renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-19 10:44:14 +08:00
Code
a2f892060f
linux-next/drivers
History
Jiri Slaby a2f892060f TTY: hvc, fix TTY refcounting 
A -next commit "TTY: HVC, use tty from tty_port" switched the driver
to use tty_port helper for tty refcounting. But it omitted to remove
manual tty refcounting from open, close and hangup. So now we are
getting random crashes caused by use-after-free:
Unable to handle kernel paging request for data at address 0xc0000003f9d550
Faulting instruction address: 0xc0000000001b7f40
Oops: Kernel access of bad area, sig: 11 [#1]
...
NIP: c0000000001b7f40 LR: c0000000001b7f14 CTR: c0000000000e04f0
...
NIP [c0000000001b7f40] .__kmalloc+0x70/0x230
LR [c0000000001b7f14] .__kmalloc+0x44/0x230
Call Trace:
[c0000003f68bf930] [c0000003f68bf9b0] 0xc0000003f68bf9b0 (unreliable)
[c0000003f68bf9e0] [c0000000001e5424] .alloc_fdmem+0x24/0x70
[c0000003f68bfa60] [c0000000001e54f8] .alloc_fdtable+0x88/0x130
[c0000003f68bfaf0] [c0000000001e5924] .dup_fd+0x384/0x450
[c0000003f68bfbd0] [c00000000009a310] .copy_process+0x880/0x11d0
[c0000003f68bfcd0] [c00000000009aee0] .do_fork+0x70/0x400
[c0000003f68bfdc0] [c0000000000141c4] .sys_clone+0x54/0x70
[c0000003f68bfe30] [c000000000009aa0] .ppc_clone+0x8/0xc

Fix that by complete removal of tty_kref_get/put in open/close/hangup
paths.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Reported-and-tested-by: Michael Neuling <mikey@neuling.org>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: ppc-dev <linuxppc-dev@lists.ozlabs.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-04-13 10:54:43 -07:00
..
accessibility
acpi Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-04-06 19:56:04 -07:00
amba
ata 1) AHCI regression fix. A recent "make driver conform to spec" change 2012-03-22 20:22:30 -07:00
atm Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
auxdisplay
base regmap: A couple of small fixes for 3.4 2012-04-07 09:56:00 -07:00
bcma
block Two fixes for regressions: 2012-04-06 17:54:53 -07:00
bluetooth Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
cdrom
char Merge branch 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile 2012-04-06 17:56:20 -07:00
clk
clocksource Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-03-29 16:53:48 -07:00
connector
cpufreq ARM: SoC fixes for 3.4-rc2 2012-04-05 22:13:39 -07:00
cpuidle Merge branches 'idle-fix' and 'misc' into release 2012-04-06 21:48:59 -04:00
crypto Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2012-03-22 18:15:32 -07:00
dca
devfreq ARM: global cleanups 2012-03-27 16:03:32 -07:00
dio
dma Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
edac Merge branch 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile 2012-04-06 17:56:20 -07:00
eisa
firewire Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
firmware
gpio gpio: tegra: Iterate over the correct number of banks 2012-04-04 13:13:18 -06:00
gpu Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
hid simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
hsi
hv
hwmon hwmon: (ad7314) Adds missing spi_dev initialization 2012-04-03 17:08:28 -07:00
hwspinlock
i2c Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
ide Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
idle simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
ieee802154
infiniband Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2012-03-29 23:17:44 -07:00
iommu Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
isdn ISDN: remove uses of isdn_tty_revision 2012-04-10 09:01:14 -07:00
leds MFD changes for 3.4 2012-03-28 13:56:35 -07:00
lguest
macintosh Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
mca
md md/raid1,raid10: don't compare excess byte during consistency check. 2012-04-03 15:39:23 +10:00
media ARM: cleanups of io includes 2012-03-29 18:02:10 -07:00
memstick
message Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
mfd Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
misc Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
mmc mmc: use really long write timeout to deal with crappy cards 2012-04-05 20:32:34 -04:00
mtd Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
net TTY: hso, use tty from tty_port 2012-04-09 11:18:36 -07:00
nfc
nubus Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
of GPIO changes for v3.4 2012-03-28 14:08:46 -07:00
oprofile simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
parisc Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
parport
pci Two fixes for regressions: 2012-04-06 17:54:53 -07:00
pcmcia Merge git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia 2012-03-29 16:00:48 -07:00
pinctrl
platform Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-03-30 16:45:39 -07:00
pnp Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-03-30 16:45:39 -07:00
power Various small bugfixes and enhancements, plus two new drivers: 2012-03-30 16:09:02 -07:00
pps
ps3
ptp
rapidio
regulator regulator: Fixes for -rc1 2012-04-04 10:09:30 -07:00
remoteproc simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
rpmsg
rtc Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
s390 TTY: tty3270, add tty_port 2012-04-09 11:28:17 -07:00
sbus Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
scsi Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
sfi
sh SuperH updates for 3.4 merge window 2012-03-30 00:09:17 -07:00
sn
spi Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
ssb
staging Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
target tcm_fc: Do not free tpg structure during wq allocation failure 2012-04-06 18:57:05 -07:00
tc
thermal thermal: Fix for setting the thermal zone mode to enable/disable 2012-03-22 01:10:18 -04:00
tty TTY: hvc, fix TTY refcounting 2012-04-13 10:54:43 -07:00
uio
usb TTY: usb/u_serial use close_wait from tty_port 2012-04-09 12:04:30 -07:00
uwb simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
vhost Merge branch 'vhost-net' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost 2012-03-23 14:46:48 -04:00
video ARM: SoC fixes for 3.4-rc2 2012-04-05 22:13:39 -07:00
virt
virtio virtio-pci: switch to PM ops macro to initialise PM functions 2012-03-31 08:09:51 +05:30
vlynq
w1
watchdog ARM: cleanups of io includes 2012-03-29 18:02:10 -07:00
xen Two fixes for regressions: 2012-04-06 17:54:53 -07:00
zorro
Kconfig Merge branch 'for-next' of git://gitorious.org/kernel-hsi/kernel-hsi 2012-04-02 09:50:40 -07:00
Makefile Merge branch 'for-next' of git://gitorious.org/kernel-hsi/kernel-hsi 2012-04-02 09:50:40 -07:00