* Steven Rostedt <[email protected]> wrote:
> I googled a little and found where this may have already happened in
> the main line kernel:
>
> http://seclists.org/lists/linux-kernel/2005/Aug/1603.html
>
> So here's my proposal:
>
> Instead of checking for tty->count == 1 in con_open, which we see is
> not reliable. Just check for tty->driver_data == NULL.
>
> This should work since it should always be NULL when we need to assign
> it. If we switch the events of the race, so that the init_dev went
> first, the driver_data would not be NULL and would not need to be
> allocated, because after init_dev tty->count would be greater than 1
> (this is assuming the case that it is already allocated) and the
> con_close would not deallocate it. The tty_sem and console_sem and
> order of events protect the tty->driver_data but not the tty->count.
>
> Without the patch, I was able to get the system to BUG on bootup every
> other time. With the patch applied, I was able to bootup 6 out of 6
> times without a single crash.
cool fix. I'm wondering, there's a whole lot of other 'tty->count == 1'
checks in drivers/char/*.c, could some of those be racy too?
Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |