pty: Fix packet mode setting race
authorPeter Hurley <peter@hurleysoftware.com>
Thu, 16 Oct 2014 19:33:27 +0000 (15:33 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 6 Nov 2014 00:34:36 +0000 (16:34 -0800)
commit2622d73e51acfe1dbeb21bf2299066bdead85163
tree06f2fff030593a0d730b61cd78da5923baec8683
parent54e8e5fcaae109f0303f52efb24f29bfac79ca86
pty: Fix packet mode setting race

Because pty_set_pktmode() does not claim the slave's ctrl_lock
to clear ->ctrl_status (to avoid unnecessary lock nesting),
pty_set_pktmode() may accidentally erase new ->ctrl_status updates.
For example,

CPU 0                             | CPU 1
pty_set_pktmode()                 | pty_start()
  spin_lock(master's ctrl_lock)   |
  tty->packet = 1                 |
                                  |   if (tty->link->packet)
                                  |     spin_lock(slave's ctrl_lock)
                                  |     tty->ctrl_status = TIOCPKT_START
  tty->link->ctrl_status = 0      |

Ensure the clear of ->ctrl_status occurs before packet mode is set
(and observable on another cpu).

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Reviewed-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/tty/pty.c