lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

VT ioctl race fix

Browse Source 
When calling the RELDISP VT ioctl, we are reading vt_newvt while the
console workqueue could be messing with it (through change_console()).  We
fix this race by taking the console semaphore before reading vt_newvt.

Signed-off-by: Samuel Ortiz <sameo@openedhand.com>
Acked-by: Antonino Daplas <adaplas@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Samuel Ortiz
2007-10-01 01:20:12 -07:00
committed by Linus Torvalds
parent 4047727e5a
commit 8792f961ba
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/char/vt_ioctl.c
View File

@@ -770,6 +770,7 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
/* /*
* Switching-from response * Switching-from response
*/ */
acquire_console_sem();
if (vc->vt_newvt >= 0) { if (vc->vt_newvt >= 0) {
if (arg == 0) if (arg == 0)
/* /*
@@ -784,7 +785,6 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
* complete the switch. * complete the switch.
*/ */
int newvt; int newvt;
acquire_console_sem();
newvt = vc->vt_newvt; newvt = vc->vt_newvt;
vc->vt_newvt = -1; vc->vt_newvt = -1;
i = vc_allocate(newvt); i = vc_allocate(newvt);
@@ -798,7 +798,6 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
* other console switches.. * other console switches..
*/ */
complete_change_console(vc_cons[newvt].d); complete_change_console(vc_cons[newvt].d);
release_console_sem();
} }
} }
@@ -810,9 +809,12 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
/* /*
* If it's just an ACK, ignore it * If it's just an ACK, ignore it
*/ */
if (arg != VT_ACKACQ) if (arg != VT_ACKACQ) {
release_console_sem();
return -EINVAL; return -EINVAL;
}
} }
release_console_sem();
return 0; return 0;