Gabriele Brugnoni
01-11-2005, 06:10 AM
Hello,
I send this simple patch for the file hcd_1161.c version 1.11, the driver
for the Philips ISP1161 USB device.
This patch fix a problem that may happen when removing the device.
The original code call the free_irq before the hc_release_1161.
If an interrupt occurs after having freed the memory, the interrupt handler
will receive an invalid ohci structure, causing a kernel crash.
Considering that interrupts are generated every millisecond, the problem may
happen frequently (as in may experience).
Bye.
Gabriele B.
--- hcd_1161.c.orig 2004-02-04 19:10:36.000000000 +0100
+++ hcd_1161.c 2005-10-31 17:29:13.000000000 +0100
@@ -4068,8 +4068,14 @@
ohci_t *ohci = ohci_pci_dev.driver_data;
int irq = ohci->irq;
- hc_release_1161(ohci); /* release the 1161 hc */
+ /* ATTENTION!!!
+ The call to free_irq MUST BE done before calling the hc_release_1161.
+ Previous versions of this code call it after the release function,
+ causing frequently and dangerous exceptions, that occurs if and interrupt
+ is handled after having released the memory (with ohci pointer invalid).
+ */
free_irq(irq,ohci); /* Free interrupt line */
+ hc_release_1161(ohci); /* release the 1161 hc */
release_region(HC_IO_BASE, HC_IO_SIZE); /* release IO space */
ohci_1161_mem_cleanup (); /* Clean up global memory */
I send this simple patch for the file hcd_1161.c version 1.11, the driver
for the Philips ISP1161 USB device.
This patch fix a problem that may happen when removing the device.
The original code call the free_irq before the hc_release_1161.
If an interrupt occurs after having freed the memory, the interrupt handler
will receive an invalid ohci structure, causing a kernel crash.
Considering that interrupts are generated every millisecond, the problem may
happen frequently (as in may experience).
Bye.
Gabriele B.
--- hcd_1161.c.orig 2004-02-04 19:10:36.000000000 +0100
+++ hcd_1161.c 2005-10-31 17:29:13.000000000 +0100
@@ -4068,8 +4068,14 @@
ohci_t *ohci = ohci_pci_dev.driver_data;
int irq = ohci->irq;
- hc_release_1161(ohci); /* release the 1161 hc */
+ /* ATTENTION!!!
+ The call to free_irq MUST BE done before calling the hc_release_1161.
+ Previous versions of this code call it after the release function,
+ causing frequently and dangerous exceptions, that occurs if and interrupt
+ is handled after having released the memory (with ohci pointer invalid).
+ */
free_irq(irq,ohci); /* Free interrupt line */
+ hc_release_1161(ohci); /* release the 1161 hc */
release_region(HC_IO_BASE, HC_IO_SIZE); /* release IO space */
ohci_1161_mem_cleanup (); /* Clean up global memory */