tty: fix BKL related leak and crash
authorIngo Molnar <mingo@elte.hu>
Wed, 14 May 2008 15:11:46 +0000 (17:11 +0200)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 15 May 2008 17:19:30 +0000 (10:19 -0700)
Enabling the BKL to be lockdep tracked uncovered the following
upstream kernel bug in the tty code, which caused a BKL
reference leak:

  ================================================
  [ BUG: lock held when returning to user space! ]
  ------------------------------------------------
  dmesg/3121 is leaving the kernel with locks still held!
  1 lock held by dmesg/3121:
   #0:  (kernel_mutex){--..}, at: [<c02f34d9>] opost+0x24/0x194

this might explain some of the atomicity warnings and crashes
that -tip tree testing has been experiencing since the BKL
was converted back to a spinlock.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/char/n_tty.c

index 19105ec203f7afe611edfdc10c99bf50741ccecc..8096389b0dc2d4bd07df5d9cfc902902a043b333 100644 (file)
@@ -282,16 +282,20 @@ static int opost(unsigned char c, struct tty_struct *tty)
                        if (O_ONLRET(tty))
                                tty->column = 0;
                        if (O_ONLCR(tty)) {
-                               if (space < 2)
+                               if (space < 2) {
+                                       unlock_kernel();
                                        return -1;
+                               }
                                tty_put_char(tty, '\r');
                                tty->column = 0;
                        }
                        tty->canon_column = tty->column;
                        break;
                case '\r':
-                       if (O_ONOCR(tty) && tty->column == 0)
+                       if (O_ONOCR(tty) && tty->column == 0) {
+                               unlock_kernel();
                                return 0;
+                       }
                        if (O_OCRNL(tty)) {
                                c = '\n';
                                if (O_ONLRET(tty))
@@ -303,10 +307,13 @@ static int opost(unsigned char c, struct tty_struct *tty)
                case '\t':
                        spaces = 8 - (tty->column & 7);
                        if (O_TABDLY(tty) == XTABS) {
-                               if (space < spaces)
+                               if (space < spaces) {
+                                       unlock_kernel();
                                        return -1;
+                               }
                                tty->column += spaces;
                                tty->ops->write(tty, "        ", spaces);
+                               unlock_kernel();
                                return 0;
                        }
                        tty->column += spaces;