tty: Fix oops when scanning the polling list for kgdb

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Costantino Leandro found a bug in tty_find_polling_driver and provided a
patch that fixed the crash but not the underlying bug. This fixes the
underlying bug where the list walk corrupts the values it is using on a
match but then reuses them if the open fails.

Signed-off-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Alan Cox and committed by

Linus Torvalds 17 years ago 5f0878ac 620df3c0

+7 -6

1 changed file

expand all

drivers

char

tty_io.c

+7 -6

drivers/char/tty_io.c

··· 295 295 struct tty_driver *p, *res = NULL; 296 296 int tty_line = 0; 297 297 int len; 298 - char *str; 298 + char *str, *stp; 299 299 300 300 for (str = name; *str; str++) 301 301 if ((*str >= '0' && *str <= '9') || *str == ',') ··· 311 311 list_for_each_entry(p, &tty_drivers, tty_drivers) { 312 312 if (strncmp(name, p->name, len) != 0) 313 313 continue; 314 - if (*str == ',') 315 - str++; 316 - if (*str == '\0') 317 - str = NULL; 314 + stp = str; 315 + if (*stp == ',') 316 + stp++; 317 + if (*stp == '\0') 318 + stp = NULL; 318 319 319 320 if (tty_line >= 0 && tty_line <= p->num && p->ops && 320 - p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) { 321 + p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 321 322 res = tty_driver_kref_get(p); 322 323 *line = tty_line; 323 324 break;