Racy kb->ledflagstate and kb->default_ledflagstate
From: Sishuai Gong
Date: Wed Aug 09 2023 - 21:03:08 EST
Hi,
We observed a race over kb->ledflagstate and kb->default_ledflagstate
when two threads are running vt_do_kdskled() in parallel:
Thread-1 Thread-2
// holding led_lock // holding kbd_event_lock
kb->ledflagstate = (arg & 7);
ucval = kb->ledflagstate |
(kb->default_ledflagstate << 4);
kb->default_ledflagstate = ((arg >> 4) & 7);
Is it better to hold both led_lock and kbd_event_lock under case KDGKBLED?
We are happy to submit the patch if it makes sense.
Thanks