Re: [PATCH -rt] race condition in fs/compat.c with compat_sys_ioctl

[Ingo Molnar]

* Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:

>  	down_read(&ioctl32_sem);
>  	for (t = ioctl32_hash_table[ioctl32_hash(cmd)]; t; t = t->next) {
> -		if (t->cmd == cmd)
> +		if (t->cmd == cmd) {
> +			handler = t->handler;
> +			up_read(&ioctl32_sem);
>  			goto found_handler;
> +		}
>  	}
>  	up_read(&ioctl32_sem);

i think this problem only triggers on RT kernels, because the RT kernel 
only allows a single reader within a read-semaphore. This works well in 
99.9% of the cases. You just found the remaining 0.1% :-| The better 
solution within -rt would be to change ioctl32_sem to a compat 
semaphore, via the patch below. Can you confirm that this solves the 
bootup problem too?

	Ingo

Index: linux/fs/compat.c
===================================================================
--- linux.orig/fs/compat.c
+++ linux/fs/compat.c
@@ -268,7 +268,7 @@ out:
 
 #define IOCTL_HASHSIZE 256
 static struct ioctl_trans *ioctl32_hash_table[IOCTL_HASHSIZE];
-static DECLARE_RWSEM(ioctl32_sem);
+static COMPAT_DECLARE_RWSEM(ioctl32_sem);
 
 extern struct ioctl_trans ioctl_start[];
 extern int ioctl_table_size;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/