• Johan Hovold's avatar
    USB: ftdi_sio: fix use-after-free in TIOCMIWAIT · 71ccb9b0
    Johan Hovold authored
    Use the port wait queue and make sure to check the serial disconnected
    flag before accessing private port data after waking up.
    
    This is is needed as the private port data (including the wait queue
    itself) can be gone when waking up after a disconnect.
    
    When switching to tty ports, some lifetime assumptions were changed.
    Specifically, close can now be called before the final tty reference is
    dropped as part of hangup at device disconnect. Even with the ftdi
    private-data refcounting this means that the port private data can be
    freed while a process is sleeping on modem-status changes and thus
    cannot be relied on to detect disconnects when woken up.
    
    Cc: stable <stable@vger.kernel.org>
    Signed-off-by: default avatarJohan Hovold <jhovold@gmail.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    71ccb9b0
ftdi_sio.c 87.7 KB