From: Ryan Arnold Due to the tty ldisc code not stopping write operations against a driver even after a tty has been closed I added a mechanism to hvc_console in my previous patch to prevent this by nulling out the tty->driver_data in hvc_close() but I forgot to check tty->driver_data in hvc_write(). Anton Blanchard got several oops'es from hvc_write() accessing NULL as if it were a pointer to an hvc_struct usually stored in tty->driver_data. So this patch checks tty->driver_data in hvc_write() before it is used. Hopefully once Alan Cox's patch is checked in ldisc writes won't continue to happen after tty closes. Anton Blanchard has tested this patch and is unable to reproduce the oops with it applied. Changelog: drivers/char/hvc_console.c - Added comment to hvc_close() to explain the reason for NULLing tty->driver_data. - Added check to hvc_write() to verify that tty->driver_data is valid (NOT NULL) which would be the case if the write operation was invoked after a tty close was initiated on the tty. Signed-off-by: Ryan S. Arnold Signed-off-by: Andrew Morton --- 25-akpm/drivers/char/hvc_console.c | 9 +++++++++ 1 files changed, 9 insertions(+) diff -puN drivers/char/hvc_console.c~hvc_console-fix-to-protect-hvc_write-against-ldisc-write drivers/char/hvc_console.c --- 25/drivers/char/hvc_console.c~hvc_console-fix-to-protect-hvc_write-against-ldisc-write Wed Sep 15 14:47:22 2004 +++ 25-akpm/drivers/char/hvc_console.c Wed Sep 15 14:47:22 2004 @@ -265,6 +265,11 @@ static void hvc_close(struct tty_struct */ tty_wait_until_sent(tty, HVC_CLOSE_WAIT); + /* + * Since the line disc doesn't block writes during tty close + * operations we'll set driver_data to NULL and then make sure + * to check tty->driver_data for NULL in hvc_write(). + */ tty->driver_data = NULL; if (irq != NO_IRQ) @@ -418,6 +423,10 @@ static int hvc_write(struct tty_struct * struct hvc_struct *hp = tty->driver_data; int written; + /* This write was probably executed during a tty close. */ + if (!hp) + return -EPIPE; + if (from_user) written = __hvc_write_user(hp, buf, count); else _