Re: [PATCH] USB: cdc-acm: fix possible null pointer inacm_tty_hangup

From: Alan Cox
Date: Tue Aug 09 2011 - 05:40:13 EST

Next message: Pekka Enberg: "Re: [PATCH] slub: fix check_bytes() for slub debugging"
Previous message: KAMEZAWA Hiroyuki: "Re: [PATCH RFC] memcg: fix drain_all_stock crash"
In reply to: Vincent Palatin: "[PATCH] USB: cdc-acm: fix possible null pointer in acm_tty_hangup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 8 Aug 2011 15:38:20 -0700
Vincent Palatin <vpalatin@xxxxxxxxxxxx> wrote:

> Sometimes, acm_tty_hangup and acm_tty_close are called concurrently.
> This results in acm pointer being null in acm_tty_hangup and panics when
> it is dereferenced.

This is definitely not the way to attack the problem.

The tty port hangup and close logic will do all the needed locking and do
it right. The big problem here is touching tty->driver_data. If you have
a block of memory that is tied to the tty object lifetime it needs to get
destroyed when the tty object is destroyed not as close/hangup or you
still leave races.

Take a look at

tty_port_close
tty_port_hangup

and in particular for port internal sychronization of open/close/hangup
once only events at

port->ops->activate
port->ops->shutdown
port->ops->destruct

and for a tty lifetime object

tty->ops->shutdown

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pekka Enberg: "Re: [PATCH] slub: fix check_bytes() for slub debugging"
Previous message: KAMEZAWA Hiroyuki: "Re: [PATCH RFC] memcg: fix drain_all_stock crash"
In reply to: Vincent Palatin: "[PATCH] USB: cdc-acm: fix possible null pointer in acm_tty_hangup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]