aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichal Januszewski <spock@gentoo.org>2007-04-02 02:49:51 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-04-02 13:06:09 -0400
commitf991519c197534811046e5e47389b6fafcdf1e48 (patch)
treea8df0ce3aafc97968a354e736305a3fc807f1dea
parent1d64b9cb1dc2a7cd521444e3d908adeccd026356 (diff)
[PATCH] vt: fix potential race in VT_WAITACTIVE handler
On a multiprocessor machine the VT_WAITACTIVE ioctl call may return 0 if fg_console has already been updated in redraw_screen() but the console switch itself hasn't been completed. Fix this by checking fg_console in vt_waitactive() with the console sem held. Signed-off-by: Michal Januszewski <spock@gentoo.org> Acked-by: Antonino Daplas <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--drivers/char/vt_ioctl.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/drivers/char/vt_ioctl.c b/drivers/char/vt_ioctl.c
index 1fa2da8f4fbe..c9f2dd620e87 100644
--- a/drivers/char/vt_ioctl.c
+++ b/drivers/char/vt_ioctl.c
@@ -1039,10 +1039,22 @@ int vt_waitactive(int vt)
1039 1039
1040 add_wait_queue(&vt_activate_queue, &wait); 1040 add_wait_queue(&vt_activate_queue, &wait);
1041 for (;;) { 1041 for (;;) {
1042 set_current_state(TASK_INTERRUPTIBLE);
1043 retval = 0; 1042 retval = 0;
1044 if (vt == fg_console) 1043
1044 /*
1045 * Synchronize with redraw_screen(). By acquiring the console
1046 * semaphore we make sure that the console switch is completed
1047 * before we return. If we didn't wait for the semaphore, we
1048 * could return at a point where fg_console has already been
1049 * updated, but the console switch hasn't been completed.
1050 */
1051 acquire_console_sem();
1052 set_current_state(TASK_INTERRUPTIBLE);
1053 if (vt == fg_console) {
1054 release_console_sem();
1045 break; 1055 break;
1056 }
1057 release_console_sem();
1046 retval = -EINTR; 1058 retval = -EINTR;
1047 if (signal_pending(current)) 1059 if (signal_pending(current))
1048 break; 1060 break;