mirror of
https://github.com/torvalds/linux.git
synced 2024-09-28 19:03:08 +00:00
e2bd1dcbe1
Potentially, hvc_open() can be called in parallel when two tasks calls open() on /dev/hvcX. In such a scenario, if the hp->ops->notifier_add() callback in the function fails, where it sets the tty->driver_data to NULL, the parallel hvc_open() can see this NULL and cause a memory abort. Hence, serialize hvc_open and check if tty->private_data is NULL before proceeding ahead. The issue can be easily reproduced by launching two tasks simultaneously that does nothing but open() and close() on /dev/hvcX. For example: $ ./simple_open_close /dev/hvc0 & ./simple_open_close /dev/hvc0 & Signed-off-by: Raghavendra Rao Ananta <rananta@codeaurora.org> Link: https://lore.kernel.org/r/20200428032601.22127-1-rananta@codeaurora.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| hvc_console.c | ||
| hvc_console.h | ||
| hvc_dcc.c | ||
| hvc_irq.c | ||
| hvc_iucv.c | ||
| hvc_opal.c | ||
| hvc_riscv_sbi.c | ||
| hvc_rtas.c | ||
| hvc_udbg.c | ||
| hvc_vio.c | ||
| hvc_xen.c | ||
| hvcs.c | ||
| hvsi_lib.c | ||
| hvsi.c | ||
| Kconfig | ||
| Makefile | ||