tty: fix ldisc lock inversion trace
authorAlan Cox <alan@linux.intel.com>
Tue, 29 May 2012 12:45:16 +0000 (13:45 +0100)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 29 May 2012 17:42:13 +0000 (10:42 -0700)
This is caused by tty_release using tty_lock_pair to lock both sides of
the pty/tty pair, and then tty_ldisc_release dropping and relocking one
side only.  We can drop both fine, so drop both to avoid any lock
ordering concerns.

Rework the release path to fix the new locking model.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/tty/tty_ldisc.c

index 173a9000a6cb3940ab2dcb068c5efba300f9613e..ba8be396a6215339200c5ff3f79ad34e93489acb 100644 (file)
@@ -894,6 +894,23 @@ int tty_ldisc_setup(struct tty_struct *tty, struct tty_struct *o_tty)
        tty_ldisc_enable(tty);
        return 0;
 }
+
+static void tty_ldisc_kill(struct tty_struct *tty)
+{
+       mutex_lock(&tty->ldisc_mutex);
+       /*
+        * Now kill off the ldisc
+        */
+       tty_ldisc_close(tty, tty->ldisc);
+       tty_ldisc_put(tty->ldisc);
+       /* Force an oops if we mess this up */
+       tty->ldisc = NULL;
+
+       /* Ensure the next open requests the N_TTY ldisc */
+       tty_set_termios_ldisc(tty, N_TTY);
+       mutex_unlock(&tty->ldisc_mutex);
+}
+
 /**
  *     tty_ldisc_release               -       release line discipline
  *     @tty: tty being shut down
@@ -912,27 +929,19 @@ void tty_ldisc_release(struct tty_struct *tty, struct tty_struct *o_tty)
         * race with the set_ldisc code path.
         */
 
-       tty_unlock(tty);
+       tty_unlock_pair(tty, o_tty);
        tty_ldisc_halt(tty);
        tty_ldisc_flush_works(tty);
-       tty_lock(tty);
-
-       mutex_lock(&tty->ldisc_mutex);
-       /*
-        * Now kill off the ldisc
-        */
-       tty_ldisc_close(tty, tty->ldisc);
-       tty_ldisc_put(tty->ldisc);
-       /* Force an oops if we mess this up */
-       tty->ldisc = NULL;
+       if (o_tty) {
+               tty_ldisc_halt(o_tty);
+               tty_ldisc_flush_works(o_tty);
+       }
+       tty_lock_pair(tty, o_tty);
 
-       /* Ensure the next open requests the N_TTY ldisc */
-       tty_set_termios_ldisc(tty, N_TTY);
-       mutex_unlock(&tty->ldisc_mutex);
 
-       /* This will need doing differently if we need to lock */
+       tty_ldisc_kill(tty);
        if (o_tty)
-               tty_ldisc_release(o_tty, NULL);
+               tty_ldisc_kill(o_tty);
 
        /* And the memory resources remaining (buffers, termios) will be
           disposed of when the kref hits zero */