www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Herton R. Krzesinski <herton@redhat.com>
	Mon, 11 Jan 2016 14:07:43 +0000 (12:07 -0200)
committer	Chuck Anderson <chuck.anderson@oracle.com>
	Thu, 26 May 2016 22:44:56 +0000 (15:44 -0700)
commit	87ec623ace85aec4babb2f42238a8795290e3d1b
tree	1585e2010935baac02cf688352e7cd47270c6fea	tree
parent	076832a6f51a552c28a2fed5852452365b10845b	commit \| diff

pty: fix possible use after free of tty->driver_data

Orabug: 23330843

[ Upstream commit 2831c89f42dcde440cfdccb9fee9f42d54bbc1ef ]

This change fixes a bug for a corner case where we have the the last
release from a pty master/slave coming from a previously opened /dev/tty
file. When this happens, the tty->driver_data can be stale, due to all
ptmx or pts/N files having already been closed before (and thus the inode
related to these files, which tty->driver_data points to, being already
freed/destroyed).

The fix here is to keep a reference on the opened master ptmx inode.
We maintain the inode referenced until the final pty_unix98_shutdown,
and only pass this inode to devpts_kill_index.

Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
Cc: <stable@vger.kernel.org> # 2.6.29+
Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
(cherry picked from commit 614f8734d11ad22ee17a5faecf355b70756904ef)

Signed-off-by: Dan Duval <dan.duval@oracle.com>