mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-01 22:54:01 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Samuel Thibault 3b78db2646 speakup: Do not let the line discipline be used several times 
commit d412275444 upstream.

Speakup has only one speakup_tty variable to store the tty it is managing. This
makes sense since its codebase currently assumes that there is only one user who
controls the screen reading.

That however means that we have to forbid using the line discipline several
times, otherwise the second closure would try to free a NULL ldisc_data, leading to

general protection fault: 0000 [#1] SMP KASAN PTI
RIP: 0010:spk_ttyio_ldisc_close+0x2c/0x60
Call Trace:
 tty_ldisc_release+0xa2/0x340
 tty_release_struct+0x17/0xd0
 tty_release+0x9d9/0xcc0
 __fput+0x231/0x740
 task_work_run+0x12c/0x1a0
 do_exit+0x9b5/0x2230
 ? release_task+0x1240/0x1240
 ? __do_page_fault+0x562/0xa30
 do_group_exit+0xd5/0x2a0
 __x64_sys_exit_group+0x35/0x40
 do_syscall_64+0x89/0x2b0
 ? page_fault+0x8/0x30
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Cc: stable@vger.kernel.org
Reported-by: 秦世松 <qinshisong1205@gmail.com>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Tested-by: Shisong Qin <qinshisong1205@gmail.com>
Link: https://lore.kernel.org/r/20201110183541.fzgnlwhjpgqzjeth@function
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-11-24 13:29:20 +01:00
..
accessibility
acpi ACPI: button: Add DMI quirk for Medion Akoya E2228T 2020-11-24 13:29:00 +01:00
amba
android
ata ata: sata_nv: Fix retrieving of active qcs 2020-11-05 11:43:12 +01:00
atm atm: nicstar: Unmap DMA on send error 2020-11-24 13:28:55 +01:00
auxdisplay
base PM: runtime: Resume the device earlier in __device_release_driver() 2020-11-10 12:37:34 +01:00
bcma
block nbd: fix a block_device refcount leak in nbd_release 2020-11-18 19:20:27 +01:00
bluetooth Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb 2020-10-29 09:58:08 +01:00
bus bus/fsl_mc: Do not rely on caller to provide non NULL mc_io 2020-11-05 11:43:19 +01:00
cdrom
char virtio: virtio_console: fix DMA memory allocation for rproc serial 2020-11-18 19:20:29 +01:00
clk clk: ti: clockdomain: fix static checker warning 2020-11-05 11:43:20 +01:00
clocksource
connector
counter
cpufreq acpi-cpufreq: Honor _PSD table setting on new AMD CPUs 2020-11-05 11:43:25 +01:00
cpuidle
crypto chelsio/chtls: fix always leaking ctrl_skb 2020-11-10 12:37:25 +01:00
dax
dca
devfreq
dio
dma dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status 2020-11-05 11:43:29 +01:00
dma-buf
edac
eisa
extcon extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips 2020-11-05 11:43:24 +01:00
firewire
firmware firmware: arm_scmi: Add missing Rx size re-initialisation 2020-11-05 11:43:12 +01:00
fpga
fsi
gnss
gpio gpio: pcie-idio-24: Enable PEX8311 interrupts 2020-11-18 19:20:31 +01:00
gpu drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() 2020-11-24 13:29:07 +01:00
greybus
hid HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver 2020-11-24 13:29:19 +01:00
hsi
hv hv_balloon: disable warning when floor reached 2020-11-18 19:20:17 +01:00
hwmon hwmon: (pwm-fan) Fix RPM calculation 2020-11-24 13:29:01 +01:00
hwspinlock
hwtracing Revert "coresight: Make sysfs functional on topologies with per core sink" 2020-11-10 12:37:31 +01:00
i2c i2c: sh_mobile: implement atomic transfers 2020-11-18 19:20:25 +01:00
i3c
ide
idle
iio iio:gyro:itg3200: Fix timestamp alignment and prevent data leak. 2020-11-05 11:43:30 +01:00
infiniband RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs 2020-11-24 13:29:05 +01:00
input Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER 2020-11-24 13:29:05 +01:00
interconnect
iommu iommu/vt-d: Avoid panic if iommu init fails in tboot system 2020-11-24 13:29:17 +01:00
ipack
irqchip
isdn
leds leds: bcm6328, bcm6358: use devres LED registering function 2020-11-05 11:43:24 +01:00
lightnvm lightnvm: fix out-of-bounds write to array devices->info[] 2020-10-29 09:58:00 +01:00
macintosh
mailbox
mcb
md md/raid5: fix oops during stripe resizing 2020-11-05 11:43:22 +01:00
media media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect 2020-11-05 11:43:24 +01:00
memory memory: emif: Remove bogus debugfs error handling 2020-11-05 11:43:21 +01:00
memstick
message scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() 2020-11-05 11:43:25 +01:00
mfd mfd: sprd: Add wakeup capability for PMIC IRQ 2020-11-18 19:20:26 +01:00
misc mei: protect mei_cl_mtu from null dereference 2020-11-18 19:20:30 +01:00
mmc mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove 2020-11-18 19:20:31 +01:00
mtd mtd: spi-nor: Don't copy self-pointing struct around 2020-11-10 12:37:28 +01:00
mux
net can: m_can: process interrupt only when not runtime suspended 2020-11-24 13:29:18 +01:00
nfc
ntb NTB: hw: amd: fix an issue about leak system resources 2020-10-29 09:58:00 +01:00
nubus
nvdimm
nvme nvme-tcp: avoid repeated request completion 2020-11-18 19:20:24 +01:00
nvmem
of of/address: Fix of_node memory leak in of_dma_is_coherent 2020-11-18 19:20:28 +01:00
opp opp: Reduce the size of critical section in _opp_table_kref_release() 2020-11-18 19:20:21 +01:00
oprofile
parisc
parport
pci PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0 2020-11-18 19:20:16 +01:00
pcmcia
perf
phy phy: marvell: comphy: Convert internal SMCC firmware return codes to errno 2020-11-01 12:01:07 +01:00
pinctrl pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq 2020-11-24 13:29:00 +01:00
platform
pnp
power power: supply: test_power: add missing newlines when printing parameters by sysfs 2020-11-05 11:43:19 +01:00
powercap powercap: restrict energy meter to root access 2020-11-10 21:13:20 +01:00
pps
ps3
ptp
pwm
rapidio
ras
regulator regulator: ti-abb: Fix array out of bound read access on the first transition 2020-11-24 13:29:18 +01:00
remoteproc
reset
rpmsg rpmsg: glink: Use complete_all for open states 2020-11-05 11:43:20 +01:00
rtc rtc: rx8010: don't modify the global rtc ops 2020-11-05 11:43:33 +01:00
s390 s390/pkey: fix paes selftest failure with paes and pkey static build 2020-11-10 12:37:32 +01:00
sbus
scsi scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() 2020-11-24 13:29:00 +01:00
sfi
sh
siox
slimbus
soc soc: fsl: qbman: Fix return value on success 2020-10-29 09:57:59 +01:00
soundwire
spi spi: bcm2835: remove use of uninitialized gpio flags variable 2020-11-18 19:20:25 +01:00
spmi
ssb
staging speakup: Do not let the line discipline be used several times 2020-11-24 13:29:20 +01:00
target
tc
tee
thermal
thunderbolt thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() 2020-11-18 19:20:29 +01:00
tty tty: serial: fsl_lpuart: LS1021A has a FIFO size of 16 words, like LS1028A 2020-11-10 12:37:33 +01:00
uio uio: Fix use-after-free in uio_unregister_device() 2020-11-18 19:20:29 +01:00
usb xhci: hisilicon: fix refercence leak in xhci_histb_probe 2020-11-18 19:20:29 +01:00
vfio vfio/pci: Bypass IGD init in case of -ENODEV 2020-11-18 19:20:25 +01:00
vhost vringh: fix __vringh_iov() when riov and wiov are different 2020-11-05 11:43:35 +01:00
video video: fbdev: pvr2fb: initialize variables 2020-11-05 11:43:15 +01:00
virt
virtio
visorbus
vlynq
vme
w1 w1: mxc_w1: Fix timeout resolution problem leading to bus error 2020-11-05 11:43:25 +01:00
watchdog drivers: watchdog: rdc321x_wdt: Fix race condition bugs 2020-11-05 11:43:20 +01:00
xen xen/events: block rogue events for some time 2020-11-05 11:43:12 +01:00
zorro
Kconfig
Makefile