| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Aug 2014 12:25:44 +0400
From: Cyrill Gorcunov <gorcunov@...il.com>
To: LKML <linux-kernel@...r.kernel.org>, Jiri Slaby <jslaby@...e.cz>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Pavel Emelyanov <xemul@...allels.com>
Subject: Question on release_one_tty
Hi guys, could you please explain me the sequence
static void release_one_tty(struct work_struct *work)
{
struct tty_struct *tty =
container_of(work, struct tty_struct, hangup_work);
struct tty_driver *driver = tty->driver;
if (tty->ops->cleanup)
tty->ops->cleanup(tty);
tty->magic = 0;
--> tty_driver_kref_put(driver);
--> module_put(driver->owner);
why tty_driver_kref_put is called before module_put? As far as I understand
tty_driver_kref_put may call the destruct_tty_driver which eventually does
static void destruct_tty_driver(struct kref *kref)
{
struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
...
kfree(driver->cdevs);
kfree(driver->ports);
kfree(driver->termios);
kfree(driver->ttys);
--> kfree(driver);
}
so that the module_put(driver->owner) would access freed memory. Should not we
call the reverse module_put and then tty_driver_kref_put, or I miss something
obvious?
Cyrill
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists