[PATCH] hvc_console fix to protect hvc_write against ldisc writeafter hvc_close

[Ryan Arnold]

Andrew,

Due to the tty ldisc code not stopping write operations against a driver
even after a tty has been closed I added a mechanism to hvc_console in
my previous patch to prevent this by nulling out the tty->driver_data in
hvc_close() but I forgot to check tty->driver_data in hvc_write(). 
Anton Blanchard got several oops'es from hvc_write() accessing NULL as
if it were a pointer to an hvc_struct usually stored in
tty->driver_data.

So this patch checks tty->driver_data in hvc_write() before it is used. 
Hopefully once Alan Cox's patch is checked in ldisc writes won't
continue to happen after tty closes.

Anton Blanchard has tested this patch and is unable to reproduce the
oops with it applied.

Changelog:
drivers/char/hvc_console.c
-Added comment to hvc_close() to explain the reason for NULLing
tty->driver_data.
-Added check to hvc_write() to verify that tty->driver_data is valid
(NOT NULL) which would be the case if the write operation was invoked
after a tty close was initiated on the tty.

Thanks,

Ryan S. Arnold
IBM Linux Technology Center
Signed-off-by: Ryan S. Arnold <rsa@xxxxxxxxxx>
--- linux-2.6.9-rc1/drivers/char/hvc_console.c	Fri Sep 10 15:14:57 2004
+++ hvc_console_working_linux-2.6.9-rc1/drivers/char/hvc_console.c	Mon Sep 13 10:29:53 2004
@@ -265,6 +265,11 @@
 		 */
 		tty_wait_until_sent(tty, HVC_CLOSE_WAIT);
 
+		/*
+		 * Since the line disc doesn't block writes during tty close
+		 * operations we'll set driver_data to NULL and then make sure
+		 * to check tty->driver_data for NULL in hvc_write().
+		 */
 		tty->driver_data = NULL;
 
 		if (irq != NO_IRQ)
@@ -418,6 +423,10 @@
 	struct hvc_struct *hp = tty->driver_data;
 	int written;
 
+	/* This write was probably executed during a tty close. */
+	if (!hp)
+		return -EPIPE;
+
 	if (from_user)
 		written = __hvc_write_user(hp, buf, count);
 	else