tty: Fix ldisc leak in failed tty_init_dev()
authorPeter Hurley <peter@hurleysoftware.com>
Sun, 10 Jan 2016 05:13:46 +0000 (21:13 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 27 Jan 2016 22:28:20 +0000 (14:28 -0800)
release_tty() leaks the ldisc instance when called directly (rather
than when releasing the file descriptor from tty_release()).

Since tty_ldisc_release() clears tty->ldisc, releasing the ldisc
instance at tty teardown if tty->ldisc is non-null is not in danger
of double-releasing the ldisc.

Remove deinitialize_tty_struct() now that free_tty_struct() always
performs the tty_ldisc_deinit().

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/tty/pty.c
drivers/tty/tty_io.c
drivers/tty/tty_ldisc.c
include/linux/tty.h

index b3110040164ae64fa29e66fae2d7f5bd4d7d139f..8cbe802bff1df50dcae99674914b925ef5495a34 100644 (file)
@@ -408,7 +408,7 @@ static int pty_common_install(struct tty_driver *driver, struct tty_struct *tty,
                   the easy way .. */
                retval = tty_init_termios(tty);
                if (retval)
-                       goto err_deinit_tty;
+                       goto err_free_tty;
 
                retval = tty_init_termios(o_tty);
                if (retval)
@@ -447,8 +447,7 @@ static int pty_common_install(struct tty_driver *driver, struct tty_struct *tty,
 err_free_termios:
        if (legacy)
                tty_free_termios(tty);
-err_deinit_tty:
-       deinitialize_tty_struct(o_tty);
+err_free_tty:
        free_tty_struct(o_tty);
 err_put_module:
        module_put(driver->other->owner);
index 5cec01c75691a6b7ee58ea65346c05572db1bab1..c9f2365167df459e4450471fb5874dfd24a6f06e 100644 (file)
@@ -172,6 +172,7 @@ void free_tty_struct(struct tty_struct *tty)
 {
        if (!tty)
                return;
+       tty_ldisc_deinit(tty);
        put_device(tty->dev);
        kfree(tty->write_buf);
        tty->magic = 0xDEADDEAD;
@@ -1529,7 +1530,7 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
        tty_lock(tty);
        retval = tty_driver_install_tty(driver, tty);
        if (retval < 0)
-               goto err_deinit_tty;
+               goto err_free_tty;
 
        if (!tty->port)
                tty->port = driver->ports[idx];
@@ -1551,9 +1552,8 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
        /* Return the tty locked so that it cannot vanish under the caller */
        return tty;
 
-err_deinit_tty:
+err_free_tty:
        tty_unlock(tty);
-       deinitialize_tty_struct(tty);
        free_tty_struct(tty);
 err_module_put:
        module_put(driver->owner);
@@ -3162,20 +3162,6 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
        return tty;
 }
 
-/**
- *     deinitialize_tty_struct
- *     @tty: tty to deinitialize
- *
- *     This subroutine deinitializes a tty structure that has been newly
- *     allocated but tty_release cannot be called on that yet.
- *
- *     Locking: none - tty in question must not be exposed at this point
- */
-void deinitialize_tty_struct(struct tty_struct *tty)
-{
-       tty_ldisc_deinit(tty);
-}
-
 /**
  *     tty_put_char    -       write one character to a tty
  *     @tty: tty
index a054d03c22e7b7376824927ce577d46644b01f16..49f0cea1e538abefcfc29ba875f2ae1d259b939b 100644 (file)
@@ -797,7 +797,7 @@ void tty_ldisc_init(struct tty_struct *tty)
 }
 
 /**
- *     tty_ldisc_init          -       ldisc cleanup for new tty
+ *     tty_ldisc_deinit        -       ldisc cleanup for new tty
  *     @tty: tty that was allocated recently
  *
  *     The tty structure must not becompletely set up (tty_ldisc_setup) when
@@ -805,7 +805,8 @@ void tty_ldisc_init(struct tty_struct *tty)
  */
 void tty_ldisc_deinit(struct tty_struct *tty)
 {
-       tty_ldisc_put(tty->ldisc);
+       if (tty->ldisc)
+               tty_ldisc_put(tty->ldisc);
        tty->ldisc = NULL;
 }
 
index d9fb4b043f56dd45b406d3b68c59da3c860c1f43..64e301dbf7b9158475953db622bdf9237e2dea79 100644 (file)
@@ -509,7 +509,6 @@ extern int tty_alloc_file(struct file *file);
 extern void tty_add_file(struct tty_struct *tty, struct file *file);
 extern void tty_free_file(struct file *file);
 extern void free_tty_struct(struct tty_struct *tty);
-extern void deinitialize_tty_struct(struct tty_struct *tty);
 extern struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx);
 extern int tty_release(struct inode *inode, struct file *filp);
 extern int tty_init_termios(struct tty_struct *tty);