On Thu, Aug 07, 2014 at 01:05:28PM +0400, Pavel Emelyanov wrote:
> >
> > So how this code supposed to work then? I mean tty_driver_kref_put must
> > never call
> > for destruct_tty_driver, otherwise we're accessing freed memory.
>
> mod = driver->owner;
> tty_driver_kref_put(driver);
> module_put(mod);
>
> Check the upstream whether the same issue exists there.
Same in tty.git
static void release_one_tty(struct work_struct *work)
{
struct tty_struct *tty =
container_of(work, struct tty_struct, hangup_work);
struct tty_driver *driver = tty->driver;
if (tty->ops->cleanup)
tty->ops->cleanup(tty);
tty->magic = 0;
tty_driver_kref_put(driver);
module_put(driver->owner);
spin_lock(&tty_files_lock);
list_del_init(&tty->tty_files);
spin_unlock(&tty_files_lock);
put_pid(tty->pgrp);
put_pid(tty->session);
free_tty_struct(tty);
}
so I think yes, the fix is needed. I'll prepare the patch
and test/post for review.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
