Commit 59b6573c authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] fix tty shutdown race

use-after-free races have been seen due to the workqueue timer in the tty
structure going off after the tty was freed.

Fix that up by using cancel_scheduled_work() and flush_scheduled_work().
parent 92b817f8
...@@ -1286,7 +1286,14 @@ static void release_dev(struct file * filp) ...@@ -1286,7 +1286,14 @@ static void release_dev(struct file * filp)
} }
/* /*
* Make sure that the tty's task queue isn't activated. * Prevent flush_to_ldisc() from rescheduling the work for later. Then
* kill any delayed work.
*/
clear_bit(TTY_DONT_FLIP, &tty->flags);
cancel_delayed_work(&tty->flip.work);
/*
* Wait for ->hangup_work and ->flip.work handlers to terminate
*/ */
flush_scheduled_work(); flush_scheduled_work();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment