• Francesco Lavra's avatar
    USB: cdc_acm: Fix memory leak after hangup · 051522bb
    Francesco Lavra authored
    Am Donnerstag, 10. September 2009 15:43:53 schrieb Dietmar Hilbrich:
    > Hello,
    >
    > i have the following problem with the cdc-acm - driver:
    >
    > I'm using the driver with an "Ericsson F3507G" on a Thinkpad T400.
    >
    > If a disable the device (with the RFKill-Switch) while it is used by a
    > programm like ppp, the driver doesn't seem to correctly clean up the tty,
    > even after the program has been closed)
    >
    > The tty is still active (e.g. there still exists an entry in
    > /sys/dev/char/166:0 if ttyACM0 was used) and if a reacticate the device,
    > this device entry will be skipped and the Device-Nodes ttyACM1, ttyACM2
    > and ttyACM3 will be used.
    >
    > This problem was introduced with the commit
    > 10077d4a (before 2.6.31-rc1) and still
    > exists in 2.6.31.
    >
    > I was able the fix this problem with the following patch:
    >
    > diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
    > index 2bfc41e..0970d2f 100644
    > --- a/drivers/usb/class/cdc-acm.c
    > +++ b/drivers/usb/class/cdc-acm.c
    > @@ -676,6 +676,7 @@ static void acm_tty_hangup(struct tty_struct *tty)
    >         struct acm *acm = tty->driver_data;
    >         tty_port_hangup(&acm->port);
    >         acm_port_down(acm, 0);
    > +       acm_tty_unregister(acm);
    >  }
    
    I have the same problem with cdc-acm (I'm using a Samsung SGH-U900): when I
    unplug it from the USB port during a PPP connection, the ppp daemon gets the
    hangup correctly (and closes the device), but the struct acm corresponding to
    the device disconnected is not freed. Hence reconnecting the device results in
    creation of /dev/ttyACM(x+1). The same happens when the system is hibernated
    during a PPP connection.
    
    This memory leak is due to the fact that when the tty is hung up,
    tty_port_close_start() returns always zero, and acm_tty_close() never reaches
    the point where acm_tty_unregister() is called.
    
    Here is a fix for this.
    Signed-off-by: default avatarFrancesco Lavra <francescolavra@interfree.it>
    Acked-by: default avatarOliver Neukum <oliver@neukum.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
    051522bb
cdc-acm.c 42.6 KB