[PATCH v2 (resend #3)] hvc_console: Fix race between hvc_close and hvc_remove
Greg KH
greg at kroah.com
Sat Mar 13 02:52:13 EST 2010
On Fri, Mar 12, 2010 at 11:53:15AM +0530, Amit Shah wrote:
> Alan pointed out a race in the code where hvc_remove is invoked. The
> recent virtio_console work is the first user of hvc_remove().
>
> Alan describes it thus:
>
> The hvc_console assumes that a close and remove call can't occur at the
> same time.
>
> In addition tty_hangup(tty) is problematic as tty_hangup is asynchronous
> itself....
>
> So this can happen
>
> hvc_close hvc_remove
> hung up ? - no
> lock
> tty = hp->tty
> unlock
> lock
> hp->tty = NULL
> unlock
> notify del
> kref_put the hvc struct
> close completes
> tty is destroyed
> tty_hangup dead tty
> tty->ops will be NULL
> NULL->...
>
> This patch adds some tty krefs and also converts to using tty_vhangup().
>
> Reported-by: Alan Cox <alan at lxorguk.ukuu.org.uk>
> Signed-off-by: Amit Shah <amit.shah at redhat.com>
> CC: Alan Cox <alan at lxorguk.ukuu.org.uk>
> CC: linuxppc-dev at ozlabs.org
> CC: Rusty Russell <rusty at rustcorp.com.au>
> ---
>
> Linus, sending to you this time as I didn't receive any response from
> Ben or Greg for the previous submissions.
It's in my "to-apply" queue. Which I was ignoring due to the -rc1
merge, and then I've been busy with -stable stuff and a conference this
week. I'll get to it soon.
thanks for your patience,
greg k-h
More information about the Linuxppc-dev
mailing list