Re: [PATCH] Fix refcount leak in tty_port.c

From: Peter Hurley
Date: Wed Jul 24 2013 - 10:12:00 EST

Next message: Ben Hutchings: "[22/85] ASoC: wm8962: Remove remaining direct register cache accesses"
Previous message: Ben Hutchings: "[37/85] [SCSI] mpt2sas: fix firmware failure with wrong taskattribute"
Next in thread: Greg KH: "Re: [PATCH] Fix refcount leak in tty_port.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 07/12/2013 10:04 AM, Peter Hurley wrote:

On 07/12/2013 06:30 AM, Gustavo Padovan wrote:
Hi Gianluca,

* Gianluca Anzolin <gianluca@xxxxxxxxxxxxxx> [2013-07-09 10:35:35 +0200]:

Hello,

In linux 3.10 in the file drivers/tty/tty_port.c the function
tty_port_tty_hangup may leak a tty reference:

struct tty_struct *tty = tty_port_tty_get(port);

if (tty && (!check_clocal || !C_CLOCAL(tty))) {
tty_hangup(tty);
tty_kref_put(tty);
}

If tty != NULL and the second condition is false we never call tty_kref_put and
the reference is leaked.

Good catch.

Fix by nesting two if statements.

Signed-off-by: Gianluca Anzolin <gianluca@xxxxxxxxxxxxxx>

As mentioned by Gianluca this is a regression of aa27a094 and we depend on
this patch to go ahead with some fixes in the bluetooth subsystem.

Gustavo,

There's no direct dependency; ie., there aren't merge issues here.
We should progress with the fixes to rfcomm independent of this patch.

Gianluca, it might help if you send a proper git inline formated patch,
mentioning the issue and which regression you are fixing. It makes
maintainer's life easier.

As Gustavo points out, please inline the patch otherwise commenters
have to do it for you.

Gianluca,

I think Greg may be expecting you to address the comments from myself
and Gustavo before accepting this patch.

Greg, is that the case?

Regards,
Peter Hurley

Also add my Ack to the patch:
>

Acked-by: Gustavo Padovan <gustavo.padovan@xxxxxxxxxxxxxxx>

Gustavo

Copy of the Gianluca's patch with my comments

--- %< ---

Please put a proper commit message here, including that this is
a regression and the commit id that caused the regression so this patch
can eventually make its way to stable.

> diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c
> index 121aeb9..2198f7d 100644
> --- a/drivers/tty/tty_port.c
> +++ b/drivers/tty/tty_port.c
> @@ -256,8 +256,9 @@ void tty_port_tty_hangup(struct tty_port *port, bool check_clocal)
> {
> struct tty_struct *tty = tty_port_tty_get(port);
>
> - if (tty && (!check_clocal || !C_CLOCAL(tty))) {
> - tty_hangup(tty);
> + if (tty) {
> + if (!check_clocal || !C_CLOCAL(tty))
> + tty_hangup(tty);
> tty_kref_put(tty);
> }
> }

tty_kref_put() already checks for NULL tty. I would prefer:

{
struct tty_struct *tty = tty_port_tty_get(port);

if (tty && (!check_clocal || !C_CLOCAL(tty)))
tty_hangup(tty);
tty_kref_put(tty);
}

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ben Hutchings: "[22/85] ASoC: wm8962: Remove remaining direct register cache accesses"
Previous message: Ben Hutchings: "[37/85] [SCSI] mpt2sas: fix firmware failure with wrong taskattribute"
Next in thread: Greg KH: "Re: [PATCH] Fix refcount leak in tty_port.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]