Re: [PATCH v2 (resend #3)] hvc_console: Fix race between hvc_closeand hvc_remove

[Greg KH]

On Fri, Mar 12, 2010 at 11:53:15AM +0530, Amit Shah wrote:
> Alan pointed out a race in the code where hvc_remove is invoked. The
> recent virtio_console work is the first user of hvc_remove().
> 
> Alan describes it thus:
> 
> The hvc_console assumes that a close and remove call can't occur at the
> same time.
> 
> In addition tty_hangup(tty) is problematic as tty_hangup is asynchronous
> itself....
> 
> So this can happen
> 
>         hvc_close                               hvc_remove
>         hung up ? - no
>                                                 lock
>                                                 tty = hp->tty
>                                                 unlock
>         lock
>         hp->tty = NULL
>         unlock
>         notify del
>         kref_put the hvc struct
>         close completes
>         tty is destroyed
>                                                 tty_hangup dead tty
>                                                 tty->ops will be NULL
>                                                 NULL->...
> 
> This patch adds some tty krefs and also converts to using tty_vhangup().
> 
> Reported-by: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx>
> CC: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
> CC: linuxppc-dev@xxxxxxxxxx
> CC: Rusty Russell <rusty@xxxxxxxxxxxxxxx>
> ---
> 
> Linus, sending to you this time as I didn't receive any response from
> Ben or Greg for the previous submissions.

It's in my "to-apply" queue.  Which I was ignoring due to the -rc1
merge, and then I've been busy with -stable stuff and a conference this
week.  I'll get to it soon.

thanks for your patience,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/