[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20090613215333.0e8a440e@lxorguk.ukuu.org.uk>
Date: Sat, 13 Jun 2009 21:53:33 +0100
From: Alan Cox <alan@...rguk.ukuu.org.uk>
To: James Bottomley <JBottomley@...ell.com>
Cc: linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: BUG in pty_chars_in_buffer with 2.6.30 git head using ssh
On Sat, 13 Jun 2009 11:09:34 -0500
James Bottomley <JBottomley@...ell.com> wrote:
> This is a really odd one. I've used ssh into this box with this same
> kernel several times before, I got this (actually logged out as me over
> ssh then logged back in as root):
Its an ancient long standing bug but from the trace its inadvertently
become a NULL pointer deref rather than calling functions unsafely.
Change the if (!to ...) to if (!to || !to->ldisc || ...
and you'll get a race window thats rather like the one before.
The underlying problem is that the tty layer calls one tty ldisc from
under the locks of another but without holding the locks it needs. It
can't take both locks without deadlocking.
It's one I'm currently working on fixing.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists