aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Schwidefsky <schwidefsky@de.ibm.com>2008-05-30 04:03:32 -0400
committerMartin Schwidefsky <schwidefsky@de.ibm.com>2008-05-30 04:03:35 -0400
commit54ad64129cc166b9eec7151f3f9fc83589e33555 (patch)
tree62653aafec6b61da39a58c4cac2c1b5e37860df1
parentc80ee724966a8ce9a68020d9095233fb1c6f57e8 (diff)
[S390] 3270: fix race with stack local wait_queue_head_t.
A wait_event call with a stack local wait_queue_head_t structure that is used to do the wake up for the wait_event is inherently racy. After the wait_event finished the wake_up call might not have completed yet. Remove the stack local wait_queue_head_t from raw3270_start_init and use the global raw3270_wait_queue instead. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-rw-r--r--drivers/s390/char/raw3270.c9
1 files changed, 4 insertions, 5 deletions
diff --git a/drivers/s390/char/raw3270.c b/drivers/s390/char/raw3270.c
index 0d98f1ff2edd..848ef7e8523f 100644
--- a/drivers/s390/char/raw3270.c
+++ b/drivers/s390/char/raw3270.c
@@ -549,7 +549,6 @@ raw3270_start_init(struct raw3270 *rp, struct raw3270_view *view,
549 struct raw3270_request *rq) 549 struct raw3270_request *rq)
550{ 550{
551 unsigned long flags; 551 unsigned long flags;
552 wait_queue_head_t wq;
553 int rc; 552 int rc;
554 553
555#ifdef CONFIG_TN3270_CONSOLE 554#ifdef CONFIG_TN3270_CONSOLE
@@ -566,20 +565,20 @@ raw3270_start_init(struct raw3270 *rp, struct raw3270_view *view,
566 return rq->rc; 565 return rq->rc;
567 } 566 }
568#endif 567#endif
569 init_waitqueue_head(&wq);
570 rq->callback = raw3270_wake_init; 568 rq->callback = raw3270_wake_init;
571 rq->callback_data = &wq; 569 rq->callback_data = &raw3270_wait_queue;
572 spin_lock_irqsave(get_ccwdev_lock(view->dev->cdev), flags); 570 spin_lock_irqsave(get_ccwdev_lock(view->dev->cdev), flags);
573 rc = __raw3270_start(rp, view, rq); 571 rc = __raw3270_start(rp, view, rq);
574 spin_unlock_irqrestore(get_ccwdev_lock(view->dev->cdev), flags); 572 spin_unlock_irqrestore(get_ccwdev_lock(view->dev->cdev), flags);
575 if (rc) 573 if (rc)
576 return rc; 574 return rc;
577 /* Now wait for the completion. */ 575 /* Now wait for the completion. */
578 rc = wait_event_interruptible(wq, raw3270_request_final(rq)); 576 rc = wait_event_interruptible(raw3270_wait_queue,
577 raw3270_request_final(rq));
579 if (rc == -ERESTARTSYS) { /* Interrupted by a signal. */ 578 if (rc == -ERESTARTSYS) { /* Interrupted by a signal. */
580 raw3270_halt_io(view->dev, rq); 579 raw3270_halt_io(view->dev, rq);
581 /* No wait for the halt to complete. */ 580 /* No wait for the halt to complete. */
582 wait_event(wq, raw3270_request_final(rq)); 581 wait_event(raw3270_wait_queue, raw3270_request_final(rq));
583 return -ERESTARTSYS; 582 return -ERESTARTSYS;
584 } 583 }
585 return rq->rc; 584 return rq->rc;