| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Aug 2014 13:18:12 +0400
From: Cyrill Gorcunov <gorcunov@...il.com>
To: Pavel Emelyanov <xemul@...allels.com>
Cc: LKML <linux-kernel@...r.kernel.org>, Jiri Slaby <jslaby@...e.cz>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: Question on release_one_tty
On Thu, Aug 07, 2014 at 01:05:28PM +0400, Pavel Emelyanov wrote:
> >
> > So how this code supposed to work then? I mean tty_driver_kref_put must never call
> > for destruct_tty_driver, otherwise we're accessing freed memory.
>
> mod = driver->owner;
> tty_driver_kref_put(driver);
> module_put(mod);
>
> Check the upstream whether the same issue exists there.
Same in tty.git
static void release_one_tty(struct work_struct *work)
{
struct tty_struct *tty =
container_of(work, struct tty_struct, hangup_work);
struct tty_driver *driver = tty->driver;
if (tty->ops->cleanup)
tty->ops->cleanup(tty);
tty->magic = 0;
tty_driver_kref_put(driver);
module_put(driver->owner);
spin_lock(&tty_files_lock);
list_del_init(&tty->tty_files);
spin_unlock(&tty_files_lock);
put_pid(tty->pgrp);
put_pid(tty->session);
free_tty_struct(tty);
}
so I think yes, the fix is needed. I'll prepare the patch
and test/post for review.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists