From: Michal Januszewski Date: Thu, 19 Apr 2007 20:34:50 +0000 (-0400) Subject: vt: fix potential race in VT_WAITACTIVE handler X-Git-Tag: v2.6.20.11~13 X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=93c27c733bcab7cc19cc77dc5fb8b605921adf59;p=karo-tx-linux.git vt: fix potential race in VT_WAITACTIVE handler [PATCH] vt: fix potential race in VT_WAITACTIVE handler On a multiprocessor machine the VT_WAITACTIVE ioctl call may return 0 if fg_console has already been updated in redraw_screen() but the console switch itself hasn't been completed. Fix this by checking fg_console in vt_waitactive() with the console sem held. Signed-off-by: Michal Januszewski Acked-by: Antonino Daplas Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Cc: Chuck Ebbert Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/char/vt_ioctl.c b/drivers/char/vt_ioctl.c index dc8368ebb1ac..60740a19cb54 100644 --- a/drivers/char/vt_ioctl.c +++ b/drivers/char/vt_ioctl.c @@ -1038,10 +1038,22 @@ int vt_waitactive(int vt) add_wait_queue(&vt_activate_queue, &wait); for (;;) { - set_current_state(TASK_INTERRUPTIBLE); retval = 0; - if (vt == fg_console) + + /* + * Synchronize with redraw_screen(). By acquiring the console + * semaphore we make sure that the console switch is completed + * before we return. If we didn't wait for the semaphore, we + * could return at a point where fg_console has already been + * updated, but the console switch hasn't been completed. + */ + acquire_console_sem(); + set_current_state(TASK_INTERRUPTIBLE); + if (vt == fg_console) { + release_console_sem(); break; + } + release_console_sem(); retval = -EINTR; if (signal_pending(current)) break;