From: Ken Mills <[email protected]> Subject: [PATCH] n_gsm: fixed kernel crash on mux deactivate.
If the mux is shut down by detaching the driver from the tty, but before closing any virtual tty's, the driver will crash on the first virtual tty close. This fix zero's out the reference to the dlci that is in the tty structure when the dlci is free'd. The dlci is then checked for non-NULL before the network create/destroy functions are called. Signed-off-by: Ken Mills <[email protected]> --- drivers/tty/n_gsm.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index 18596ca..915810b 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -1652,6 +1652,7 @@ static void gsm_dlci_free(struct gsm_dlci *dlci) if (tty) { tty_vhangup(tty); tty_kref_put(tty); + tty->driver_data = 0; } del_timer_sync(&dlci->t1); dlci->gsm->dlci[dlci->addr] = NULL; @@ -2794,6 +2795,8 @@ static void gsmtty_hangup(struct tty_struct *tty) { struct gsm_dlci *dlci = tty->driver_data; tty_port_hangup(&dlci->port); + gsm_destroy_network(dlci); + tty->driver_data=0; gsm_dlci_begin_close(dlci); } @@ -2874,6 +2877,8 @@ static int gsmtty_ioctl(struct tty_struct *tty, struct file *filp, return -EFAULT; nc.if_name[IFNAMSIZ-1] = '\0'; /* return net interface index or error code */ + if(dlci == NULL) + return -EFAULT; index = gsm_create_network(dlci, &nc); if (copy_to_user((void __user *)arg, &nc, sizeof(nc))) return -EFAULT; @@ -2881,7 +2886,8 @@ static int gsmtty_ioctl(struct tty_struct *tty, struct file *filp, case GSMIOC_DISABLE_NET: if (!capable(CAP_NET_ADMIN)) return -EPERM; - gsm_destroy_network(dlci); + if (dlci != NULL) + gsm_destroy_network(dlci); return 0; default: return n_tty_ioctl_helper(tty, filp, cmd, arg); -- 1.7.0.4 _______________________________________________ MeeGo-kernel mailing list [email protected] http://lists.meego.com/listinfo/meego-kernel
