Re: [PATCH] hvc_console: Fix a race between hvc_close and hvc_remove
From: Alan Cox <hidden>
Date: 2010-02-27 01:30:47
Also in:
lkml
quoted hunk ↗ jump to hunk
+ tty_kref_get(hp->tty); spin_lock_irqsave(&hp->lock, flags); tty = hp->tty;@@ -830,7 +833,9 @@ int hvc_remove(struct hvc_struct *hp) * cleaned up the hvc_struct. */ if (tty) - tty_hangup(tty); + tty_vhangup(tty); + + tty_kref_put(hp->tty);
You need to deref hp->tty, take the kref under the lock (and indeed do all assignments to it that way too), then tty_kref_put(tty), otherwise what stops hp->tty changing during the remove ? Take a look how tty_port_tty_get() and tty_port.c does it ... Alan