[patch - snipped]
The patch is missing a change to vt_kern.h (addition of vt_uid to
struct vt_struct).
> /*
> + * This should obsolete VT_OPENQRY: as it allocates console, it
> + * avoids race. <pavel@ucw.cz>
> + */
> + case VT_OPENALLOC:
> + for (i = 0; i < MAX_NR_CONSOLES; ++i)
> + if (! VT_IS_IN_USE(i))
> + break;
> + ucval = i < MAX_NR_CONSOLES ? (i+1) : -1;
> + if (ucval != -1)
> + ucval = vc_allocate(ucval) ? -1 : ucval;
> + goto setint;
> +
This isn't quite right. ucval is an unsigned char. When ucval is
assigned -1, it becomes 255 (assuming 2's complement).
When it is compared with -1, it is extended to an integer first,
(ucval != -1) is always true, and it always allocates a VC.
Even if it did fail properly, the code then jumps to setint:, which
calls put_user(ucval, (int *)arg) to put (int)255 into *arg. The
X-server compares with with -1, decides that there wasn't an error,
and tries to open /dev/tty255.
-- Peter Benie, Unix Support, University of Cambridge Computing Service, New Museums Site, Pembroke Street, Cambridge CB2 3QG +44 1223 34728- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu