tty: fix BKL related leak and crash

Enabling the BKL to be lockdep tracked uncovered the following upstream kernel bug in the tty code, which caused a BKL reference leak: ================================================ [ BUG: lock held when returning to user space! ] ------------------------------------------------ dmesg/3121 is leaving the kernel with locks still held! 1 lock held by dmesg/3121: #0: (kernel_mutex){--..}, at: [<c02f34d9>] opost+0x24/0x194 this might explain some of the atomicity warnings and crashes that -tip tree testing has been experiencing since the BKL was converted back to a spinlock. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

tty: fix BKL related leak and crash
Enabling the BKL to be lockdep tracked uncovered the following upstream kernel bug in the tty code, which caused a BKL reference leak: ================================================ [ BUG: lock held when returning to user space! ] ------------------------------------------------ dmesg/3121 is leaving the kernel with locks still held! 1 lock held by dmesg/3121: #0: (kernel_mutex){--..}, at: [<c02f34d9>] opost+0x24/0x194 this might explain some of the atomicity warnings and crashes that -tip tree testing has been experiencing since the BKL was converted back to a spinlock. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ingo Molnar · Linus Torvalds
1 parent 8568dae21e
Showing 1 changed file with 10 additions and 3 deletions Side-by-side Diff
drivers/char/n_tty.c
@@ -282,16 +282,20 @@
 			if (O_ONLRET(tty))
 				tty->column = 0;
 			if (O_ONLCR(tty)) {
-				if (space < 2)
+				if (space < 2) {
+					unlock_kernel();
 					return -1;
+				}
 				tty_put_char(tty, '\r');
 				tty->column = 0;
 			}
 			tty->canon_column = tty->column;
 			break;
 		case '\r':
-			if (O_ONOCR(tty) && tty->column == 0)
+			if (O_ONOCR(tty) && tty->column == 0) {
+				unlock_kernel();
 				return 0;
+			}
 			if (O_OCRNL(tty)) {
 				c = '\n';
 				if (O_ONLRET(tty))
  
  
@@ -303,10 +307,13 @@
 		case '\t':
 			spaces = 8 - (tty->column & 7);
 			if (O_TABDLY(tty) == XTABS) {
-				if (space < spaces)
+				if (space < spaces) {
+					unlock_kernel();
 					return -1;
+				}
 				tty->column += spaces;
 				tty->ops->write(tty, "        ", spaces);
+				unlock_kernel();
 				return 0;
 			}
 			tty->column += spaces;
...	...	@@ -282,16 +282,20 @@
282	282	if (O_ONLRET(tty))
283	283	tty->column = 0;
284	284	if (O_ONLCR(tty)) {
285		- if (space < 2)
	285	+ if (space < 2) {
	286	+ unlock_kernel();
286	287	return -1;
	288	+ }
287	289	tty_put_char(tty, '\r');
288	290	tty->column = 0;
289	291	}
290	292	tty->canon_column = tty->column;
291	293	break;
292	294	case '\r':
293		- if (O_ONOCR(tty) && tty->column == 0)
	295	+ if (O_ONOCR(tty) && tty->column == 0) {
	296	+ unlock_kernel();
294	297	return 0;
	298	+ }
295	299	if (O_OCRNL(tty)) {
296	300	c = '\n';
297	301	if (O_ONLRET(tty))
298	302
299	303
...	...	@@ -303,10 +307,13 @@
303	307	case '\t':
304	308	spaces = 8 - (tty->column & 7);
305	309	if (O_TABDLY(tty) == XTABS) {
306		- if (space < spaces)
	310	+ if (space < spaces) {
	311	+ unlock_kernel();
307	312	return -1;
	313	+ }
308	314	tty->column += spaces;
309	315	tty->ops->write(tty, " ", spaces);
	316	+ unlock_kernel();
310	317	return 0;
311	318	}
312	319	tty->column += spaces;