From 59b6573c72109c4c1bee928518949379da07c2da Mon Sep 17 00:00:00 2001 From: Andrew Morton <akpm@digeo.com> Date: Mon, 14 Apr 2003 06:09:57 -0700 Subject: [PATCH] [PATCH] fix tty shutdown race use-after-free races have been seen due to the workqueue timer in the tty structure going off after the tty was freed. Fix that up by using cancel_scheduled_work() and flush_scheduled_work(). --- drivers/char/tty_io.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c index ff54795c42a5..acacb8cfe527 100644 --- a/drivers/char/tty_io.c +++ b/drivers/char/tty_io.c @@ -1286,7 +1286,14 @@ static void release_dev(struct file * filp) } /* - * Make sure that the tty's task queue isn't activated. + * Prevent flush_to_ldisc() from rescheduling the work for later. Then + * kill any delayed work. + */ + clear_bit(TTY_DONT_FLIP, &tty->flags); + cancel_delayed_work(&tty->flip.work); + + /* + * Wait for ->hangup_work and ->flip.work handlers to terminate */ flush_scheduled_work(); -- 2.30.9