3.8-rc regression with pps-ldisc due to 70ece7a731

[George Spelvin]

"TTY: n_tty, add ldisc data to n_tty"

The PPS line discipline has incestuous relations with the n_tty line
discipline, using some hooks to call internal routines.

However, I started noticing violent kernel explosions when testing 3.8-rc,
and after a bit of digging, I think it's due to the fact that the PPS code
assumes that the ->ldisc pointer is available to hold a pointer to a "pps"
structure, but this commit started using it in the core n_tty discipline.

If you look at pps_tty_open in drivers/pps/clients/pps-ldisc.c, you can
see it does:

	pps = pps_register_source(&info, PPS_CAPTUREBOTH | \
				PPS_OFFSETASSERT | PPS_OFFSETCLEAR);
	if (pps == NULL) {
		pr_err("cannot register PPS source \"%s\"\n", info.path);
		return -ENOMEM;
	}
	tty->disc_data = pps;

        /* Should open N_TTY ldisc too */
        ret = alias_n_tty_open(tty);

Where "alias_n_tty_open" is filled in by n_tty_inherit_ops() to be
n_tty_open().  However, in this commit, n_tty_open() now allocates
its own structure and overwrites the disc_data pointer, leading to an
earth-shattering kaboom as NULL pointers are dereferenced in interrupt
handlers.


My first thought is to reserve a pointer in n_tty_data for the
pps structure and update the pps code to chase pointers one more
level.  But I wanted to solicit opinions.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/