| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1455219152-10254-1-git-send-email-matwey@sai.msu.ru>
Date: Thu, 11 Feb 2016 22:32:32 +0300
From: "Matwey V. Kornilov" <matwey@....msu.ru>
To: gregkh@...uxfoundation.org, jslaby@...e.com,
peter@...leysoftware.com, andy.shevchenko@...il.com,
gnomes@...rguk.ukuu.org.uk
Cc: "Matwey V. Kornilov" <matwey@....msu.ru>,
linux-kernel@...r.kernel.org, linux-serial@...r.kernel.org
Subject: [PATCH v1] tty: serial: 8250: Fix possible race in serial8250_em485_destroy()
Fix possbile race in serial8250_em485_destroy() when timer handlers can
dereference p->em485 which is alread destroyed but not yet NULLed.
Signed-off-by: Matwey V. Kornilov <matwey@....msu.ru>
---
I've found that Greg applied initial patchset, so this erratum goes as separate patch.
drivers/tty/serial/8250/8250_port.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index c908b77..d962de2 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -617,14 +617,16 @@ EXPORT_SYMBOL_GPL(serial8250_em485_init);
*/
void serial8250_em485_destroy(struct uart_8250_port *p)
{
- if (p->em485 == NULL)
+ struct uart_8250_em485 *em485 = p->em485;
+
+ if (!em485)
return;
- del_timer(&p->em485->start_tx_timer);
- del_timer(&p->em485->stop_tx_timer);
+ del_timer(&em485->start_tx_timer);
+ del_timer(&em485->stop_tx_timer);
- kfree(p->em485);
p->em485 = NULL;
+ kfree(em485);
}
EXPORT_SYMBOL_GPL(serial8250_em485_destroy);
--
2.7.0
Powered by blists - more mailing lists