Re: BUG: NULL pointer deref in tty port / uart

From: Jiri Olsa
Date: Wed May 18 2011 - 10:44:51 EST

Next message: Hillf Danton: "Re: [PATCH] sched: correct how RT task is picked"
Previous message: Lina Lu: "Re: CRED: Fix get_task_cred() and task_state() to not resurrect dead credentials"
In reply to: Alan Cox: "Re: BUG: NULL pointer deref in tty port / uart"
Next in thread: Alan Cox: "Re: BUG: NULL pointer deref in tty port / uart"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 18, 2011 at 03:36:36PM +0100, Alan Cox wrote:
> > have the same issue.. looks like we should not NULL the port->tty
> > if there's blocked open, but not sure what's exactly the logic
> > behind "port's block_open and count" ..
>
> A pending open is not a user of the tty as far as the rest of the stack
> is concerned. I also don't see why clearing port->tty is causing this
> crash because nothing on that path should ever be going via port->tty and
> it isn't safe to do so.
>
> > attached patch fixes it for me
>
> But still breaks on hangup where we can't do that.
>
> Where is port->tty getting misused to cause the crash, that is the bit
> I'm missing somewhere.

I think it's the

uart_update_termios in uart_dtr_rts (drivers/tty/serial/serial_core.c)

called path:

tty_port_block_til_ready
tty_port_raise_dtr_rts
uart_dtr_rts
uart_update_termios

jirka
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Hillf Danton: "Re: [PATCH] sched: correct how RT task is picked"
Previous message: Lina Lu: "Re: CRED: Fix get_task_cred() and task_state() to not resurrect dead credentials"
In reply to: Alan Cox: "Re: BUG: NULL pointer deref in tty port / uart"
Next in thread: Alan Cox: "Re: BUG: NULL pointer deref in tty port / uart"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]