From: Robert Love <rml@tech9.net>
To: linus@transmeta.com, laughing@shared-source.org
Cc: linux-kernel@vger.kernel.org, tytso@thunk.org, andrewm@uow.edu.au
Subject: [PATCH] tty race on con_close and con_flush_chars
Date: 29 Oct 2001 20:04:27 -0500 [thread overview]
Message-ID: <1004403868.809.147.camel@phantasy> (raw)
There is a race in the console code between con_close and
con_flush_chars. n_tty_receive_buf writes to the tty queue and then
writes it out via con_flush_chars. The race arises in between the above
two operations; the console can close and thus zero tty->drive_data.
When con_flush_chars runs, it will dereference a null pointer.
The following fix, by Andrew Morton, merely checks if the tty still
exists because continuing. I am submitting the patch because the race
is uncovered often with a preemptive kernel. The fix is in the preempt
tree, but it should be pushed to mainline since it should affect SMP
too.
Linus and Alan, please apply.
diff -urN linux-2.4.13-ac5/drivers/char/console.c linux/drivers/char/console.c
--- linux-2.4.13-ac5/drivers/char/console.c Mon Oct 29 17:27:19 2001
+++ linux/drivers/char/console.c Mon Oct 29 17:28:24 2001
@@ -2387,9 +2387,15 @@
return;
pm_access(pm_con);
- acquire_console_sem();
- set_cursor(vt->vc_num);
- release_console_sem();
+ if (vt) {
+ /*
+ * If we raced with con_close(), `vt' may be null.
+ * Hence this bandaid. - akpm
+ */
+ acquire_console_sem();
+ set_cursor(vt->vc_num);
+ release_console_sem();
+ }
}
/*
Robert Love
next reply other threads:[~2001-10-30 1:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-10-30 1:04 Robert Love [this message]
2001-10-30 3:13 ` [PATCH] tty race on con_close and con_flush_chars Robert Love
2001-10-31 5:08 ` Tachino Nobuhiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1004403868.809.147.camel@phantasy \
--to=rml@tech9.net \
--cc=andrewm@uow.edu.au \
--cc=laughing@shared-source.org \
--cc=linus@transmeta.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@thunk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.