[S390] 3270: fix race with stack local wait_queue_head_t.
authorMartin Schwidefsky <schwidefsky@de.ibm.com>
Fri, 30 May 2008 08:03:32 +0000 (10:03 +0200)
committerMartin Schwidefsky <schwidefsky@de.ibm.com>
Fri, 30 May 2008 08:03:35 +0000 (10:03 +0200)
A wait_event call with a stack local wait_queue_head_t structure that is
used to do the wake up for the wait_event is inherently racy. After the
wait_event finished the wake_up call might not have completed yet.
Remove the stack local wait_queue_head_t from raw3270_start_init and
use the global raw3270_wait_queue instead.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
drivers/s390/char/raw3270.c

index 0d98f1ff2edd5db5ae4f79815de723f81d0241be..848ef7e8523fe97ba2e0ade9f61f1cbac86a8f90 100644 (file)
@@ -549,7 +549,6 @@ raw3270_start_init(struct raw3270 *rp, struct raw3270_view *view,
                   struct raw3270_request *rq)
 {
        unsigned long flags;
-       wait_queue_head_t wq;
        int rc;
 
 #ifdef CONFIG_TN3270_CONSOLE
@@ -566,20 +565,20 @@ raw3270_start_init(struct raw3270 *rp, struct raw3270_view *view,
                return rq->rc;
        }
 #endif
-       init_waitqueue_head(&wq);
        rq->callback = raw3270_wake_init;
-       rq->callback_data = &wq;
+       rq->callback_data = &raw3270_wait_queue;
        spin_lock_irqsave(get_ccwdev_lock(view->dev->cdev), flags);
        rc = __raw3270_start(rp, view, rq);
        spin_unlock_irqrestore(get_ccwdev_lock(view->dev->cdev), flags);
        if (rc)
                return rc;
        /* Now wait for the completion. */
-       rc = wait_event_interruptible(wq, raw3270_request_final(rq));
+       rc = wait_event_interruptible(raw3270_wait_queue,
+                                     raw3270_request_final(rq));
        if (rc == -ERESTARTSYS) {       /* Interrupted by a signal. */
                raw3270_halt_io(view->dev, rq);
                /* No wait for the halt to complete. */
-               wait_event(wq, raw3270_request_final(rq));
+               wait_event(raw3270_wait_queue, raw3270_request_final(rq));
                return -ERESTARTSYS;
        }
        return rq->rc;