general protection fault in spk_ttyio_ldisc_close
Samuel Thibault
samuel.thibault at ens-lyon.org
Tue Jan 8 09:26:09 EST 2019
Greg KH, le mar. 08 janv. 2019 15:25:07 +0100, a ecrit:
> On Tue, Jan 08, 2019 at 09:15:02AM -0500, Kyungtae Kim wrote:
> > On Tue, Jan 8, 2019 at 8:50 AM Greg KH <gregkh at linuxfoundation.org> wrote:
> > >
> > > On Tue, Jan 08, 2019 at 08:37:37AM -0500, Kyungtae Kim wrote:
> > > > We report a bug in linux-4.20: "general protection fault in
> > > > spk_ttyio_ldisc_close"
> > > >
> > > > kernel config: https://kt0755.github.io/etc/config_v4.20_stable
> > > > repro: https://kt0755.github.io/etc/repro.a670e.c
> > > >
> > > > This occurs when the function kfree is about to execute
> > > > (driver/staging/speakup/spk_ttyio.c:68).
> > > > Particularly, kfree takes the argument like speakup_tty->disc_data.
> > > > But speakup_tty is invalid, so the pointer dereference causes GPF.
> > > > At a glance, it seems that speakup_tty was deallocated somewhere ahead of kfree.
> > >
> > > How did you trigger this? Did you shut down and close the device
> > > already somehow? Do you have a real tty device that is driven by the
> > > device?
> > >
> > > thanks,
> > >
> > > greg k-h
> >
> > For this crash, we did without real speakup tty device.
>
> How did you bind a non-real speakup tty device to the driver?
One can tell any device name to the driver and it will attempt to
communicate with it.
Samuel
More information about the Speakup
mailing list