Alan,
Thank you, updated fix (tested on bits based on commit
bdc0077af574800d24318b6945cf2344e8dbb050) is attached.
Is this correct now?
Thanks and regards,
-Stanislav Kozina
You mean call to tty_put_user(), correct? Thanks for this catch.
So what about to unlock the lock for this time? Because we need to hold
the lock while checking tty->read_cnt in the while loop condition, correct?
I think you are right on that yes.
Alan
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
index ee1c268..54d1fc5 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -1832,13 +1832,13 @@ do_it_again:
if (tty->icanon && !L_EXTPROC(tty)) {
/* N.B. avoid overrun if nr == 0 */
+ spin_lock_irqsave(&tty->read_lock, flags);
while (nr && tty->read_cnt) {
int eol;
eol = test_and_clear_bit(tty->read_tail,
tty->read_flags);
c = tty->read_buf[tty->read_tail];
- spin_lock_irqsave(&tty->read_lock, flags);
tty->read_tail = ((tty->read_tail+1) &
(N_TTY_BUF_SIZE-1));
tty->read_cnt--;
@@ -1864,6 +1864,7 @@ do_it_again:
tty_audit_push(tty);
break;
}
+ spin_lock_irqsave(&tty->read_lock, flags);
}
if (retval)
break;
