Re: [PATCH] tty: make sure a BUG is hit if tty_port will be destroyedbefore tty

From: Peter Hurley
Date: Fri May 17 2013 - 18:51:45 EST

On 05/17/2013 03:43 PM, Alexander Holler wrote:
Am 17.05.2013 21:22, schrieb Alexander Holler:

The case that the machine didn't die, but just the process, only happens
when my proposed patch is applied, which prevents the memory corruption.

In short, the proposed BUG_ON() prevents the memory corruption because
it is hit before something bad can happen. The result is that just the
process in question will be killed (and a tty is not released), but only
that BUG_ON() prevents that something _really_ bad happens.

I hope I could describe it now clearly. ;)

Your descriptions have been clear and I understood your meaning. However,
I think you may have misunderstood my suggestion.

Would you please test the patch below?

--- >% ---
Subject: [PATCH] tty: Prevent tty_port destruction if tty not released

If the tty driver mistakenly drops the last port reference
before the tty has been released, issue a diagnostic and
abort the port destruction.

This will leak memory and may zombify the port, but should
otherwise keep the machine in runnable state.

Signed-off-by: Peter Hurley <peter@xxxxxxxxxxxxxxxxxx>
drivers/tty/tty_port.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c
index 6d9e0b2..a4f4fa9 100644
--- a/drivers/tty/tty_port.c
+++ b/drivers/tty/tty_port.c
@@ -140,6 +140,10 @@ EXPORT_SYMBOL(tty_port_destroy);
static void tty_port_destructor(struct kref *kref)
struct tty_port *port = container_of(kref, struct tty_port, kref);
+ /* check if last port ref was dropped before tty release */
+ if (WARN_ON(port->itty))
+ return;
if (port->xmit_buf)
free_page((unsigned long)port->xmit_buf);

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at