Re: [PATCH] USB: cdc-acm: fix possible null pointer inacm_tty_hangup
From: Alan Cox
Date: Tue Aug 09 2011 - 05:40:13 EST
On Mon, 8 Aug 2011 15:38:20 -0700
Vincent Palatin <vpalatin@xxxxxxxxxxxx> wrote:
> Sometimes, acm_tty_hangup and acm_tty_close are called concurrently.
> This results in acm pointer being null in acm_tty_hangup and panics when
> it is dereferenced.
This is definitely not the way to attack the problem.
The tty port hangup and close logic will do all the needed locking and do
it right. The big problem here is touching tty->driver_data. If you have
a block of memory that is tied to the tty object lifetime it needs to get
destroyed when the tty object is destroyed not as close/hangup or you
still leave races.
Take a look at
and in particular for port internal sychronization of open/close/hangup
once only events at
and for a tty lifetime object
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/