redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers
History
Peter Hurley 7acf6cd80b pty: Fix BUG()s when ptmx_open() errors out 
If pmtx_open() fails to get a slave inode or fails the pty_open(),
the tty is released as part of the error cleanup. As evidenced by the
first BUG stacktrace below, pty_close() assumes that the linked pty has
a valid, initialized inode* stored in driver_data.

Also, as evidenced by the second BUG stacktrace below, pty_unix98_shutdown()
assumes that the master pty's driver_data has been initialized.

1) Fix the invalid assumption in pty_close().
2) Initialize driver_data immediately so proper devpts fs cleanup occurs.

Fixes this BUG:

[  815.868844] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
[  815.869018] IP: [<ffffffff81207bcc>] devpts_pty_kill+0x1c/0xa0
[  815.869190] PGD 7c775067 PUD 79deb067 PMD 0
[  815.869315] Oops: 0000 [#1] PREEMPT SMP
[  815.869443] Modules linked in: kvm_intel kvm snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi microcode snd_rawmidi psmouse serio_raw snd_seq_midi_event snd_seq snd_timer$
[  815.870025] CPU 0
[  815.870143] Pid: 27819, comm: stress_test_tty Tainted: G        W    3.8.0-next-20130125+ttypatch-2-xeon #2 Bochs Bochs
[  815.870386] RIP: 0010:[<ffffffff81207bcc>]  [<ffffffff81207bcc>] devpts_pty_kill+0x1c/0xa0
[  815.870540] RSP: 0018:ffff88007d3e1ac8  EFLAGS: 00010282
[  815.870661] RAX: ffff880079c20800 RBX: 0000000000000000 RCX: 0000000000000000
[  815.870804] RDX: ffff880079c209a8 RSI: 0000000000000286 RDI: 0000000000000000
[  815.870933] RBP: ffff88007d3e1ae8 R08: 0000000000000000 R09: 0000000000000000
[  815.871078] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88007bfb7e00
[  815.871209] R13: 0000000000000005 R14: ffff880079c20c00 R15: ffff880079c20c00
[  815.871343] FS:  00007f2e86206700(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
[  815.871495] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  815.871617] CR2: 0000000000000028 CR3: 000000007ae56000 CR4: 00000000000006f0
[  815.871752] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  815.871902] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  815.872012] Process stress_test_tty (pid: 27819, threadinfo ffff88007d3e0000, task ffff88007c874530)
[  815.872012] Stack:
[  815.872012]  ffff88007bfb7e00 ffff880079c20c00 ffff88007bfb7e00 0000000000000005
[  815.872012]  ffff88007d3e1b08 ffffffff81417be7 ffff88007caa9bd8 ffff880079c20800
[  815.872012]  ffff88007d3e1bc8 ffffffff8140e5f8 0000000000000000 0000000000000000
[  815.872012] Call Trace:
[  815.872012]  [<ffffffff81417be7>] pty_close+0x157/0x170
[  815.872012]  [<ffffffff8140e5f8>] tty_release+0x138/0x580
[  815.872012]  [<ffffffff816d29f3>] ? _raw_spin_lock+0x23/0x30
[  815.872012]  [<ffffffff816d267a>] ? _raw_spin_unlock+0x1a/0x40
[  815.872012]  [<ffffffff816d0178>] ? __mutex_unlock_slowpath+0x48/0x60
[  815.872012]  [<ffffffff81417dff>] ptmx_open+0x11f/0x180
[  815.872012]  [<ffffffff8119394b>] chrdev_open+0x9b/0x1c0
[  815.872012]  [<ffffffff8118d643>] do_dentry_open+0x203/0x290
[  815.872012]  [<ffffffff811938b0>] ? cdev_put+0x30/0x30
[  815.872012]  [<ffffffff8118d705>] finish_open+0x35/0x50
[  815.872012]  [<ffffffff8119dcce>] do_last+0x6fe/0xe90
[  815.872012]  [<ffffffff8119a7af>] ? link_path_walk+0x7f/0x880
[  815.872012]  [<ffffffff810909d5>] ? cpuacct_charge+0x75/0x80
[  815.872012]  [<ffffffff8119e51c>] path_openat+0xbc/0x4e0
[  815.872012]  [<ffffffff816d0fd0>] ? __schedule+0x400/0x7f0
[  815.872012]  [<ffffffff8140e956>] ? tty_release+0x496/0x580
[  815.872012]  [<ffffffff8119ec11>] do_filp_open+0x41/0xa0
[  815.872012]  [<ffffffff816d267a>] ? _raw_spin_unlock+0x1a/0x40
[  815.872012]  [<ffffffff811abe39>] ? __alloc_fd+0xe9/0x140
[  815.872012]  [<ffffffff8118ea44>] do_sys_open+0xf4/0x1e0
[  815.872012]  [<ffffffff8118eb51>] sys_open+0x21/0x30
[  815.872012]  [<ffffffff816da499>] system_call_fastpath+0x16/0x1b
[  815.872012] Code: 0f 1f 80 00 00 00 00 45 31 e4 eb d7 0f 0b 90 0f 1f 44 00 00 55 48 89 e5 48 83 ec 20 48 89 5d e8 48 89 fb 4c 89 65 f0 4c 89 6d f8 <48> 8b 47 28 48 81 78 58 d1 1c 0$
[  815.872012] RIP  [<ffffffff81207bcc>] devpts_pty_kill+0x1c/0xa0
[  815.872012]  RSP <ffff88007d3e1ac8>
[  815.872012] CR2: 0000000000000028
[  815.897036] ---[ end trace eadf50b7f34e47d5 ]---

Fixes this BUG also:

[  608.366836] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
[  608.366948] IP: [<ffffffff812078d8>] devpts_kill_index+0x18/0x70
[  608.367050] PGD 7c75b067 PUD 7b919067 PMD 0
[  608.367135] Oops: 0000 [#1] PREEMPT SMP
[  608.367201] Modules linked in: kvm_intel kvm snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event microcode snd_seq psmouse snd_timer snd_seq_device serio_raw snd mac_hid soundcore snd_page_alloc rfcomm virtio_balloon parport_pc bnep bluetooth ppdev i2c_piix4 lp parport floppy
[  608.367617] CPU 2
[  608.367669] Pid: 1918, comm: stress_test_tty Tainted: G        W    3.8.0-next-20130125+ttypatch-2-xeon #2 Bochs Bochs
[  608.367796] RIP: 0010:[<ffffffff812078d8>]  [<ffffffff812078d8>] devpts_kill_index+0x18/0x70
[  608.367885] RSP: 0018:ffff88007ae41a88  EFLAGS: 00010286
[  608.367951] RAX: ffffffff81417e80 RBX: ffff880036472400 RCX: 0000000180400028
[  608.368010] RDX: ffff880036470004 RSI: 0000000000000004 RDI: 0000000000000000
[  608.368010] RBP: ffff88007ae41a98 R08: 0000000000000000 R09: 0000000000000001
[  608.368010] R10: ffffea0001f22e40 R11: ffffffff814151d5 R12: 0000000000000004
[  608.368010] R13: ffff880036470000 R14: 0000000000000004 R15: ffff880036472400
[  608.368010] FS:  00007ff7a5268700(0000) GS:ffff88007fd00000(0000) knlGS:0000000000000000
[  608.368010] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  608.368010] CR2: 0000000000000028 CR3: 000000007a0fd000 CR4: 00000000000006e0
[  608.368010] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  608.368010] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  608.368010] Process stress_test_tty (pid: 1918, threadinfo ffff88007ae40000, task ffff88003688dc40)
[  608.368010] Stack:
[  608.368010]  ffff880036472400 0000000000000001 ffff88007ae41aa8 ffffffff81417e98
[  608.368010]  ffff88007ae41ac8 ffffffff8140c42b ffff88007ac73100 ffff88007ac73100
[  608.368010]  ffff88007ae41b98 ffffffff8140ead5 ffff88007ae41b38 ffff88007ca40e40
[  608.368010] Call Trace:
[  608.368010]  [<ffffffff81417e98>] pty_unix98_shutdown+0x18/0x20
[  608.368010]  [<ffffffff8140c42b>] release_tty+0x3b/0xe0
[  608.368010]  [<ffffffff8140ead5>] __tty_release+0x575/0x5d0
[  608.368010]  [<ffffffff816d2c63>] ? _raw_spin_lock+0x23/0x30
[  608.368010]  [<ffffffff816d28ea>] ? _raw_spin_unlock+0x1a/0x40
[  608.368010]  [<ffffffff816d03e8>] ? __mutex_unlock_slowpath+0x48/0x60
[  608.368010]  [<ffffffff8140ef79>] tty_open+0x449/0x5f0
[  608.368010]  [<ffffffff8119394b>] chrdev_open+0x9b/0x1c0
[  608.368010]  [<ffffffff8118d643>] do_dentry_open+0x203/0x290
[  608.368010]  [<ffffffff811938b0>] ? cdev_put+0x30/0x30
[  608.368010]  [<ffffffff8118d705>] finish_open+0x35/0x50
[  608.368010]  [<ffffffff8119dcce>] do_last+0x6fe/0xe90
[  608.368010]  [<ffffffff8119a7af>] ? link_path_walk+0x7f/0x880
[  608.368010]  [<ffffffff8119e51c>] path_openat+0xbc/0x4e0
[  608.368010]  [<ffffffff8119ec11>] do_filp_open+0x41/0xa0
[  608.368010]  [<ffffffff816d28ea>] ? _raw_spin_unlock+0x1a/0x40
[  608.368010]  [<ffffffff811abe39>] ? __alloc_fd+0xe9/0x140
[  608.368010]  [<ffffffff8118ea44>] do_sys_open+0xf4/0x1e0
[  608.368010]  [<ffffffff816d2c63>] ? _raw_spin_lock+0x23/0x30
[  608.368010]  [<ffffffff8118eb51>] sys_open+0x21/0x30
[  608.368010]  [<ffffffff816da719>] system_call_fastpath+0x16/0x1b
[  608.368010] Code: ec 48 83 c4 10 5b 41 5c 5d c3 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 48 83 ec 10 4c 89 65 f8 41 89 f4 48 89 5d f0 <48> 8b 47 28 48 81 78 58 d1 1c 00 00 74 0b 48 8b 05 4b 66 cf 00
[  608.368010] RIP  [<ffffffff812078d8>] devpts_kill_index+0x18/0x70
[  608.368010]  RSP <ffff88007ae41a88>
[  608.368010] CR2: 0000000000000028
[  608.394153] ---[ end trace afe83b0fb5fbda93 ]---

Reported-by: Ilya Zykov <ilya@ilyx.ru>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2013-02-04 15:40:28 -08:00
..
accessibility
acpi ACPI: Check MSR valid bit before using P-state frequencies 2013-01-22 13:37:21 +01:00
amba Drivers: amba: remove __dev* attributes. 2013-01-03 15:57:02 -08:00
ata [libata] replace sata_settings with devslp_timing 2013-01-14 13:29:15 -05:00
atm Drivers: atm: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
auxdisplay Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
base Merge remote-tracking branch 'regmap/fix/debugfs' into tmp 2013-01-24 19:04:16 +08:00
bcma Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-01-08 07:31:49 -08:00
block Various minor fixes, but a slightly more complex one to fix the per-cpu overload 2013-01-20 16:44:28 -08:00
bluetooth tty: Added a CONFIG_TTY option to allow removal of TTY 2013-01-18 16:15:27 -08:00
bus Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
cdrom Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
char TTY: synclink: Convert + to | for bit operations 2013-01-30 00:09:58 -05:00
clk mvebu fixes for v3.8-rc5 2013-01-23 20:30:52 -08:00
clocksource Drivers: clocksource: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
connector Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
cpufreq cpufreq: Add module aliases for acpi-cpufreq 2013-01-22 22:33:46 +01:00
cpuidle cpuidle: remove the power_specified field in the driver 2013-01-15 14:18:04 +01:00
crypto Drivers: crypto: remove __dev* attributes. 2013-01-03 15:57:02 -08:00
dca
devfreq PM / devfreq: exynos4_bus: honor RCU lock usage 2013-01-22 13:28:40 +01:00
dio
dma Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma 2013-01-24 10:17:49 -08:00
edac Two error path fixes causing a crash and a Kconfig fix for an issue 2013-01-09 08:43:56 -08:00
eisa
extcon extcon pull request targetting Linux 3.8 for Greg KH on 2012.11.22 2012-11-27 06:44:10 -08:00
firewire Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
firmware Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
gpio gpio: mvebu: Don't free chip label memory 2013-01-17 12:27:08 +01:00
gpu kgdb: remove #include <linux/serial_8250.h> from kgdb.h 2013-02-04 15:35:26 -08:00
hid Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
hsi Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
hv Drivers: hv: balloon: Fix a memory leak 2013-01-17 11:58:00 -08:00
hwmon hwmon: (vexpress) Fix build error seen if CONFIG_OF_DEVICE is not set 2013-01-09 21:47:22 -08:00
hwspinlock hwspinlock: remove use of __devexit 2012-11-28 11:41:36 -08:00
i2c Merge 3.8-rc5 into tty-next 2013-01-25 13:27:36 -08:00
ide Drivers: ide: remove __dev* attributes. 2013-01-03 15:57:03 -08:00
idle intel_idle: Don't register CPU notifier if we are not running. 2013-01-18 13:43:43 +01:00
iio Staging fixes for 3.8-rc3 2013-01-14 09:08:38 -08:00
infiniband Drivers: infinband: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
input tty: Added a CONFIG_TTY option to allow removal of TTY 2013-01-18 16:15:27 -08:00
iommu Drivers: iommu: remove __dev* attributes. 2013-01-03 15:57:14 -08:00
ipack tty: Added a CONFIG_TTY option to allow removal of TTY 2013-01-18 16:15:27 -08:00
irqchip ARM: arm-soc: Device-tree updates, take 2 2012-12-14 14:42:53 -08:00
isdn tty: Added a CONFIG_TTY option to allow removal of TTY 2013-01-18 16:15:27 -08:00
leds leds: leds-gpio: set devm_gpio_request_one() flags param correctly 2013-01-02 17:58:41 -08:00
lguest tty: Added a CONFIG_TTY option to allow removal of TTY 2013-01-18 16:15:27 -08:00
macintosh Drivers: macintosh: remove __dev* attributes. 2013-01-03 15:57:14 -08:00
md Miscellaneous device-mapper fixes, cleanups and performance improvements. 2012-12-21 17:08:06 -08:00
media Merge 3.8-rc5 into tty-next 2013-01-25 13:27:36 -08:00
memory Drivers: memory: remove __dev* attributes. 2013-01-03 15:57:14 -08:00
memstick
message Drivers: message: remove __dev* attributes. 2013-01-03 15:57:14 -08:00
mfd mfd: vexpress-sysreg: Don't skip initialization on probe 2013-01-24 12:19:23 +00:00
misc Merge 3.8-rc5 into tty-next 2013-01-25 13:27:36 -08:00
mmc Merge 3.8-rc5 into tty-next 2013-01-25 13:27:36 -08:00
mtd Drivers: mtd: remove __dev* attributes. 2013-01-03 15:57:03 -08:00
net Merge 3.8-rc5 into tty-next 2013-01-25 13:27:36 -08:00
nfc Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
nubus
of of: Fix export of of_find_matching_node_and_match() 2012-12-19 10:58:53 +00:00
oprofile
parisc Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
parport serial/8250: Add suport for later SUNIX (TIMEDIA) boards. 2013-01-30 00:08:22 -05:00
pci PCI updates for v3.8: 2013-01-22 16:36:23 -08:00
pcmcia ARM: arm-soc: Header cleanups 2012-12-12 11:45:16 -08:00
pinctrl ARM: arm-soc fixes for 3.8-rc 2013-01-08 18:53:56 -08:00
platform asus-laptop: Fix potential invalid pointer dereference 2013-01-07 12:33:48 -05:00
pnp PNP: Handle IORESOURCE_BITS in resource allocation 2013-01-03 13:10:53 +01:00
power ARM: arm-soc fixes for 3.8-rc 2013-01-08 18:53:56 -08:00
pps tty: Added a CONFIG_TTY option to allow removal of TTY 2013-01-18 16:15:27 -08:00
ps3 Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
ptp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-12-12 18:07:07 -08:00
pwm pwm: Changes for v3.8-rc1 2012-12-19 08:19:07 -08:00
rapidio Driver core updates for 3.8-rc1 2012-12-11 13:13:55 -08:00
regulator Merge remote-tracking branch 'regulator/fix/s5m8767' into tmp 2013-01-15 09:38:59 +09:00
remoteproc Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
rpmsg Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
rtc drivers/rtc/rtc-da9055.c: fix cross-section reference 2013-01-11 14:54:54 -08:00
s390 Merge 3.8-rc5 into tty-next 2013-01-25 13:27:36 -08:00
sbus Drivers: sbus: remove __dev* attributes. 2013-01-03 15:57:03 -08:00
scsi Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
sfi
sh sh: clkfwk: bugfix: sh_clk_div_enable() care sh_clk_div_set_rate() if div6 2013-01-11 20:57:58 +09:00
sn Drivers: misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
spi spi/sh-hspi: fix return value check in hspi_probe(). 2012-12-19 15:11:41 +00:00
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-01-08 07:31:49 -08:00
staging Merge 3.8-rc5 into tty-next 2013-01-25 13:27:36 -08:00
target iscsi-target: Fix CmdSN comparison (use cmd->cmd_sn instead of cmd->stat_sn) 2013-01-10 21:00:37 -08:00
tc
thermal Drivers: thermal: remove __dev* attributes. 2013-01-03 15:57:02 -08:00
tty pty: Fix BUG()s when ptmx_open() errors out 2013-02-04 15:40:28 -08:00
uio ARM: arm-soc: SoC updates for 3.8 2012-12-12 12:05:15 -08:00
usb Merge 3.8-rc5 into tty-next 2013-01-25 13:27:36 -08:00
uwb uwb: fix uwb_dev_unlock() missed at an error path in uwb_rc_cmd_async() 2012-11-26 15:58:43 -08:00
vfio vfio-pci: Fix buffer overfill 2013-01-15 10:45:26 -07:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2012-12-15 14:25:10 -08:00
video kgdb: remove #include <linux/serial_8250.h> from kgdb.h 2013-02-04 15:35:26 -08:00
virt Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-12-18 09:58:09 -08:00
virtio Drivers: virtio: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
vlynq Drivers: vlynq: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
vme
w1 Drivers: w1: remove last __devexit_p() instance 2013-01-03 15:57:01 -08:00
watchdog watchdog: twl4030_wdt: add DT support 2013-01-02 12:07:05 +01:00
xen Fixes: 2013-01-18 12:02:52 -08:00
zorro Drivers: zorro: remove CONFIG_HOTPLUG usage 2013-01-03 15:57:01 -08:00
Kconfig
Makefile