2013-07-25 05:26:42

by Gianluca Anzolin

[permalink] [raw]
Subject: [PATCH] tty_port: Fix refcounting leak in tty_port_tty_hangup()

The function tty_port_tty_hangup() could leak a reference to the tty_struct:

struct tty_struct *tty = tty_port_tty_get(port);

if (tty && (!check_clocal || !C_CLOCAL(tty))) {
tty_hangup(tty);
tty_kref_put(tty);
}

If tty != NULL and the second condition is false we never call tty_kref_put and
the reference is leaked.

Fix by always calling tty_kref_put() which accepts a NULL argument.

The patch fixes a regression introduced by commit aa27a094.

Acked-by: Gustavo Padovan <[email protected]>
Signed-off-by: Gianluca Anzolin <[email protected]>
---
drivers/tty/tty_port.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c
index 121aeb9..f597e88 100644
--- a/drivers/tty/tty_port.c
+++ b/drivers/tty/tty_port.c
@@ -256,10 +256,9 @@ void tty_port_tty_hangup(struct tty_port *port, bool check_clocal)
{
struct tty_struct *tty = tty_port_tty_get(port);

- if (tty && (!check_clocal || !C_CLOCAL(tty))) {
+ if (tty && (!check_clocal || !C_CLOCAL(tty)))
tty_hangup(tty);
- tty_kref_put(tty);
- }
+ tty_kref_put(tty);
}
EXPORT_SYMBOL_GPL(tty_port_tty_hangup);

--
1.8.3.3


2013-07-25 06:26:51

by Jiri Slaby

[permalink] [raw]
Subject: Re: [PATCH] tty_port: Fix refcounting leak in tty_port_tty_hangup()

On 07/25/2013 07:26 AM, Gianluca Anzolin wrote:
> The function tty_port_tty_hangup() could leak a reference to the tty_struct:
>
> struct tty_struct *tty = tty_port_tty_get(port);
>
> if (tty && (!check_clocal || !C_CLOCAL(tty))) {
> tty_hangup(tty);
> tty_kref_put(tty);
> }
>
> If tty != NULL and the second condition is false we never call tty_kref_put and
> the reference is leaked.
>
> Fix by always calling tty_kref_put() which accepts a NULL argument.
>
> The patch fixes a regression introduced by commit aa27a094.
>
> Acked-by: Gustavo Padovan <[email protected]>
> Signed-off-by: Gianluca Anzolin <[email protected]>

Acked-by: Jiri Slaby <[email protected]>

Thanks for the fix.

> ---
> drivers/tty/tty_port.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c
> index 121aeb9..f597e88 100644
> --- a/drivers/tty/tty_port.c
> +++ b/drivers/tty/tty_port.c
> @@ -256,10 +256,9 @@ void tty_port_tty_hangup(struct tty_port *port, bool check_clocal)
> {
> struct tty_struct *tty = tty_port_tty_get(port);
>
> - if (tty && (!check_clocal || !C_CLOCAL(tty))) {
> + if (tty && (!check_clocal || !C_CLOCAL(tty)))
> tty_hangup(tty);
> - tty_kref_put(tty);
> - }
> + tty_kref_put(tty);
> }
> EXPORT_SYMBOL_GPL(tty_port_tty_hangup);
>
>


--
js
suse labs

2013-07-25 08:15:11

by Gianluca Anzolin

[permalink] [raw]
Subject: Re: [PATCH] tty_port: Fix refcounting leak in tty_port_tty_hangup()

On Thu, Jul 25, 2013 at 08:26:45AM +0200, Jiri Slaby wrote:
> On 07/25/2013 07:26 AM, Gianluca Anzolin wrote:
> > The function tty_port_tty_hangup() could leak a reference to the tty_struct:
> >
> > struct tty_struct *tty = tty_port_tty_get(port);
> >
> > if (tty && (!check_clocal || !C_CLOCAL(tty))) {
> > tty_hangup(tty);
> > tty_kref_put(tty);
> > }
> >
> > If tty != NULL and the second condition is false we never call tty_kref_put and
> > the reference is leaked.
> >
> > Fix by always calling tty_kref_put() which accepts a NULL argument.
> >
> > The patch fixes a regression introduced by commit aa27a094.
> >
> > Acked-by: Gustavo Padovan <[email protected]>
> > Signed-off-by: Gianluca Anzolin <[email protected]>
>
> Acked-by: Jiri Slaby <[email protected]>
>
> Thanks for the fix.
>

Hi,

I sent this morning a newer fix changed following the instructions of Peter
Hurley. Could you apply that fix instead?

Thank you,

Gianluca

2013-07-25 08:31:00

by Gianluca Anzolin

[permalink] [raw]
Subject: Re: [PATCH] tty_port: Fix refcounting leak in tty_port_tty_hangup()

On Thu, Jul 25, 2013 at 10:14:36AM +0200, Gianluca Anzolin wrote:
> On Thu, Jul 25, 2013 at 08:26:45AM +0200, Jiri Slaby wrote:
> > On 07/25/2013 07:26 AM, Gianluca Anzolin wrote:
> > > The function tty_port_tty_hangup() could leak a reference to the tty_struct:
> > >
> > > struct tty_struct *tty = tty_port_tty_get(port);
> > >
> > > if (tty && (!check_clocal || !C_CLOCAL(tty))) {
> > > tty_hangup(tty);
> > > tty_kref_put(tty);
> > > }
> > >
> > > If tty != NULL and the second condition is false we never call tty_kref_put and
> > > the reference is leaked.
> > >
> > > Fix by always calling tty_kref_put() which accepts a NULL argument.
> > >
> > > The patch fixes a regression introduced by commit aa27a094.
> > >
> > > Acked-by: Gustavo Padovan <[email protected]>
> > > Signed-off-by: Gianluca Anzolin <[email protected]>
> >
> > Acked-by: Jiri Slaby <[email protected]>
> >
> > Thanks for the fix.
> >
>
> Hi,
>
> I sent this morning a newer fix changed following the instructions of Peter
> Hurley. Could you apply that fix instead?
>
> Thank you,
>
> Gianluca

Disregard that, that one was the right fix.

Thanks,
Gianluca