 ` [PATCH] " Colin Leroy
2004-01-15 1:34 ` Benjamin Herrenschmidt
0 siblings, 2 replies; 3+ messages in thread
From: Colin Leroy @ 2004-01-13 12:05 UTC (permalink / raw)
To: linux-kernel, linuxppc-dev
[-- Attachment #1: Type: text/plain, Size: 1183 bytes --]
Hi,
I have problems with cdc-acm killing ohci. I tried to narrow down the problem,
but didn't get far.
Basically `killall -HUP pppd` gives (in dmesg):
drivers/usb/class/cdc-acm.c: acm_ctrl_irq - urb shutting down with status: -2
ohci_hcd 0001:01:1b.1: OHCI Unrecoverable Error, disabled
ohci_hcd 0001:01:1b.1: HC died; cleaning up
usb 4-1: USB disconnect, address 2
bus usb: remove device 4-1:1.0
bus usb: remove device 4-1:1.1
bus usb: remove device 4-1
I modified cdc-acm.c according to the attached patch, and noticed there may be
a buffer overflow: after applying this patch, `dmesg|grep high` gives:
drivers/usb/class/cdc-acm.c: databits index too high: 48
drivers/usb/class/cdc-acm.c: databits index too high: 48
drivers/usb/class/cdc-acm.c: databits index too high: 48
drivers/usb/class/cdc-acm.c: databits index too high: 48
drivers/usb/class/cdc-acm.c: databits index too high: 48
I'm on a Mac (big-endian). Maybe an endianness issue ?
My patch doesn't solve any problem, but maybe exposes one.
By the way, what's the difference between cpu_to_le32p() and cpu_to_le32() ?
I'm wondering because of the newline.speed = cpu_to_le32p(...) line (537).
Thanks,
--
Colin
[-- Attachment #2: cdc-acm.patch --]
[-- Type: application/octet-stream, Size: 1238 bytes --]
Index: drivers/usb/class/cdc-acm.c
===================================================================
RCS file: /home/cvsroot/linuxppc/drivers/usb/class/cdc-acm.c,v
retrieving revision 1.1.1.1
diff -u -u -r1.1.1.1 cdc-acm.c
--- drivers/usb/class/cdc-acm.c 8 Jan 2004 11:25:51 -0000 1.1.1.1
+++ drivers/usb/class/cdc-acm.c 13 Jan 2004 11:59:28 -0000
@@ -45,7 +45,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
-#undef DEBUG
+#define DEBUG
#include <linux/kernel.h>
#include <linux/errno.h>
@@ -530,7 +530,7 @@
struct termios *termios = tty->termios;
struct acm_line newline;
int newctrl = acm->ctrlout;
-
+ int offset = 0;
if (!ACM_READY(acm))
return;
@@ -539,7 +539,13 @@
newline.stopbits = termios->c_cflag & CSTOPB ? 2 : 0;
newline.parity = termios->c_cflag & PARENB ?
(termios->c_cflag & PARODD ? 1 : 2) + (termios->c_cflag & CMSPAR ? 2 : 0) : 0;
- newline.databits = acm_tty_size[(termios->c_cflag & CSIZE) >> 4];
+
+ offset = (termios->c_cflag & CSIZE) >> 4;
+ if (offset >= sizeof(acm_tty_size)) {
+ dbg("databits index too high: %d\n", offset);
+ offset = 3;
+ }
+ newline.databits = acm_tty_size[offset];
acm->clocal = ((termios->c_cflag & CLOCAL) != 0);
^ permalink raw reply [flat|nested] 3+ messages in thread* [PATCH] Re: cdc-acm problems
2004-01-13 12:05 cdc-acm problems Colin Leroy
@ 2004-01-13 20:46 ` Colin Leroy
2004-01-15 1:34 ` Benjamin Herrenschmidt
1 sibling, 0 replies; 3+ messages in thread
From: Colin Leroy @ 2004-01-13 20:46 UTC (permalink / raw)
To: linux-kernel; +Cc: linuxppc-dev
[-- Attachment #1: Type: text/plain, Size: 694 bytes --]
> I have problems with cdc-acm killing ohci. I tried to narrow down the problem,
> but didn't get far.
> Basically `killall -HUP pppd` gives (in dmesg):
>
> drivers/usb/class/cdc-acm.c: acm_ctrl_irq - urb shutting down with status: -2
> ohci_hcd 0001:01:1b.1: OHCI Unrecoverable Error, disabled
> ohci_hcd 0001:01:1b.1: HC died; cleaning up
> usb 4-1: USB disconnect, address 2
> bus usb: remove device 4-1:1.0
> bus usb: remove device 4-1:1.1
> bus usb: remove device 4-1
After having looked some more hours, it looks like acm_tty_close() unlinks
urbs too soon or something like that... The attached patch fixes it for me
(I don't think it's really clean, but it may help ?)
--
Colin
[-- Attachment #2: cdc-acm.diff --]
[-- Type: text/plain, Size: 1275 bytes --]
Index: drivers/usb/class/cdc-acm.c
===================================================================
RCS file: /home/cvsroot/linuxppc/drivers/usb/class/cdc-acm.c,v
retrieving revision 1.1.1.1
diff -u -u -r1.1.1.1 cdc-acm.c
--- drivers/usb/class/cdc-acm.c 8 Jan 2004 11:25:51 -0000 1.1.1.1
+++ drivers/usb/class/cdc-acm.c 13 Jan 2004 20:40:39 -0000
@@ -157,6 +157,7 @@
unsigned int minor; /* acm minor number */
unsigned char throttle; /* throttled by tty layer */
unsigned char clocal; /* termios CLOCAL */
+ unsigned int finish_remove; /* finish removing */
};
static struct usb_driver acm_driver;
@@ -214,8 +215,16 @@
goto exit;
}
- if (!ACM_READY(acm))
+ if (!ACM_READY(acm)) {
+ if (acm->finish_remove) {
+ dbg("unlinking urbs");
+ usb_unlink_urb(acm->ctrlurb);
+ usb_unlink_urb(acm->writeurb);
+ usb_unlink_urb(acm->readurb);
+ return;
+ }
goto exit;
+ }
switch (dr->bRequest) {
@@ -382,9 +391,7 @@
if (!--acm->used) {
if (acm->dev) {
acm_set_control(acm, acm->ctrlout = 0);
- usb_unlink_urb(acm->ctrlurb);
- usb_unlink_urb(acm->writeurb);
- usb_unlink_urb(acm->readurb);
+ acm->finish_remove = 1;
} else {
tty_unregister_device(acm_tty_driver, acm->minor);
acm_table[acm->minor] = NULL;
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: cdc-acm problems
2004-01-13 12:05 cdc-acm problems Colin Leroy
2004-01-13 20:46 ` [PATCH] " Colin Leroy
@ 2004-01-15 1:34 ` Benjamin Herrenschmidt
1 sibling, 0 replies; 3+ messages in thread
From: Benjamin Herrenschmidt @ 2004-01-15 1:34 UTC (permalink / raw)
To: Colin Leroy; +Cc: Linux Kernel list, linuxppc-dev list
On Tue, 2004-01-13 at 23:05, Colin Leroy wrote:
> Hi,
>
> I have problems with cdc-acm killing ohci. I tried to narrow down the problem,
> but didn't get far.
> Basically `killall -HUP pppd` gives (in dmesg):
>
> drivers/usb/class/cdc-acm.c: acm_ctrl_irq - urb shutting down with status: -2
> ohci_hcd 0001:01:1b.1: OHCI Unrecoverable Error, disabled
> ohci_hcd 0001:01:1b.1: HC died; cleaning up
The above is interesting, looks like a PCI error. I keep getting those
unrecoverable errors with those new USB2 capable chips, I don't know
what's going on yet. Can try this patch and tell me what it dumps ?
===== drivers/usb/host/ohci-hcd.c 1.53 vs edited =====
--- 1.53/drivers/usb/host/ohci-hcd.c Wed Dec 31 15:25:17 2003
+++ edited/drivers/usb/host/ohci-hcd.c Wed Jan 14 13:20:52 2004
@@ -316,6 +316,11 @@
/* ASSERT: any requests/urbs are being unlinked */
/* ASSERT: nobody can be submitting urbs for this any more */
+ if (!HCD_IS_RUNNING (ohci->hcd.state)) {
+ ed->state = ED_IDLE;
+ finish_unlinks (ohci, 0, 0);
+ }
+
epnum <<= 1;
if (epnum != 0 && !(ep & USB_DIR_IN))
epnum |= 1;
@@ -571,9 +576,17 @@
disable (ohci);
ohci_err (ohci, "OHCI Unrecoverable Error, disabled\n");
// e.g. due to PCI Master/Target Abort
+#if 1
+ if (hcd->pdev) {
+ u16 status;
+
+ pci_read_config_word(hcd->pdev, PCI_STATUS, &status);
+ printk(KERN_ERR "OHCI PCI Status: 0x%04x\n", status);
+ }
+#endif
ohci_dump (ohci, 1);
- hc_reset (ohci);
+ hc_reset (ohci);
}
if (ints & OHCI_INTR_WDH) {
===== drivers/usb/host/ohci-pci.c 1.20 vs edited =====
--- 1.20/drivers/usb/host/ohci-pci.c Tue Oct 28 15:36:00 2003
+++ edited/drivers/usb/host/ohci-pci.c Wed Jan 14 13:23:07 2004
@@ -36,6 +36,17 @@
int ret;
if (hcd->pdev) {
+#if 1
+ u16 status;
+
+ pci_read_config_word(hcd->pdev, PCI_STATUS, &status);
+ printk(KERN_ERR "OHCI PCI Status: 0x%04x\n", status);
+ if (status & 0xf900) {
+ printk(KERN_ERR "Initial error ! clearing ...\n");
+ pci_write_config_word(hcd->pdev, PCI_STATUS, status);
+ }
+#endif
+
ohci->hcca = pci_alloc_consistent (hcd->pdev,
sizeof *ohci->hcca, &ohci->hcca_dma);
if (!ohci->hcca)
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-01-15 1:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-01-13 12:05 cdc-acm problems Colin Leroy
2004-01-13 20:46 ` [PATCH] " Colin Leroy
2004-01-15 1:34 ` Benjamin Herrenschmidt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.