Re: [PATCH] Fix refcount leak in tty_port.c

From: Gianluca Anzolin
Date: Fri Jul 12 2013 - 05:47:47 EST


Hello,

I'm sorry to bother you again, I'm just pinging to see if you received the
patch or if it got lost in the noise. It fixes a regression introduced in git
commit aa27a094e2c2e

I have another patch for rfcomm tty waiting for this fix to get applied.

Thank you,

Gianluca

On Tue, Jul 09, 2013 at 10:35:35AM +0200, Gianluca Anzolin wrote:
> Hello,
>
> In linux 3.10 in the file drivers/tty/tty_port.c the function
> tty_port_tty_hangup may leak a tty reference:
>
> struct tty_struct *tty = tty_port_tty_get(port);
>
> if (tty && (!check_clocal || !C_CLOCAL(tty))) {
> tty_hangup(tty);
> tty_kref_put(tty);
> }
>
> If tty != NULL and the second condition is false we never call tty_kref_put and
> the reference is leaked.
>
> Fix by nesting two if statements.
>
> Signed-off-by: Gianluca Anzolin <gianluca@xxxxxxxxxxxxxx>

> diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c
> index 121aeb9..2198f7d 100644
> --- a/drivers/tty/tty_port.c
> +++ b/drivers/tty/tty_port.c
> @@ -256,8 +256,9 @@ void tty_port_tty_hangup(struct tty_port *port, bool check_clocal)
> {
> struct tty_struct *tty = tty_port_tty_get(port);
>
> - if (tty && (!check_clocal || !C_CLOCAL(tty))) {
> - tty_hangup(tty);
> + if (tty) {
> + if (!check_clocal || !C_CLOCAL(tty))
> + tty_hangup(tty);
> tty_kref_put(tty);
> }
> }

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/