drivers/tty · 24eb2377f977fe06d84fca558f891f95bc28a449 · Upstream / linux-stable

tty: hvc_console, fix crashes on parallel open/close

Jiri Slaby authored 5 years ago

hvc_open sets tty->driver_data to NULL when open fails at some point.
Typically, the failure happens in hp->ops->notifier_add(). If there is
a racing process which tries to open such mangled tty, which was not
closed yet, the process will crash in hvc_open as tty->driver_data is
NULL.

All this happens because close wants to know whether open failed or not.
But ->open should not NULL this and other tty fields for ->close to be
happy. ->open should call tty_port_set_initialized(true) and close
should check by tty_port_initialized() instead. So do this properly in
this driver.

So this patch removes these from ->open:
* tty_port_tty_set(&hp->port, NULL). This happens on last close.
* tty->driver_data = NULL. Dtto.
* tty_port_put(&hp->port). This happens in shutdown and until now, this
  must have been causing a reference underflow, if I am not missing
  something.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: stable <stable@vger.kernel.org>
Reported-and...

24eb2377

Name	Last commit	Last update
..
hvc	tty: hvc_console, fix crashes on parallel open/close	5 years ago
ipwireless	tty: add SPDX identifiers to Kconfig and Makefiles	6 years ago
serdev	serdev: Fix detection of UART devices on Apple machines.	5 years ago
serial	serial: imx: Initialize lock for non-registered console	5 years ago
vt	Merge 5.7-rc5 into tty-next	5 years ago
Kconfig	tty: reorganize tty & serial menus	5 years ago
Makefile	tty: Add NULL TTY driver	6 years ago
amiserial.c	Remove every trace of SERIAL_MAGIC	5 years ago
cyclades.c	remove ioremap_nocache and devm_ioremap_nocache	5 years ago
ehv_bytechan.c	tty: evh_bytechan: Fix out of bounds accesses	5 years ago
goldfish.c	headers: separate linux/mod_devicetable.h from linux/platform_device.h	6 years ago
isicom.c	tty/isicom: remove redundant assignment to variable word_count	5 years ago
mips_ejtag_fdc.c	tty: mips_ejtag_fdc: Mark expected switch fall-through	5 years ago
moxa.c	remove ioremap_nocache and devm_ioremap_nocache	5 years ago
moxa.h	tty: moxa: Add support for CMSPAR	7 years ago
mxser.c	tty: mxser: make mxser_change_speed() return void	5 years ago
mxser.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	7 years ago
n_gsm.c	tty: n_gsm: Fix bogus i++ in gsm_data_kick	5 years ago
n_hdlc.c	tty: n_hdlc, remove FILE and LINE from pr_debug	5 years ago
n_null.c	tty: Remove redundant license text	7 years ago
n_r3964.c	tty: Don't block on IO when ldisc change is pending	6 years ago
n_tracerouter.c	tty: Remove redundant license text	7 years ago
n_tracesink.c	tty: Remove redundant license text	7 years ago
n_tracesink.h	tty: n_tracesink: Use the correct style for SPDX License Identifier	5 years ago
n_tty.c	n_tty: Distribute switch variables for initialization	5 years ago
nozomi.c
pty.c
rocket.c
rocket.h
rocket_int.h
synclink.c
synclink_gt.c
synclinkmp.c
sysrq.c
tty_audit.c
tty_baudrate.c
tty_buffer.c
tty_io.c
tty_ioctl.c
tty_jobctrl.c
tty_ldisc.c
tty_ldsem.c
tty_mutex.c
tty_port.c
ttynull.c
vcc.c

GitLab

Menu

Download source code

Download this directory