From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757203Ab0EDKVS (ORCPT ); Tue, 4 May 2010 06:21:18 -0400 Received: from mga10.intel.com ([192.55.52.92]:13502 "EHLO fmsmga102.fm.intel.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1756307Ab0EDKVR (ORCPT ); Tue, 4 May 2010 06:21:17 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.52,325,1270450800"; d="scan'208";a="795241091" Date: Tue, 4 May 2010 10:43:05 +0100 From: Alan Cox To: Arnd Bergmann Cc: lkml , "Greg Kroah-Hartman" Subject: Re: possible locking bug in tty_open Message-ID: <20100504104305.29e7ada7@linux.intel.com> In-Reply-To: <201005022247.33857.arnd@arndb.de> References: <201005022247.33857.arnd@arndb.de> Organization: Intel X-Mailer: Claws Mail 3.7.5 (GTK+ 2.18.9; x86_64-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 2 May 2010 22:47:33 +0200 Arnd Bergmann wrote: > While playing some more with my TTY BKL patches, I stumbled over > what looks like a bug in tty_open, introduced in e8c6210 > "tty: push the BKL down into the handlers a bit": > > After the "retry_open:" label, we first get the tty_mutex > and then the BKL. However a the end of tty_open, we jump > back to retry_open with the BKL still held. If we run into > this case, the tty_open function will be left with the BKL > still held. > > It may be impossible to actually trigger this bug, because > the path is only taken if a tty driver open function returns > -ERESTARTSYS without setting signal_pending(). It looks pretty much impossible to trigger but it's definitely a bug. I'll send Greg a patch