From: Rabin Vincent Date: Mon, 21 May 2012 08:08:42 +0000 (+0530) Subject: vt: fix race in vt_waitactive() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=a7b12929be6cc55eab2dac3330fa9f5984e12dda;p=GitHub%2Fmt8127%2Fandroid_kernel_alcatel_ttab.git vt: fix race in vt_waitactive() pm_restore_console() is called from the suspend/resume path, and this calls vt_move_to_console(), which calls vt_waitactive(). There's a race in this path which causes the process which requests the suspend to sleep indefinitely waiting for an event which already happened: P1 P2 vt_move_to_console() set_console() schedule_console_callback() vt_waitactive() check n == fg_console +1 console_callback() switch_screen() vt_event_post() // no waiters vt_event_wait() // forever Fix the race by ensuring we're registered for the event before we check if it's already completed. Signed-off-by: Rabin Vincent Acked-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c index 64618547be11..b841f56d2e66 100644 --- a/drivers/tty/vt/vt_ioctl.c +++ b/drivers/tty/vt/vt_ioctl.c @@ -110,16 +110,7 @@ void vt_event_post(unsigned int event, unsigned int old, unsigned int new) wake_up_interruptible(&vt_event_waitqueue); } -/** - * vt_event_wait - wait for an event - * @vw: our event - * - * Waits for an event to occur which completes our vt_event_wait - * structure. On return the structure has wv->done set to 1 for success - * or 0 if some event such as a signal ended the wait. - */ - -static void vt_event_wait(struct vt_event_wait *vw) +static void __vt_event_queue(struct vt_event_wait *vw) { unsigned long flags; /* Prepare the event */ @@ -129,14 +120,40 @@ static void vt_event_wait(struct vt_event_wait *vw) spin_lock_irqsave(&vt_event_lock, flags); list_add(&vw->list, &vt_events); spin_unlock_irqrestore(&vt_event_lock, flags); +} + +static void __vt_event_wait(struct vt_event_wait *vw) +{ /* Wait for it to pass */ wait_event_interruptible(vt_event_waitqueue, vw->done); +} + +static void __vt_event_dequeue(struct vt_event_wait *vw) +{ + unsigned long flags; + /* Dequeue it */ spin_lock_irqsave(&vt_event_lock, flags); list_del(&vw->list); spin_unlock_irqrestore(&vt_event_lock, flags); } +/** + * vt_event_wait - wait for an event + * @vw: our event + * + * Waits for an event to occur which completes our vt_event_wait + * structure. On return the structure has wv->done set to 1 for success + * or 0 if some event such as a signal ended the wait. + */ + +static void vt_event_wait(struct vt_event_wait *vw) +{ + __vt_event_queue(vw); + __vt_event_wait(vw); + __vt_event_dequeue(vw); +} + /** * vt_event_wait_ioctl - event ioctl handler * @arg: argument to ioctl @@ -177,10 +194,14 @@ int vt_waitactive(int n) { struct vt_event_wait vw; do { - if (n == fg_console + 1) - break; vw.event.event = VT_EVENT_SWITCH; - vt_event_wait(&vw); + __vt_event_queue(&vw); + if (n == fg_console + 1) { + __vt_event_dequeue(&vw); + break; + } + __vt_event_wait(&vw); + __vt_event_dequeue(&vw); if (vw.done == 0) return -EINTR; } while (vw.event.newev != n);