From: Francesco Lavra Date: Tue, 3 Nov 2009 10:53:07 +0000 (+0000) Subject: USB: cdc_acm: Fix memory leak after hangup X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=051522bb47797f7168a617a0752d7ddc1a2f6f24;p=openwrt%2Fstaging%2Fblogic.git USB: cdc_acm: Fix memory leak after hangup Am Donnerstag, 10. September 2009 15:43:53 schrieb Dietmar Hilbrich: > Hello, > > i have the following problem with the cdc-acm - driver: > > I'm using the driver with an "Ericsson F3507G" on a Thinkpad T400. > > If a disable the device (with the RFKill-Switch) while it is used by a > programm like ppp, the driver doesn't seem to correctly clean up the tty, > even after the program has been closed) > > The tty is still active (e.g. there still exists an entry in > /sys/dev/char/166:0 if ttyACM0 was used) and if a reacticate the device, > this device entry will be skipped and the Device-Nodes ttyACM1, ttyACM2 > and ttyACM3 will be used. > > This problem was introduced with the commit > 10077d4a6674f535abdbe25cdecb1202af7948f1 (before 2.6.31-rc1) and still > exists in 2.6.31. > > I was able the fix this problem with the following patch: > > diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c > index 2bfc41e..0970d2f 100644 > --- a/drivers/usb/class/cdc-acm.c > +++ b/drivers/usb/class/cdc-acm.c > @@ -676,6 +676,7 @@ static void acm_tty_hangup(struct tty_struct *tty) > struct acm *acm = tty->driver_data; > tty_port_hangup(&acm->port); > acm_port_down(acm, 0); > + acm_tty_unregister(acm); > } I have the same problem with cdc-acm (I'm using a Samsung SGH-U900): when I unplug it from the USB port during a PPP connection, the ppp daemon gets the hangup correctly (and closes the device), but the struct acm corresponding to the device disconnected is not freed. Hence reconnecting the device results in creation of /dev/ttyACM(x+1). The same happens when the system is hibernated during a PPP connection. This memory leak is due to the fact that when the tty is hung up, tty_port_close_start() returns always zero, and acm_tty_close() never reaches the point where acm_tty_unregister() is called. Here is a fix for this. Signed-off-by: Francesco Lavra Acked-by: Oliver Neukum Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index b72fa49eb257..e4eca7810bcf 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -686,15 +686,21 @@ static void acm_tty_close(struct tty_struct *tty, struct file *filp) /* Perform the closing process and see if we need to do the hardware shutdown */ - if (!acm || tty_port_close_start(&acm->port, tty, filp) == 0) + if (!acm) + return; + if (tty_port_close_start(&acm->port, tty, filp) == 0) { + mutex_lock(&open_mutex); + if (!acm->dev) { + tty_port_tty_set(&acm->port, NULL); + acm_tty_unregister(acm); + tty->driver_data = NULL; + } + mutex_unlock(&open_mutex); return; + } acm_port_down(acm, 0); tty_port_close_end(&acm->port, tty); - mutex_lock(&open_mutex); tty_port_tty_set(&acm->port, NULL); - if (!acm->dev) - acm_tty_unregister(acm); - mutex_unlock(&open_mutex); } static int acm_tty_write(struct tty_struct *tty,