| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 May 2011 16:44:29 +0200 From: Jiri Olsa <jolsa@...hat.com> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: Alan Cox <alan@...ux.intel.com>, Frederic Weisbecker <fweisbec@...il.com>, Kay Sievers <kay.sievers@...y.org>, Greg Kroah-Hartman <gregkh@...e.de>, Arnd Bergmann <arnd@...db.de>, LKML <linux-kernel@...r.kernel.org> Subject: Re: BUG: NULL pointer deref in tty port / uart On Wed, May 18, 2011 at 03:36:36PM +0100, Alan Cox wrote: > > have the same issue.. looks like we should not NULL the port->tty > > if there's blocked open, but not sure what's exactly the logic > > behind "port's block_open and count" .. > > A pending open is not a user of the tty as far as the rest of the stack > is concerned. I also don't see why clearing port->tty is causing this > crash because nothing on that path should ever be going via port->tty and > it isn't safe to do so. > > > attached patch fixes it for me > > But still breaks on hangup where we can't do that. > > Where is port->tty getting misused to cause the crash, that is the bit > I'm missing somewhere. I think it's the uart_update_termios in uart_dtr_rts (drivers/tty/serial/serial_core.c) called path: tty_port_block_til_ready tty_port_raise_dtr_rts uart_dtr_rts uart_update_termios jirka -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists