Bug 15691
Summary: | mISDN hfcpci.c: module reference count underflow | ||
---|---|---|---|
Product: | Drivers | Reporter: | Andreas Mohr (andi) |
Component: | ISDN | Assignee: | Karsten Keil (kernel) |
Status: | RESOLVED OBSOLETE | ||
Severity: | high | CC: | alan, jackfritt |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 2.6.32.10 | Subsystem: | |
Regression: | No | Bisected commit-id: | |
Attachments: | Proposed fix |
Description
Andreas Mohr
2010-04-04 14:46:26 UTC
Hohumm, just found out that hfcsusb.c and several other mISDN drivers seem to have similar handling of B/D channels. Created attachment 26134 [details]
Proposed fix
This should fix this refcounting issue, it was not related to B-channel open/close, this is very easy. The issue is, that a L2 open of the D-channel
also implicit opens the L1 of the D-channel in some places, but not call the L1 open, but closing the D-channel, calls close for all entities (TEI manager, L2 and the stack itself) - but the TEI manager did not call open, so the refcount was not increased.
Note, that if you use NT mode, the L2 stack will be not shutdown on closing the L2
sockets by default (which result in a positiv refcount). You can set a flag to do the shutdown on close after open the socket, or use the clean_layer2 utility to shutdown the NT l2 instances (which then should result in a refcount of zero). This is not new behavior, but was hidden by the refcounting bug.
Ah, that sounds about right, thanks! I'd think that normally a lower layer should validate (be protected against) any rogue input given by upper layers (thus a reference count issue would be avoided). However in the Linux module reference count implementation case this would be difficult since one would have to implement some user tracking to judge on whether a certain user is entitled to call close or not. Which probably isn't such a terribly good excuse for current reference count handling, but... But at least it's good to see an existing issue in the upper layer fixed, thank you for this streamlined processing! I'm currently unable to test the patch, but feel free to ask for testing (once circumstances allow for that). Patch works out of the box without problems. Tested with hfcmulti and hfcpci. Maybe this can go into the kernel tree ? hf, Joerg |