The patch titled
vt: Make vt_pid a struct pid (making it pid wrap around safe).
has been added to the -mm tree. Its filename is
vt-make-vt_pid-a-struct-pid-making-it-pid-wrap-around-safe.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: vt: Make vt_pid a struct pid (making it pid wrap around safe).
From: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
I took a good hard look at the locking and it appears the locking on vt_pid
is the console semaphore. Every modified path is called under the console
semaphore except reset_vc when it is called from fn_SAK or do_SAK both of
which appear to be in interrupt context. In addition I need to be careful
because in the presence of an oops the console_sem may be arbitrarily
dropped.
Which leads me to conclude the current locking is inadequate for my needs.
Given the weird cases we could hit because of oops printing instead of
introducing an extra spin lock to protect the data and keep the pid to
signal and the signal to send in sync, I have opted to use xchg on just the
struct pid * pointer instead.
Due to console_sem we will stay in sync between vt_pid and vt_mode except
for a small window during a SAK, or oops handling. SAK handling should
kill any user space process that care, and oops handling we are broken
anyway. Besides the worst that can happen is that I try to send the wrong
signal.
Signed-off-by: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
Cc: Oleg Nesterov <oleg@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
drivers/char/vt.c | 1 +
drivers/char/vt_ioctl.c | 8 ++++----
include/linux/console_struct.h | 2 +-
3 files changed, 6 insertions(+), 5 deletions(-)
diff -puN drivers/char/vt.c~vt-make-vt_pid-a-struct-pid-making-it-pid-wrap-around-safe drivers/char/vt.c
--- a/drivers/char/vt.c~vt-make-vt_pid-a-struct-pid-making-it-pid-wrap-around-safe
+++ a/drivers/char/vt.c
@@ -903,6 +903,7 @@ void vc_deallocate(unsigned int currcons
if (vc_cons_allocated(currcons)) {
struct vc_data *vc = vc_cons[currcons].d;
vc->vc_sw->con_deinit(vc);
+ put_pid(vc->vt_pid);
module_put(vc->vc_sw->owner);
if (vc->vc_kmalloced)
kfree(vc->vc_screenbuf);
diff -puN drivers/char/vt_ioctl.c~vt-make-vt_pid-a-struct-pid-making-it-pid-wrap-around-safe drivers/char/vt_ioctl.c
--- a/drivers/char/vt_ioctl.c~vt-make-vt_pid-a-struct-pid-making-it-pid-wrap-around-safe
+++ a/drivers/char/vt_ioctl.c
@@ -672,7 +672,7 @@ int vt_ioctl(struct tty_struct *tty, str
vc->vt_mode = tmp;
/* the frsig is ignored, so we set it to 0 */
vc->vt_mode.frsig = 0;
- vc->vt_pid = current->pid;
+ put_pid(xchg(&vc->vt_pid, get_pid(task_pid(current))));
/* no switch is required -- saw@xxxxxxxxxxxx */
vc->vt_newvt = -1;
release_console_sem();
@@ -1063,7 +1063,7 @@ void reset_vc(struct vc_data *vc)
vc->vt_mode.relsig = 0;
vc->vt_mode.acqsig = 0;
vc->vt_mode.frsig = 0;
- vc->vt_pid = -1;
+ put_pid(xchg(&vc->vt_pid, NULL));
vc->vt_newvt = -1;
if (!in_interrupt()) /* Via keyboard.c:SAK() - akpm */
reset_palette(vc);
@@ -1114,7 +1114,7 @@ static void complete_change_console(stru
* tell us if the process has gone or something else
* is awry
*/
- if (kill_proc(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) {
+ if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) {
/*
* The controlling process has died, so we revert back to
* normal operation. In this case, we'll also change back
@@ -1174,7 +1174,7 @@ void change_console(struct vc_data *new_
* tell us if the process has gone or something else
* is awry
*/
- if (kill_proc(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) {
+ if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) {
/*
* It worked. Mark the vt to switch to and
* return. The process needs to send us a
diff -puN include/linux/console_struct.h~vt-make-vt_pid-a-struct-pid-making-it-pid-wrap-around-safe include/linux/console_struct.h
--- a/include/linux/console_struct.h~vt-make-vt_pid-a-struct-pid-making-it-pid-wrap-around-safe
+++ a/include/linux/console_struct.h
@@ -54,7 +54,7 @@ struct vc_data {
struct tty_struct *vc_tty; /* TTY we are attached to */
/* data for manual vt switching */
struct vt_mode vt_mode;
- int vt_pid;
+ struct pid *vt_pid;
int vt_newvt;
wait_queue_head_t paste_wait;
/* mode flags */
_
Patches currently in -mm which might be from ebiederm@xxxxxxxxxxxx are
megaraid-use-the-proper-type-to-hold-the-irq-number.patch
x86-put-note-sections-into-a-pt_note-segment-in-vmlinux.patch
msi-use-kmem_cache_zalloc.patch
sysctl-allow-proc-sys-without-sys_sysctl.patch
sysctl-allow-proc-sys-without-sys_sysctl-fix.patch
sysctl-document-that-sys_sysctl-will-be-removed.patch
pid-implement-transfer_pid-and-use-it-to-simplify-de_thread.patch
pid-remove-temporary-debug-code-in-attach_pid.patch
de_thread-use-tsk-not-current.patch
fix-conflict-with-the-is_init-identifier-on-parisc.patch
pidspace-is_init.patch
simplify-update_times-avoid-jiffies-jiffies_64-aliasing-problem-2.patch
kexec-warning-fix.patch
kill-extraneous-printk-in-kernel_restart.patch
fix-mem_write-return-value.patch
kcore-elf-note-namesz-field-fix.patch
stack-overflow-safe-kdump-safe_smp_processor_id.patch
stack-overflow-safe-kdump-safe_smp_processor_id_voyager.patch
stack-overflow-safe-kdump-crash_use_safe_smp_processor_id.patch
stack-overflow-safe-kdump-crash_use_safe_smp_processor_id-fix.patch
stack-overflow-safe-kdump-safe_smp_send_nmi_allbutself.patch
proc-readdir-race-fix-take-3.patch
proc-readdir-race-fix-take-3-race-fix.patch
proc-reorder-the-functions-in-basec.patch
proc-modify-proc_pident_lookup-to-be-completely-table-driven.patch
proc-give-the-root-directory-a-task.patch
pid-implement-access-helpers-for-a-tacks-various-process-groups.patch
pid-add-do_each_pid_task.patch
pid-implement-signal-functions-that-take-a-struct-pid.patch
pid-export-the-symbols-needed-to-use-struct-pid.patch
pid-implement-pid_nr.patch
vt-rework-the-console-spawning-variables.patch
vt-make-vt_pid-a-struct-pid-making-it-pid-wrap-around-safe.patch
vt-update-spawnpid-to-be-a-struct-pid_t.patch
vt-update-spawnpid-to-be-a-struct-pid_t-tidy.patch
file-modify-struct-fown_struct-to-use-a-struct-pid.patch
file-modify-struct-fown_struct-to-use-a-struct-pid-fix.patch
pids-coding-style-use-struct-pidmap.patch
proc-readdir-race-fix-take-3-fix-1.patch
simplify-pid-iterators.patch
move-pidmap-to-pspaceh.patch
move-pidmap-to-pspaceh-fix.patch
define-struct-pspace.patch
proc-readdir-race-fix-take-3-fix-2.patch
update-mq_notify-to-use-a-struct-pid.patch
file-add-locking-to-f_getown.patch
usb-fixup-usb-so-it-uses-struct-pid.patch
proc-sysctl-add-_proc_do_string-helper.patch
namespaces-add-nsproxy.patch
namespaces-add-nsproxy-move-init_nsproxy-into-kernel-nsproxyc.patch
namespaces-incorporate-fs-namespace-into-nsproxy.patch
namespaces-incorporate-fs-namespace-into-nsproxy-whitespace.patch
namespaces-utsname-introduce-temporary-helpers.patch
namespaces-utsname-switch-to-using-uts-namespaces.patch
namespaces-utsname-use-init_utsname-when-appropriate.patch
namespaces-utsname-implement-utsname-namespaces.patch
namespaces-utsname-sysctl-hack.patch
namespaces-utsname-remove-system_utsname.patch
namespaces-utsname-implement-clone_newuts-flag.patch
uts-copy-nsproxy-only-when-needed.patch
namespaces-utsname-switch-to-using-uts-namespaces-klibc-bit.patch
namespaces-utsname-use-init_utsname-when-appropriate-klibc-bit.patch
namespaces-utsname-switch-to-using-uts-namespaces-klibc-bit-2.patch
ipc-namespace-core.patch
ipc-namespace-utils.patch
proc-make-the-generation-of-the-self-symlink-table-driven.patch
proc-factor-out-an-instantiate-method-from-every-lookup-method.patch
proc-remove-the-hard-coded-inode-numbers.patch
proc-merge-proc_tid_attr-and-proc_tgid_attr.patch
proc-use-pid_task-instead-of-open-coding-it.patch
proc-convert-task_sig-to-use-lock_task_sighand.patch
proc-convert-do_task_stat-to-use-lock_task_sighand.patch
proc-drop-tasklist-lock-in-task_state.patch
proc-properly-compute-tgid_offset.patch
proc-remove-trailing-blank-entry-from-pid_entry-arrays.patch
proc-remove-the-useless-smp-safe-comments-from-proc.patch
proc-comment-what-proc_fill_cache-does.patch
genirq-irq-convert-the-move_irq-flag-from-a-32bit-word-to-a-single-bit.patch
genirq-irq-add-moved_masked_irq.patch
genirq-x86_64-irq-reenable-migrating-irqs-to-other-cpus.patch
genirq-msi-simplify-msi-enable-and-disable.patch
genirq-msi-make-the-msi-boolean-tests-return-either-0-or-1.patch
genirq-msi-implement-helper-functions-read_msi_msg-and-write_msi_msg.patch
genirq-msi-refactor-the-msi_ops.patch
genirq-msi-simplify-the-msi-irq-limit-policy.patch
genirq-irq-add-a-dynamic-irq-creation-api.patch
genirq-ia64-irq-dynamic-irq-support.patch
genirq-i386-irq-dynamic-irq-support.patch
genirq-x86_64-irq-dynamic-irq-support.patch
genirq-msi-make-the-msi-code-irq-based-and-not-vector-based.patch
genirq-x86_64-irq-move-msi-message-composition-into-io_apicc.patch
genirq-i386-irq-move-msi-message-composition-into-io_apicc.patch
genirq-msi-only-build-msi-apicc-on-ia64.patch
genirq-msi-only-build-msi-apicc-on-ia64-fix.patch
genirq-x86_64-irq-remove-the-msi-assumption-that-irq-==-vector.patch
genirq-i386-irq-remove-the-msi-assumption-that-irq-==-vector.patch
genirq-irq-remove-msi-hacks.patch
genirq-irq-generalize-the-check-for-hardirq_bits.patch
genirq-x86_64-irq-make-the-external-irq-handlers-report-their-vector-not-the-irq-number.patch
genirq-x86_64-irq-make-vector_irq-per-cpu.patch
genirq-x86_64-irq-make-vector_irq-per-cpu-fix.patch
genirq-x86_64-irq-make-vector_irq-per-cpu-warning-fix.patch
genirq-x86_64-irq-kill-gsi_irq_sharing.patch
genirq-x86_64-irq-kill-irq-compression.patch
add-hypertransport-capability-defines.patch
add-hypertransport-capability-defines-fix.patch
initial-generic-hypertransport-interrupt-support.patch
initial-generic-hypertransport-interrupt-support-Kconfig-fix.patch
pidhash-temporary-debug-checks.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
