Re: ioctl disappeared (tty_ioctl)

From: Andrew Morton
Date: Thu Jun 14 2007 - 03:54:05 EST


On Thu, 14 Jun 2007 10:42:23 +0000 Dave Young <hidave.darkstar@xxxxxxxxx> wrote:

> The kernel reported the messages:
>
> do_ioctl: ioctl c02bff70 disappeared
> symbol: tty_ioctl+0x0/0x4e0
> [<c01813b4>] do_ioctl+0x74/0xd0
> [<c02bff70>] tty_ioctl+0x0/0x4e0
> [<c018159e>] vfs_ioctl+0x5e/0x1d0
> [<c0181787>] sys_ioctl+0x77/0x90
> [<c0104258>] syscall_call+0x7/0xb
> [<c0430000>] __sched_text_start+0x570/0x6c0
> =======================

Right, thanks. This should repair it:



From: Paul Fulghum <paulkf@xxxxxxxxxxxxx>

Restore tty locked ioctl handler which was replaced with
an unlocked ioctl handler in hung_up_tty_fops by the patch:

commit e10cc1df1d2014f68a4bdcf73f6dd122c4561f94
Author: Paul Fulghum <paulkf@xxxxxxxxxxxxx>
Date: Thu May 10 22:22:50 2007 -0700

tty: add compat_ioctl

This was reported in:
[Bug 8473] New: Oops: 0010 [1] SMP

The bug is caused by switching to hung_up_tty_fops in do_tty_hangup. An
ioctl call can be waiting on BLK after testing for existence of the locked
ioctl handler in the normal tty fops, but before calling the locked ioctl
handler. If a hangup occurs at that point, the locked ioctl fop is NULL
and an oops occurs.

(akpm: we can remove my debugging code from do_ioctl() now, but it'll be OK to
do that for 2.6.23)

Signed-off-by: Paul Fulghum <paulkf@xxxxxxxxxxxxx>
Cc: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

drivers/char/tty_io.c | 14 ++++++++++----
1 files changed, 10 insertions(+), 4 deletions(-)

diff -puN drivers/char/tty_io.c~tty-restore-locked-ioctl-file-op drivers/char/tty_io.c
--- a/drivers/char/tty_io.c~tty-restore-locked-ioctl-file-op
+++ a/drivers/char/tty_io.c
@@ -1173,8 +1173,14 @@ static unsigned int hung_up_tty_poll(str
return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
}

-static long hung_up_tty_ioctl(struct file * file,
- unsigned int cmd, unsigned long arg)
+static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
+ unsigned int cmd, unsigned long arg)
+{
+ return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
+}
+
+static long hung_up_tty_compat_ioctl(struct file * file,
+ unsigned int cmd, unsigned long arg)
{
return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
}
@@ -1222,8 +1228,8 @@ static const struct file_operations hung
.read = hung_up_tty_read,
.write = hung_up_tty_write,
.poll = hung_up_tty_poll,
- .unlocked_ioctl = hung_up_tty_ioctl,
- .compat_ioctl = hung_up_tty_ioctl,
+ .ioctl = hung_up_tty_ioctl,
+ .compat_ioctl = hung_up_tty_compat_ioctl,
.release = tty_release,
};

_

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/