aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/tty/pty.c
Commit message (Collapse)AuthorAgeFilesLines
* TTY: pty, release tty in all ptmx_open fail pathsJiri Slaby2011-11-111-5/+5
| | | | | | | | | | | | | | | | | | commit 1177c0efc04d032644895b8d757f55b433912596 upstream. Mistakenly, commit 64ba3dc3143d (tty: never hold BTM while getting tty_mutex) switched one fail path in ptmx_open to not free the newly allocated tty. Fix that by jumping to the appropriate place. And rename the labels so that it's clear what is going on there. Introduced-in: v2.6.36-rc2 Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* TTY: make tty_add_file non-failingJiri Slaby2011-11-111-5/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit fa90e1c935472281de314e6d7c9a37db9cbc2e4e upstream. If tty_add_file fails at the point it is now, we have to revert all the changes we did to the tty. It means either decrease all refcounts if this was a tty reopen or delete the tty if it was newly allocated. There was a try to fix this in v3.0-rc2 using tty_release in 0259894c7 (TTY: fix fail path in tty_open). But instead it introduced a NULL dereference. It's because tty_release dereferences filp->private_data, but that one is set even in our tty_add_file. And when tty_add_file fails, it's still NULL/garbage. Hence tty_release cannot be called there. To circumvent the original leak (and the current NULL deref) we split tty_add_file into two functions, making the latter non-failing. In that case we may do the former early in open, where handling failures is easy. The latter stays as it is now. So there is no change in functionality. The original bug (leak) was introduced by f573bd176 (tty: Remove __GFP_NOFAIL from tty_add_file()). Thanks Dan for reporting this. Later, we may split tty_release into more functions and call only some of them in this fail path instead. (If at all possible.) Introduced-in: v2.6.37-rc2 Signed-off-by: Jiri Slaby <jslaby@suse.cz> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Pekka Enberg <penberg@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* TTY: pty, fix pty countingJiri Slaby2011-10-031-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit 24d406a6bf736f7aebdc8fa0f0ec86e0890c6d24 upstream. tty_operations->remove is normally called like: queue_release_one_tty ->tty_shutdown ->tty_driver_remove_tty ->tty_operations->remove However tty_shutdown() is called from queue_release_one_tty() only if tty_operations->shutdown is NULL. But for pty, it is not. pty_unix98_shutdown() is used there as ->shutdown. So tty_operations->remove of pty (i.e. pty_unix98_remove()) is never called. This results in invalid pty_count. I.e. what can be seen in /proc/sys/kernel/pty/nr. I see this was already reported at: https://lkml.org/lkml/2009/11/5/370 But it was not fixed since then. This patch is kind of a hackish way. The problem lies in ->install. We allocate there another tty (so-called tty->link). So ->install is called once, but ->remove twice, for both tty and tty->link. The fix here is to count both tty and tty->link and divide the count by 2 for user. And to have ->remove called, let's make tty_driver_remove_tty() global and call that from pty_unix98_shutdown() (tty_operations->shutdown). While at it, let's document that when ->shutdown is defined, tty_shutdown() is not called. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@linux.intel.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* tty: remove invalid location line in file headerJovi Zhang2011-04-191-2/+0
| | | | | | | | remove invalid location line in each file header after location moved from driver/char to driver/tty Signed-off-by: Jovi Zhang <bookjovi@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* TTY: plug in deinitialize_tty_structJiri Slaby2011-04-191-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | Used the newly introduced deinitialize_tty_struct to properly shut down ldisc. It is intended to fix the Julian's reported problem. He reports that kmemleak checker warns about memory leak: unreferenced object 0xc0e19860 (size 8): comm cat, pid 1226, jiffies 4294919464 (age 287.476s) hex dump (first 8 bytes): 44 de 2d c1 01 00 00 00 D.-..... backtrace: [<c1065a74>] create_object+0x109/0x1ad [<c1063d2b>] kmem_cache_alloc+0x60/0x68 [<c113505c>] tty_ldisc_get+0x54/0x76 [<c11358c9>] tty_ldisc_init+0xa/0x20 [<c1130ab4>] initialize_tty_struct+0x2d/0x1ac [<c1130c8c>] tty_init_dev+0x59/0x10d [<c113136d>] tty_open+0x24a/0x3a2 ... Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Reported-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* TTY: unify pty_unix98_install fail path handlingJiri Slaby2011-04-191-6/+6
| | | | | | | | | | | | | Change it so that we call the deinit functions at one place at the end of the function (by gotos). And while at it use some sane label names. This is a preparation for the deinitialization of tty in the next patch. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Julian Anastasov <ja@ssi.bg> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* TTY: unify pty_install fail path handlingJiri Slaby2011-04-191-9/+10
| | | | | | | | | | | | | Change it so that we call the deinit functions at one place at the end of the function (by gotos). And while at it use some sane label names. This is a preparation for the deinitialization of tty in the next patch. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Julian Anastasov <ja@ssi.bg> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* Merge branch 'config' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bklLinus Torvalds2011-03-161-1/+0
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | * 'config' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl: BKL: That's all, folks fs/locks.c: Remove stale FIXME left over from BKL conversion ipx: remove the BKL appletalk: remove the BKL x25: remove the BKL ufs: remove the BKL hpfs: remove the BKL drivers: remove extraneous includes of smp_lock.h tracing: don't trace the BKL adfs: remove the big kernel lock
| * drivers: remove extraneous includes of smp_lock.hArnd Bergmann2011-03-021-1/+0
| | | | | | | | | | | | | | | | These were missed the last time I cleaned this up globally, because of code moving around or new code getting merged. Signed-off-by: Arnd Bergmann <arnd@arndb.de>
* | tty: now phase out the ioctl file pointer for goodAlan Cox2011-02-171-2/+2
|/ | | | | | | | | Only oddities here are a couple of drivers that bogusly called the ldisc helpers instead of returning -ENOIOCTLCMD. Fix the bug and the rest goes away. Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* TTY: create drivers/tty and move the tty core files thereGreg Kroah-Hartman2010-11-051-0/+777
The tty code should be in its own subdirectory and not in the char driver with all of the cruft that is currently there. Based on work done by Arnd Bergmann <arnd@arndb.de> Acked-by: Arnd Bergmann <arnd@arndb.de> Cc: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>