From: Peter Hurley Date: Sun, 10 Jan 2016 05:13:46 +0000 (-0800) Subject: tty: Fix ldisc leak in failed tty_init_dev() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=c8b710b3e4348119924051551b836c94835331b1;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git tty: Fix ldisc leak in failed tty_init_dev() release_tty() leaks the ldisc instance when called directly (rather than when releasing the file descriptor from tty_release()). Since tty_ldisc_release() clears tty->ldisc, releasing the ldisc instance at tty teardown if tty->ldisc is non-null is not in danger of double-releasing the ldisc. Remove deinitialize_tty_struct() now that free_tty_struct() always performs the tty_ldisc_deinit(). Signed-off-by: Peter Hurley Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c index b3110040164a..8cbe802bff1d 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c @@ -408,7 +408,7 @@ static int pty_common_install(struct tty_driver *driver, struct tty_struct *tty, the easy way .. */ retval = tty_init_termios(tty); if (retval) - goto err_deinit_tty; + goto err_free_tty; retval = tty_init_termios(o_tty); if (retval) @@ -447,8 +447,7 @@ static int pty_common_install(struct tty_driver *driver, struct tty_struct *tty, err_free_termios: if (legacy) tty_free_termios(tty); -err_deinit_tty: - deinitialize_tty_struct(o_tty); +err_free_tty: free_tty_struct(o_tty); err_put_module: module_put(driver->other->owner); diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c index 5cec01c75691..c9f2365167df 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c @@ -172,6 +172,7 @@ void free_tty_struct(struct tty_struct *tty) { if (!tty) return; + tty_ldisc_deinit(tty); put_device(tty->dev); kfree(tty->write_buf); tty->magic = 0xDEADDEAD; @@ -1529,7 +1530,7 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) tty_lock(tty); retval = tty_driver_install_tty(driver, tty); if (retval < 0) - goto err_deinit_tty; + goto err_free_tty; if (!tty->port) tty->port = driver->ports[idx]; @@ -1551,9 +1552,8 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) /* Return the tty locked so that it cannot vanish under the caller */ return tty; -err_deinit_tty: +err_free_tty: tty_unlock(tty); - deinitialize_tty_struct(tty); free_tty_struct(tty); err_module_put: module_put(driver->owner); @@ -3162,20 +3162,6 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) return tty; } -/** - * deinitialize_tty_struct - * @tty: tty to deinitialize - * - * This subroutine deinitializes a tty structure that has been newly - * allocated but tty_release cannot be called on that yet. - * - * Locking: none - tty in question must not be exposed at this point - */ -void deinitialize_tty_struct(struct tty_struct *tty) -{ - tty_ldisc_deinit(tty); -} - /** * tty_put_char - write one character to a tty * @tty: tty diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c index a054d03c22e7..49f0cea1e538 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -797,7 +797,7 @@ void tty_ldisc_init(struct tty_struct *tty) } /** - * tty_ldisc_init - ldisc cleanup for new tty + * tty_ldisc_deinit - ldisc cleanup for new tty * @tty: tty that was allocated recently * * The tty structure must not becompletely set up (tty_ldisc_setup) when @@ -805,7 +805,8 @@ void tty_ldisc_init(struct tty_struct *tty) */ void tty_ldisc_deinit(struct tty_struct *tty) { - tty_ldisc_put(tty->ldisc); + if (tty->ldisc) + tty_ldisc_put(tty->ldisc); tty->ldisc = NULL; } diff --git a/include/linux/tty.h b/include/linux/tty.h index d9fb4b043f56..64e301dbf7b9 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h @@ -509,7 +509,6 @@ extern int tty_alloc_file(struct file *file); extern void tty_add_file(struct tty_struct *tty, struct file *file); extern void tty_free_file(struct file *file); extern void free_tty_struct(struct tty_struct *tty); -extern void deinitialize_tty_struct(struct tty_struct *tty); extern struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx); extern int tty_release(struct inode *inode, struct file *filp); extern int tty_init_termios(struct tty_struct *tty);