From: Gordon Oliver <gordo@pincoya.com>
To: Robert Love <rml@tech9.net>
Cc: gordo@pincoya.com, marcelo@conectiva.com.br,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] console close race fix resend
Date: Tue, 11 Dec 2001 00:54:11 -0800 [thread overview]
Message-ID: <20011211005411.C14728@furble> (raw)
In-Reply-To: <1008035512.4287.1.camel@phantasy> <20011210191630.A13679@furble> <1008050718.4287.11.camel@phantasy>
In-Reply-To: <1008050718.4287.11.camel@phantasy>; from rml@tech9.net on Mon, Dec 10, 2001 at 22:05:18 -0800
On 2001.12.10 22:05 Robert Love wrote:
> Ehh, I don't think so. Here is the whole patched function:
>
> static void con_flush_chars(struct tty_struct *tty)
> {
> struct vt_struct *vt = (struct vt_struct *)tty->driver_data;
> if (in_interrupt()) /* from flush_to_ldisc */
> return;
> pm_access(pm_con);
> acquire_console_sem();
> if (vt)
> set_cursor(vt->vc_num);
> release_console_sem();
> }
>
> When we check vt, it isn't stale. vt is a _pointer_ to the data so that
> first reference against it is guaranteed to grab the correct value. The
> only possible race is between the if and the set_cursor, but that isn't
> an issue because we acquired the console semaphore. There is no race
> here.
I like the patch that Andrew Morton sent in reply to this better.
Note that in the event that the above code does the following sequence
it will cause a stale pointer to be used:
con_flush_chars con_close
vt = <>
tty->driver_data = NULL
acquire_console_sem()
set_cursor()
release_console_sem()
Now it _might_ be ok to act on a stale vt pointer, but it sure
feels like thin ice. I'm not sure that there is any danger of
the vt data being modified in a way that would break this, but
since the tty no longer has a reference it is bad practice.
What the earlier patch did is created some very subtle semantics
for a small window of a race. It fixed the blaring bug (the OOPS)
but left a possible one that would be harder to find....
-gordo
prev parent reply other threads:[~2001-12-11 8:51 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-12-11 1:51 [PATCH] console close race fix resend Robert Love
2001-12-11 3:16 ` Gordon Oliver
2001-12-11 6:05 ` Robert Love
2001-12-11 6:28 ` Andrew Morton
2001-12-11 9:05 ` [PATCH] " Robert Love
2001-12-11 8:54 ` Gordon Oliver [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20011211005411.C14728@furble \
--to=gordo@pincoya.com \
--cc=linux-kernel@vger.kernel.org \
--cc=marcelo@conectiva.com.br \
--cc=rml@tech9.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.