On Wed, May 22, 2019 at 01:19:49PM +0200, Johan Hovold wrote:
> On Wed, May 22, 2019 at 07:13:54PM +0800, Gen Zhang wrote:
> > On Wed, May 22, 2019 at 12:29:00PM +0200, Johan Hovold wrote:
> > > Where do you see that the kernel is dereferencing tty->dev without
> > > checking for NULL first? If you
On Wed, May 22, 2019 at 07:13:54PM +0800, Gen Zhang wrote:
> On Wed, May 22, 2019 at 12:29:00PM +0200, Johan Hovold wrote:
> > Where do you see that the kernel is dereferencing tty->dev without
> > checking for NULL first? If you can find that, then that would indeed be
> > a bug that needs fixing.
On Wed, May 22, 2019 at 10:15:56AM +0200, Jiri Slaby wrote:
> Look at the top of alloc_tty_struct: there is tty_ldisc_init. If
> tty_get_device fails here, you have to call tty_ldisc_deinit. Better,
> you should add a failure-handling tail to this function and "goto" there.
Thanks for your explaina
On Wed, May 22, 2019 at 12:29:00PM +0200, Johan Hovold wrote:
> Where do you see that the kernel is dereferencing tty->dev without
> checking for NULL first? If you can find that, then that would indeed be
> a bug that needs fixing.
Thanks for your reply, Johan!
I examined the code but failed to fi
On 22. 05. 19, 12:29, Johan Hovold wrote:
>> Sure, but can class_find_device return NULL in this tty case here?
>
> Yes, it can and will and that's fine, not all ttys have a struct device
> (e.g. ptys).
IOW, the code needs a comment, if anything.
thanks,
--
js
suse labs
On Wed, May 22, 2019 at 10:15:56AM +0200, Jiri Slaby wrote:
> On 22. 05. 19, 10:06, Gen Zhang wrote:
> > On Wed, May 22, 2019 at 06:25:36AM +0200, Jiri Slaby wrote:
> >> On 22. 05. 19, 3:40, Gen Zhang wrote:
> >>> In alloc_tty_struct(), tty->dev is assigned by tty_get_device(). And it
> >>> calls c
On 22. 05. 19, 10:06, Gen Zhang wrote:
> On Wed, May 22, 2019 at 06:25:36AM +0200, Jiri Slaby wrote:
>> On 22. 05. 19, 3:40, Gen Zhang wrote:
>>> In alloc_tty_struct(), tty->dev is assigned by tty_get_device(). And it
>>> calls class_find_device(). And class_find_device() may return NULL.
>>> And t
On Wed, May 22, 2019 at 06:25:36AM +0200, Jiri Slaby wrote:
> On 22. 05. 19, 3:40, Gen Zhang wrote:
> > In alloc_tty_struct(), tty->dev is assigned by tty_get_device(). And it
> > calls class_find_device(). And class_find_device() may return NULL.
> > And tty->dev is dereferenced in the following c
On 22. 05. 19, 3:40, Gen Zhang wrote:
> In alloc_tty_struct(), tty->dev is assigned by tty_get_device(). And it
> calls class_find_device(). And class_find_device() may return NULL.
> And tty->dev is dereferenced in the following codes. When
> tty_get_device() returns NULL, dereferencing this tty-
In alloc_tty_struct(), tty->dev is assigned by tty_get_device(). And it
calls class_find_device(). And class_find_device() may return NULL.
And tty->dev is dereferenced in the following codes. When
tty_get_device() returns NULL, dereferencing this tty->dev null pointer
may cause the kernel go wron
10 matches
Mail list logo
