On Sat, Jun 01, 2019 at 09:25:54AM -0400, Sasha Levin wrote:
From: Sahara keun-o.park@darkmatter.ae
[ Upstream commit b9ca5f8560af244489b4a1bc1ae88b341f24bc95 ]
Especially when a linked tty is used such as pty, the linked tty port's buf works have not been cancelled while master tty port's buf work has been cancelled. Since release_one_tty and flush_to_ldisc run in workqueue threads separately, when pty_cleanup happens and link tty port is freed, flush_to_ldisc tries to access freed port and port->itty, eventually it causes a panic. This patch utilizes the magic value with holding the tty_mutex to check if the tty->link is valid.
Fixes: 2b022ab7542d ("pty: cancel pty slave port buf's work in tty_release") Signed-off-by: Sahara keun-o.park@darkmatter.ae Cc: stable stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Sasha Levin sashal@kernel.org
drivers/tty/pty.c | 7 +++++++ drivers/tty/tty_io.c | 3 +++ 2 files changed, 10 insertions(+)
For some reason I did not apply this to the stable kernels, and this shouldn't only be for 4.4.y, so please drop this.
thanks,
greg k-h