ucom panic
Eirik Nygaard
eirikn at kerneled.com
Thu May 27 06:26:38 PDT 2004
On Thu, May 27, 2004 at 08:15:44PM +0900, YONETANI Tomokazu wrote:
> Hello.
> After the device layer rollup commit, ucom driver panics when
> I disconnect from a tip(1) session. Attached is the backtrace
> from the panic. The problem is that ucomclose() is releasing
> tp->t_dev too early, and ucomstop() passes it to minor()
> without chacking the value, resulting in a NULL-pointer dereference.
> I'm not sure how to fix this, but I think you have to push down
> the following block in usbclose()
>
> if (tp->t_dev) {
> release_dev(tp->t_dev);
> tp->t_dev = NULL;
> }
>
> down to somewhere after the label `quit:'.
That fix looks right as far as I can tell. Have you tried it out?
If not, could you do it, and let me know if it does work so I can commit
it?
--
Eirik Nygaard
eirikn at xxxxxxxxxxxx Never let a computer know you're in a hurry.
More information about the Bugs
mailing list