From: Matthias Reichl <h...@horus.com>

commit 4466d6d2f80c1193e0845d110277c56da77a6418 upstream.

Commit 2ae0b31e0face ("tty: don't crash in tty_init_dev when missing
tty_port") didn't fully prevent the crash as the cleanup path in
tty_init_dev() calls release_tty() which dereferences tty->port
without checking it for non-null.

Add tty->port checks to release_tty to avoid the kernel crash.

Fixes: 2ae0b31e0face ("tty: don't crash in tty_init_dev when missing tty_port")
Signed-off-by: Matthias Reichl <h...@horus.com>
Link: https://lore.kernel.org/r/20201105123432.4448-1-h...@horus.com
Cc: stable <sta...@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>

---
 drivers/tty/tty_io.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -1514,10 +1514,12 @@ static void release_tty(struct tty_struc
                tty->ops->shutdown(tty);
        tty_save_termios(tty);
        tty_driver_remove_tty(tty->driver, tty);
-       tty->port->itty = NULL;
+       if (tty->port)
+               tty->port->itty = NULL;
        if (tty->link)
                tty->link->port->itty = NULL;
-       tty_buffer_cancel_work(tty->port);
+       if (tty->port)
+               tty_buffer_cancel_work(tty->port);
        if (tty->link)
                tty_buffer_cancel_work(tty->link->port);
 


Reply via email to