Re: [PATCH] console close race fix resend

Andrew Morton (akpm@zip.com.au)
Mon, 10 Dec 2001 22:28:42 -0800

Robert Love wrote:
>
> On Mon, 2001-12-10 at 22:16, Gordon Oliver wrote:
>
> > and (c) appears to still have a race... You should extract
> > the value from the structure inside the lock, otherwise you
> > will still race with con_close (though perhaps a smaller race)
> > but since the call to acquire_console_sem() can sleep, the
> > vt handle you have may be stale.
>
> Ehh, I don't think so. Here is the whole patched function:
>
> static void con_flush_chars(struct tty_struct *tty)
> {
> struct vt_struct *vt = (struct vt_struct *)tty->driver_data;
> if (in_interrupt()) /* from flush_to_ldisc */
> return;
> pm_access(pm_con);
> acquire_console_sem();
> if (vt)
> set_cursor(vt->vc_num);
> release_console_sem();
> }
>

It could be improved - we really should test tty->driver_data inside
lock_kernel(), and after the possible sleep.

How does this look (and how does it test?)

--- linux-2.4.17-pre8/drivers/char/console.c Mon Dec 10 13:46:20 2001
+++ linux-akpm/drivers/char/console.c Mon Dec 10 22:27:05 2001
@@ -100,6 +100,7 @@
#include <linux/tqueue.h>
#include <linux/bootmem.h>
#include <linux/pm.h>
+#include <linux/smp_lock.h>

#include <asm/io.h>
#include <asm/system.h>
@@ -2350,15 +2351,18 @@ static void con_start(struct tty_struct

static void con_flush_chars(struct tty_struct *tty)
{
- struct vt_struct *vt = (struct vt_struct *)tty->driver_data;
+ struct vt_struct *vt;

if (in_interrupt()) /* from flush_to_ldisc */
return;
-
pm_access(pm_con);
+ lock_kernel(); /* versus con_close() */
acquire_console_sem();
- set_cursor(vt->vc_num);
+ vt = (struct vt_struct *)tty->driver_data;
+ if (vt)
+ set_cursor(vt->vc_num);
release_console_sem();
+ unlock_kernel();
}

/*
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/