Hello, We found a data race on kbd->ledflagstate that could happen between set_vc_kbd_led() and vt_do_kdskled(). The interleaving is shown below. Writer(set_vc_kbd_led()) Reader(vt_do_kdskled()) case KDGKBLED: spin_lock_irqsave(&kbd_event_lock, flags); ucval = kb->ledflagstate | (kb->default_ledflagstate << 4); // led_lock grabbed kbd->ledflagstate |= 1 << flag; spin_unlock_irqrestore(&kbd_event_lock, flags); return put_user(ucval, (char __user *)arg); This data race can cause the out-of-date ledflagstate being returned to the user, although it is not serious. But another reading spot for kbd->ledflagstate in getleds() is protected by the led_lock, maybe vt_do_kdskled could also grab led_lock for case KDGKBLED. Thanks, Sishuai
