Re: [PATCH AUTOSEL 4.4 50/56] tty: pty: Fix race condition between release_one_tty and pty_write

[Sasha Levin]

On Sat, Jun 01, 2019 at 09:18:36AM -0700, Greg Kroah-Hartman wrote:
> On Sat, Jun 01, 2019 at 09:17:07AM -0700, Greg Kroah-Hartman wrote:
> > On Sat, Jun 01, 2019 at 09:25:54AM -0400, Sasha Levin wrote:
> > > From: Sahara <keun-o.park@xxxxxxxxxxxxx>
> > >
> > > [ Upstream commit b9ca5f8560af244489b4a1bc1ae88b341f24bc95 ]
> > >
> > > Especially when a linked tty is used such as pty, the linked tty
> > > port's buf works have not been cancelled while master tty port's
> > > buf work has been cancelled. Since release_one_tty and flush_to_ldisc
> > > run in workqueue threads separately, when pty_cleanup happens and
> > > link tty port is freed, flush_to_ldisc tries to access freed port
> > > and port->itty, eventually it causes a panic.
> > > This patch utilizes the magic value with holding the tty_mutex to
> > > check if the tty->link is valid.
> > >
> > > Fixes: 2b022ab7542d ("pty: cancel pty slave port buf's work in tty_release")
> > > Signed-off-by: Sahara <keun-o.park@xxxxxxxxxxxxx>
> > > Cc: stable <stable@xxxxxxxxxxxxxxx>
> > > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> > > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
> > > ---
> > >  drivers/tty/pty.c    | 7 +++++++
> > >  drivers/tty/tty_io.c | 3 +++
> > >  2 files changed, 10 insertions(+)
> >
> > For some reason I did not apply this to the stable kernels, and this
> > shouldn't only be for 4.4.y, so please drop this.
>
> Ah, I never applied it because it was later reverted, also upstream,
> 0eae4686a128 ("Revert "tty: pty: Fix race condition between
> release_one_tty and pty_write""), so I didn't apply both of them to the
> stable trees as that wouldn't have made sense.

I've dropped it.

--
Thanks,
Sasha