review.tizen.org Git - platform/kernel/linux-amlogic.git/commit

author	Jiri Slaby <jslaby@suse.cz>
	Tue, 26 May 2020 14:56:32 +0000 (16:56 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 11 Jun 2020 07:22:22 +0000 (09:22 +0200)
commit	2b37e4f0ef5c8cd1d3de19d364dfcbefcc5114b2
tree	489161ffb1cc582b2f3f34e390b55d8955463e46	tree \| snapshot
parent	adf823fa2a53db5d119d90817778f263a3a47608	commit \| diff

tty: hvc_console, fix crashes on parallel open/close

commit 24eb2377f977fe06d84fca558f891f95bc28a449 upstream.

hvc_open sets tty->driver_data to NULL when open fails at some point.
Typically, the failure happens in hp->ops->notifier_add(). If there is
a racing process which tries to open such mangled tty, which was not
closed yet, the process will crash in hvc_open as tty->driver_data is
NULL.

All this happens because close wants to know whether open failed or not.
But ->open should not NULL this and other tty fields for ->close to be
happy. ->open should call tty_port_set_initialized(true) and close
should check by tty_port_initialized() instead. So do this properly in
this driver.

So this patch removes these from ->open:
* tty_port_tty_set(&hp->port, NULL). This happens on last close.
* tty->driver_data = NULL. Dtto.
* tty_port_put(&hp->port). This happens in shutdown and until now, this
must have been causing a reference underflow, if I am not missing
something.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: stable <stable@vger.kernel.org>
Reported-and-tested-by: Raghavendra <rananta@codeaurora.org>
Link: https://lore.kernel.org/r/20200526145632.13879-1-jslaby@suse.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>