From: Ilya Zykov <ilya@ilyx.ru>
To: Peter Hurley <peter@hurleysoftware.com>
Cc: Alan Cox <alan@linux.intel.com>, Jiri Slaby <jslaby@suse.cz>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-serial@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH -next 0/9] tty: Fix buffer work access-after-free
Date: Tue, 04 Dec 2012 11:40:10 +0400 [thread overview]
Message-ID: <50BDA8DA.7070109@ilyx.ru> (raw)
In-Reply-To: <1354604865-10278-1-git-send-email-peter@hurleysoftware.com>
On 04.12.2012 11:07, Peter Hurley wrote:
> This patch series addresses the causes of flush_to_ldisc accessing
> the tty after freeing.
>
I think, it is have sense only if you can take effect,
with this patch or something like. I can't. :)
Signed-off-by: Ilya Zykov <ilya@ilyx.ru>
---
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index 2ea176b..f24751d 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -170,6 +170,10 @@ struct tty_struct *alloc_tty_struct(void)
return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
}
+static void flush_to_ldisc2(struct work_struct *work)
+{
+ printk(KERN_WARNING "Possible intrusion detected.\n");
+}
/**
* free_tty_struct - free a disused tty
* @tty: tty struct to free
@@ -188,6 +192,8 @@ void free_tty_struct(struct tty_struct *tty)
kfree(tty->write_buf);
tty_buffer_free_all(tty);
tty->magic = 0xDEADDEAD;
+ PREPARE_WORK(&tty->buf.work,flush_to_ldisc2);
+ //memset(tty, 0, sizeof(struct tty_struct));
kfree(tty);
}
next prev parent reply other threads:[~2012-12-04 7:40 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-04 7:07 [PATCH -next 0/9] tty: Fix buffer work access-after-free Peter Hurley
2012-12-04 7:07 ` [PATCH -next 1/9] tty: WARN if buffer work racing with tty free Peter Hurley
2012-12-04 7:07 ` [PATCH -next 2/9] tty: Add diagnostic for halted line discipline Peter Hurley
2012-12-04 7:07 ` [PATCH -next 3/9] tty: Don't reschedule buffer work while closing Peter Hurley
2012-12-04 7:07 ` [PATCH -next 4/9] tty: Refactor wait for ldisc refs out of tty_ldisc_hangup() Peter Hurley
2012-12-04 7:07 ` [PATCH -next 5/9] tty: Remove unnecessary re-test of ldisc ref count Peter Hurley
2012-12-04 7:07 ` [PATCH -next 6/9] tty: Fix ldisc halt sequence on hangup Peter Hurley
2012-12-04 7:07 ` [PATCH -next 7/9] tty: Strengthen no-subsequent-use guarantee of tty_ldisc_halt() Peter Hurley
2012-12-04 7:07 ` [PATCH -next 8/9] tty: Remove unnecessary buffer work flush Peter Hurley
2012-12-04 7:07 ` [PATCH -next 9/9] tty: Halt both ldiscs concurrently Peter Hurley
2012-12-04 7:40 ` Ilya Zykov [this message]
2012-12-04 8:54 ` [PATCH -next 0/9] tty: Fix buffer work access-after-free Alan Cox
2012-12-04 13:58 ` Peter Hurley
2012-12-04 14:30 ` Alan Cox
2012-12-04 9:38 ` Jiri Slaby
2012-12-07 0:57 ` Peter Hurley
2012-12-10 19:00 ` Ilya Zykov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50BDA8DA.7070109@ilyx.ru \
--to=ilya@ilyx.ru \
--cc=alan@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-serial@vger.kernel.org \
--cc=peter@hurleysoftware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox