[PATCH -mm] VT ioctl race fix

From: Samuel Ortiz
Date: Thu Sep 27 2007 - 06:03:17 EST


Hi,

When calling the RELDISP VT ioctl, we are reading vt_newvt while the console
workqueue could be messing with it (through change_console()).
We fix this race by taking the console semaphore before reading vt_newvt.

Andrew, would you please consider this patch for -mm inclusion ?

Signed-off-by: Samuel Ortiz <sameo@xxxxxxxxxxxxxx>

---
drivers/char/vt_ioctl.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

Index: linux-2.6.22/drivers/char/vt_ioctl.c
===================================================================
--- linux-2.6.22.orig/drivers/char/vt_ioctl.c 2007-07-09 01:32:17.000000000 +0200
+++ linux-2.6.22/drivers/char/vt_ioctl.c 2007-09-27 11:58:42.000000000 +0200
@@ -770,6 +770,7 @@
/*
* Switching-from response
*/
+ acquire_console_sem();
if (vc->vt_newvt >= 0) {
if (arg == 0)
/*
@@ -784,7 +785,6 @@
* complete the switch.
*/
int newvt;
- acquire_console_sem();
newvt = vc->vt_newvt;
vc->vt_newvt = -1;
i = vc_allocate(newvt);
@@ -798,7 +798,6 @@
* other console switches..
*/
complete_change_console(vc_cons[newvt].d);
- release_console_sem();
}
}

@@ -810,9 +809,12 @@
/*
* If it's just an ACK, ignore it
*/
- if (arg != VT_ACKACQ)
+ if (arg != VT_ACKACQ) {
+ release_console_sem();
return -EINVAL;
+ }
}
+ release_console_sem();

return 0;


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/