Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753201AbdDGEM1 (ORCPT ); Fri, 7 Apr 2017 00:12:27 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:35782 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752753AbdDGEMT (ORCPT ); Fri, 7 Apr 2017 00:12:19 -0400 Date: Fri, 7 Apr 2017 05:12:05 +0100 From: Al Viro To: Michael Neuling Cc: greg@kroah.com, johan Hovold , Peter Hurley , Alexander Popov , Rob Herring , Mikulas Patocka , Dmitry Vyukov , benh , LKML , Wang YanQing , Jiri Slaby Subject: Re: [PATCH] tty: Fix crash with flush_to_ldisc() Message-ID: <20170407041205.GY29622@ZenIV.linux.org.uk> References: <20170407035053.3068-1-mikey@neuling.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170407035053.3068-1-mikey@neuling.org> User-Agent: Mutt/1.7.1 (2016-10-04) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1031 Lines: 26 On Fri, Apr 07, 2017 at 01:50:53PM +1000, Michael Neuling wrote: > diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c > index bdf0e6e899..a2a9832a42 100644 > --- a/drivers/tty/n_tty.c > +++ b/drivers/tty/n_tty.c > @@ -1668,11 +1668,17 @@ static int > n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp, > char *fp, int count, int flow) > { > - struct n_tty_data *ldata = tty->disc_data; > + struct n_tty_data *ldata; > int room, n, rcvd = 0, overflow; > > down_read(&tty->termios_rwsem); > > + ldata = tty->disc_data; > + if (!ldata) { > + up_read(&tty->termios_rwsem); I very much doubt that it's correct. It shouldn't have been called after the n_tty_close(); apparently it has been. ->termios_rwsem won't serialize against it, and something apparently has gone wrong with the exclusion there. At the very least I would like to see what's to prevent n_tty_close() from overlapping the exection of this function - if *that* is what broke, your patch will only paper over the problem.