[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F631449.7090302@suse.cz>
Date: Fri, 16 Mar 2012 11:22:01 +0100
From: Jiri Slaby <jslaby@...e.cz>
To: "Du, Alek" <alek.du@...el.com>
CC: Jiri Slaby <jirislaby@...il.com>,
Alan Cox <alan@...rguk.ukuu.org.uk>,
"Tu, Xiaobing" <xiaobing.tu@...el.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
"Zhang, Yanmin" <yanmin.zhang@...el.com>,
"Zuo, Jiao" <jiao.zuo@...el.com>
Subject: Re: [PATCH] tty: hold lock across tty buffer finding and buffer filling
On 03/16/2012 11:08 AM, Du, Alek wrote:
> If you really look at the original patch from Xiaobing, the tty_prepare_flip_string is also patched :-)
> Actually it fills up all the possible spin_lock gaps in tty_buffer.c
>
>
> @@ -344,13 +375,20 @@ EXPORT_SYMBOL(tty_schedule_flip); int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
> size_t size)
> {
> - int space = tty_buffer_request_room(tty, size);
> + int space;
> + unsigned long flags;
> + struct tty_buffer *tb;
> +
> + spin_lock_irqsave(&tty->buf.lock, flags);
> + space = __tty_buffer_request_room(tty, size);
> +
> + tb = tty->buf.tail;
> if (likely(space)) {
> - struct tty_buffer *tb = tty->buf.tail;
> *chars = tb->char_buf_ptr + tb->used;
^^^^^^
This is returned to the caller. And it writes to that. And it may be
gone as soon as the lock is unlocked below.
> memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
> tb->used += space;
> }
> + spin_unlock_irqrestore(&tty->buf.lock, flags);
> return space;
> }
thanks,
--
js
suse labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists