From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753112AbcAJFZY (ORCPT <rfc822;w@1wt.eu>);
	Sun, 10 Jan 2016 00:25:24 -0500
Received: from mail-pf0-f170.google.com ([209.85.192.170]:36379 "EHLO
	mail-pf0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750946AbcAJFZX (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Sun, 10 Jan 2016 00:25:23 -0500
Subject: Re: [PATCH v2 06/19] tty: Fix unsafe ldisc reference via
 ioctl(TIOCGETD)
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
References: <1448660356-6328-1-git-send-email-peter@hurleysoftware.com>
 <1452400870-6005-1-git-send-email-peter@hurleysoftware.com>
 <1452400870-6005-7-git-send-email-peter@hurleysoftware.com>
Cc: Jiri Slaby <jslaby@suse.cz>, linux-kernel@vger.kernel.org
From: Peter Hurley <peter@hurleysoftware.com>
Message-ID: <5691EB16.1020607@hurleysoftware.com>
Date: Sat, 9 Jan 2016 21:24:38 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <1452400870-6005-7-git-send-email-peter@hurleysoftware.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 01/09/2016 08:40 PM, Peter Hurley wrote:
> ioctl(TIOCGETD) retrieves the line discipline id directly from the
> ldisc because the line discipline id (c_line) in termios is untrustworthy;
> userspace may have set termios via ioctl(TCSETS*) without actually
> changing the line discipline via ioctl(TIOCSETD).
> 
> However, directly accessing the current ldisc via tty->ldisc is
> unsafe; the ldisc ptr dereferenced may be stale if the line discipline
> is changing via ioctl(TIOCSETD) or hangup.
> 
> Wait for the line discipline reference (just like read() or write())
> to retrieve the "current" line discipline id.

Hi Greg,

I forgot to re-mark this patch for stable.

Regards,
Peter Hurley