diff options
author | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2008-05-30 04:03:32 -0400 |
---|---|---|
committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2008-05-30 04:03:35 -0400 |
commit | 54ad64129cc166b9eec7151f3f9fc83589e33555 (patch) | |
tree | 62653aafec6b61da39a58c4cac2c1b5e37860df1 | |
parent | c80ee724966a8ce9a68020d9095233fb1c6f57e8 (diff) |
[S390] 3270: fix race with stack local wait_queue_head_t.
A wait_event call with a stack local wait_queue_head_t structure that is
used to do the wake up for the wait_event is inherently racy. After the
wait_event finished the wake_up call might not have completed yet.
Remove the stack local wait_queue_head_t from raw3270_start_init and
use the global raw3270_wait_queue instead.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-rw-r--r-- | drivers/s390/char/raw3270.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/drivers/s390/char/raw3270.c b/drivers/s390/char/raw3270.c index 0d98f1ff2edd..848ef7e8523f 100644 --- a/drivers/s390/char/raw3270.c +++ b/drivers/s390/char/raw3270.c | |||
@@ -549,7 +549,6 @@ raw3270_start_init(struct raw3270 *rp, struct raw3270_view *view, | |||
549 | struct raw3270_request *rq) | 549 | struct raw3270_request *rq) |
550 | { | 550 | { |
551 | unsigned long flags; | 551 | unsigned long flags; |
552 | wait_queue_head_t wq; | ||
553 | int rc; | 552 | int rc; |
554 | 553 | ||
555 | #ifdef CONFIG_TN3270_CONSOLE | 554 | #ifdef CONFIG_TN3270_CONSOLE |
@@ -566,20 +565,20 @@ raw3270_start_init(struct raw3270 *rp, struct raw3270_view *view, | |||
566 | return rq->rc; | 565 | return rq->rc; |
567 | } | 566 | } |
568 | #endif | 567 | #endif |
569 | init_waitqueue_head(&wq); | ||
570 | rq->callback = raw3270_wake_init; | 568 | rq->callback = raw3270_wake_init; |
571 | rq->callback_data = &wq; | 569 | rq->callback_data = &raw3270_wait_queue; |
572 | spin_lock_irqsave(get_ccwdev_lock(view->dev->cdev), flags); | 570 | spin_lock_irqsave(get_ccwdev_lock(view->dev->cdev), flags); |
573 | rc = __raw3270_start(rp, view, rq); | 571 | rc = __raw3270_start(rp, view, rq); |
574 | spin_unlock_irqrestore(get_ccwdev_lock(view->dev->cdev), flags); | 572 | spin_unlock_irqrestore(get_ccwdev_lock(view->dev->cdev), flags); |
575 | if (rc) | 573 | if (rc) |
576 | return rc; | 574 | return rc; |
577 | /* Now wait for the completion. */ | 575 | /* Now wait for the completion. */ |
578 | rc = wait_event_interruptible(wq, raw3270_request_final(rq)); | 576 | rc = wait_event_interruptible(raw3270_wait_queue, |
577 | raw3270_request_final(rq)); | ||
579 | if (rc == -ERESTARTSYS) { /* Interrupted by a signal. */ | 578 | if (rc == -ERESTARTSYS) { /* Interrupted by a signal. */ |
580 | raw3270_halt_io(view->dev, rq); | 579 | raw3270_halt_io(view->dev, rq); |
581 | /* No wait for the halt to complete. */ | 580 | /* No wait for the halt to complete. */ |
582 | wait_event(wq, raw3270_request_final(rq)); | 581 | wait_event(raw3270_wait_queue, raw3270_request_final(rq)); |
583 | return -ERESTARTSYS; | 582 | return -ERESTARTSYS; |
584 | } | 583 | } |
585 | return rq->rc; | 584 | return rq->rc; |