Hi,
When calling the RELDISP VT ioctl, we are reading vt_newvt while the console
workqueue could be messing with it (through change_console()).
We fix this race by taking the console semaphore before reading vt_newvt.
Andrew, would you please consider this patch for -mm inclusion ?
Signed-off-by: Samuel Ortiz <[email protected]>
---
drivers/char/vt_ioctl.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
Index: linux-2.6.22/drivers/char/vt_ioctl.c
===================================================================
--- linux-2.6.22.orig/drivers/char/vt_ioctl.c 2007-07-09 01:32:17.000000000 +0200
+++ linux-2.6.22/drivers/char/vt_ioctl.c 2007-09-27 11:58:42.000000000 +0200
@@ -770,6 +770,7 @@
/*
* Switching-from response
*/
+ acquire_console_sem();
if (vc->vt_newvt >= 0) {
if (arg == 0)
/*
@@ -784,7 +785,6 @@
* complete the switch.
*/
int newvt;
- acquire_console_sem();
newvt = vc->vt_newvt;
vc->vt_newvt = -1;
i = vc_allocate(newvt);
@@ -798,7 +798,6 @@
* other console switches..
*/
complete_change_console(vc_cons[newvt].d);
- release_console_sem();
}
}
@@ -810,9 +809,12 @@
/*
* If it's just an ACK, ignore it
*/
- if (arg != VT_ACKACQ)
+ if (arg != VT_ACKACQ) {
+ release_console_sem();
return -EINVAL;
+ }
}
+ release_console_sem();
return 0;