[PATCH] fix a bug in 2.4.9 drivers/char/console.c, vc_disallocate()

[PATCH] fix a bug in 2.4.9 drivers/char/console.c, vc_disallocate()

[Jani Jaakkola]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 1268 bytes --]


I have made myself a Linux console aware getty program, which allocates
and disallocates console ttys on the fly when users login and logout. It
exposed a bug ioctl(/dev/console,VT_DISALLOCATE) with SMP machines (or at
least, I could reproduce it only in a SMP machine). It turned out,
that vc_disallocate() misses spin_lock_irq(&console_lock). It seems that
nobody but me actually uses VT_DISALLOCATE..

If you have a SMP machine, you can reproduce the bug and CRASH YOUR KERNEL
(so don't do it, if you don't want to crash your kernel) by running the
following program as root in /dev/tty1 a few times (assuming you have
nothing running in tty11):

#include <unistd.h>
#include <sys/ioctl.h>
#include <fcntl.h>
#include <linux/vt.h>

int main() {
        int console_fd=open("/dev/console",O_WRONLY);
        int i;
        for (i=0; i<100; i++) {
                int ttyfd=open("/dev/tty11",O_WRONLY);
                write(ttyfd,"blah",5);
                ioctl(console_fd,VT_ACTIVATE,11);
                close(ttyfd);
                ioctl(console_fd,VT_ACTIVATE,1);
                ioctl(console_fd,VT_DISALLOCATE,11);
        }

}

A trivial patch against drivers/char/console.c is included. Please CC your
comments to me, since I am not on the list.

- Jani


[-- Attachment #2: Type: TEXT/PLAIN, Size: 435 bytes --]

--- console.c.orig	Tue Aug 21 18:31:03 2001
+++ console.c	Tue Aug 21 18:31:35 2001
@@ -780,6 +780,7 @@
 
 void vc_disallocate(unsigned int currcons)
 {
+	spin_lock_irq(&console_lock);
 	if (vc_cons_allocated(currcons)) {
 	    sw->con_deinit(vc_cons[currcons].d);
 	    if (kmalloced)
@@ -788,6 +789,7 @@
 		kfree(vc_cons[currcons].d);
 	    vc_cons[currcons].d = NULL;
 	}
+	spin_unlock_irq(&console_lock);
 }
 
 /*