From: Samuel Ortiz Date: Mon, 1 Oct 2007 08:20:12 +0000 (-0700) Subject: VT ioctl race fix X-Git-Tag: firefly_0821_release~26391 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=8792f961ba8057d9f27987def3600253a3ba060f;p=firefly-linux-kernel-4.4.55.git VT ioctl race fix When calling the RELDISP VT ioctl, we are reading vt_newvt while the console workqueue could be messing with it (through change_console()). We fix this race by taking the console semaphore before reading vt_newvt. Signed-off-by: Samuel Ortiz Acked-by: Antonino Daplas Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/drivers/char/vt_ioctl.c b/drivers/char/vt_ioctl.c index 045e6888d15b..c799b7f7bbb3 100644 --- a/drivers/char/vt_ioctl.c +++ b/drivers/char/vt_ioctl.c @@ -770,6 +770,7 @@ int vt_ioctl(struct tty_struct *tty, struct file * file, /* * Switching-from response */ + acquire_console_sem(); if (vc->vt_newvt >= 0) { if (arg == 0) /* @@ -784,7 +785,6 @@ int vt_ioctl(struct tty_struct *tty, struct file * file, * complete the switch. */ int newvt; - acquire_console_sem(); newvt = vc->vt_newvt; vc->vt_newvt = -1; i = vc_allocate(newvt); @@ -798,7 +798,6 @@ int vt_ioctl(struct tty_struct *tty, struct file * file, * other console switches.. */ complete_change_console(vc_cons[newvt].d); - release_console_sem(); } } @@ -810,9 +809,12 @@ int vt_ioctl(struct tty_struct *tty, struct file * file, /* * If it's just an ACK, ignore it */ - if (arg != VT_ACKACQ) + if (arg != VT_ACKACQ) { + release_console_sem(); return -EINVAL; + } } + release_console_sem(); return 0;