Re: BUG in pty_chars_in_buffer with 2.6.30 git head using ssh

From: Alan Cox
Date: Sat Jun 13 2009 - 16:52:32 EST

On Sat, 13 Jun 2009 11:09:34 -0500
James Bottomley <JBottomley@xxxxxxxxxx> wrote:

> This is a really odd one. I've used ssh into this box with this same
> kernel several times before, I got this (actually logged out as me over
> ssh then logged back in as root):

Its an ancient long standing bug but from the trace its inadvertently
become a NULL pointer deref rather than calling functions unsafely.

Change the if (!to ...) to if (!to || !to->ldisc || ...

and you'll get a race window thats rather like the one before.

The underlying problem is that the tty layer calls one tty ldisc from
under the locks of another but without holding the locks it needs. It
can't take both locks without deadlocking.

It's one I'm currently working on fixing.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at