commit 54ad64129cc166b9eec7151f3f9fc83589e33555 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[S390] 3270: fix race with stack local wait_queue_head_t.

A wait_event call with a stack local wait_queue_head_t structure that is
used to do the wake up for the wait_event is inherently racy. After the
wait_event finished the wake_up call might not have completed yet.
Remove the stack local wait_queue_head_t from raw3270_start_init and
use the global raw3270_wait_queue instead.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

Martin Schwidefsky 17 years ago 54ad6412 c80ee724

+4 -5

1 changed file

expand all

unified split

drivers

s390

char

raw3270.c

+4 -5

drivers/s390/char/raw3270.c

··· 549 struct raw3270_request *rq) 550 { 551 unsigned long flags; 552 - wait_queue_head_t wq; 553 int rc; 554 555 #ifdef CONFIG_TN3270_CONSOLE ··· 565 return rq->rc; 566 } 567 #endif 568 - init_waitqueue_head(&wq); 569 rq->callback = raw3270_wake_init; 570 - rq->callback_data = &wq; 571 spin_lock_irqsave(get_ccwdev_lock(view->dev->cdev), flags); 572 rc = __raw3270_start(rp, view, rq); 573 spin_unlock_irqrestore(get_ccwdev_lock(view->dev->cdev), flags); 574 if (rc) 575 return rc; 576 /* Now wait for the completion. */ 577 - rc = wait_event_interruptible(wq, raw3270_request_final(rq)); 578 if (rc == -ERESTARTSYS) { /* Interrupted by a signal. */ 579 raw3270_halt_io(view->dev, rq); 580 /* No wait for the halt to complete. */ 581 - wait_event(wq, raw3270_request_final(rq)); 582 return -ERESTARTSYS; 583 } 584 return rq->rc;

··· 549 struct raw3270_request *rq) 550 { 551 unsigned long flags; 552 int rc; 553 554 #ifdef CONFIG_TN3270_CONSOLE ··· 566 return rq->rc; 567 } 568 #endif 569 rq->callback = raw3270_wake_init; 570 + rq->callback_data = &raw3270_wait_queue; 571 spin_lock_irqsave(get_ccwdev_lock(view->dev->cdev), flags); 572 rc = __raw3270_start(rp, view, rq); 573 spin_unlock_irqrestore(get_ccwdev_lock(view->dev->cdev), flags); 574 if (rc) 575 return rc; 576 /* Now wait for the completion. */ 577 + rc = wait_event_interruptible(raw3270_wait_queue, 578 + raw3270_request_final(rq)); 579 if (rc == -ERESTARTSYS) { /* Interrupted by a signal. */ 580 raw3270_halt_io(view->dev, rq); 581 /* No wait for the halt to complete. */ 582 + wait_event(raw3270_wait_queue, raw3270_request_final(rq)); 583 return -ERESTARTSYS; 584 } 585 return rq->rc;