diff options
author | Peter Hurley <peter@hurleysoftware.com> | 2014-10-16 15:33:27 -0400 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2014-11-05 16:34:36 -0800 |
commit | 2622d73e51acfe1dbeb21bf2299066bdead85163 (patch) | |
tree | 06f2fff030593a0d730b61cd78da5923baec8683 /drivers/tty/pty.c | |
parent | 54e8e5fcaae109f0303f52efb24f29bfac79ca86 (diff) | |
download | lwn-2622d73e51acfe1dbeb21bf2299066bdead85163.tar.gz lwn-2622d73e51acfe1dbeb21bf2299066bdead85163.zip |
pty: Fix packet mode setting race
Because pty_set_pktmode() does not claim the slave's ctrl_lock
to clear ->ctrl_status (to avoid unnecessary lock nesting),
pty_set_pktmode() may accidentally erase new ->ctrl_status updates.
For example,
CPU 0 | CPU 1
pty_set_pktmode() | pty_start()
spin_lock(master's ctrl_lock) |
tty->packet = 1 |
| if (tty->link->packet)
| spin_lock(slave's ctrl_lock)
| tty->ctrl_status = TIOCPKT_START
tty->link->ctrl_status = 0 |
Ensure the clear of ->ctrl_status occurs before packet mode is set
(and observable on another cpu).
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Reviewed-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/tty/pty.c')
-rw-r--r-- | drivers/tty/pty.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c index e554393d5551..bcec4c71a408 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c @@ -186,8 +186,9 @@ static int pty_set_pktmode(struct tty_struct *tty, int __user *arg) spin_lock_irq(&tty->ctrl_lock); if (pktmode) { if (!tty->packet) { - tty->packet = 1; tty->link->ctrl_status = 0; + smp_mb(); + tty->packet = 1; } } else tty->packet = 0; |