tty: Add a kref count
Introduce a kref to the tty structure and use it to protect the tty->signal tty references. For now we don't introduce it for anything else. Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
348eb12e55
commit
9c9f4ded90
4 changed files with 71 additions and 10 deletions
|
@ -559,6 +559,7 @@ static void do_tty_hangup(struct work_struct *work)
|
||||||
struct tty_ldisc *ld;
|
struct tty_ldisc *ld;
|
||||||
int closecount = 0, n;
|
int closecount = 0, n;
|
||||||
unsigned long flags;
|
unsigned long flags;
|
||||||
|
int refs = 0;
|
||||||
|
|
||||||
if (!tty)
|
if (!tty)
|
||||||
return;
|
return;
|
||||||
|
@ -625,8 +626,12 @@ static void do_tty_hangup(struct work_struct *work)
|
||||||
if (tty->session) {
|
if (tty->session) {
|
||||||
do_each_pid_task(tty->session, PIDTYPE_SID, p) {
|
do_each_pid_task(tty->session, PIDTYPE_SID, p) {
|
||||||
spin_lock_irq(&p->sighand->siglock);
|
spin_lock_irq(&p->sighand->siglock);
|
||||||
if (p->signal->tty == tty)
|
if (p->signal->tty == tty) {
|
||||||
p->signal->tty = NULL;
|
p->signal->tty = NULL;
|
||||||
|
/* We defer the dereferences outside fo
|
||||||
|
the tasklist lock */
|
||||||
|
refs++;
|
||||||
|
}
|
||||||
if (!p->signal->leader) {
|
if (!p->signal->leader) {
|
||||||
spin_unlock_irq(&p->sighand->siglock);
|
spin_unlock_irq(&p->sighand->siglock);
|
||||||
continue;
|
continue;
|
||||||
|
@ -652,6 +657,10 @@ static void do_tty_hangup(struct work_struct *work)
|
||||||
tty->ctrl_status = 0;
|
tty->ctrl_status = 0;
|
||||||
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
|
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
|
||||||
|
|
||||||
|
/* Account for the p->signal references we killed */
|
||||||
|
while (refs--)
|
||||||
|
tty_kref_put(tty);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If one of the devices matches a console pointer, we
|
* If one of the devices matches a console pointer, we
|
||||||
* cannot just call hangup() because that will cause
|
* cannot just call hangup() because that will cause
|
||||||
|
@ -1424,6 +1433,7 @@ static int init_dev(struct tty_driver *driver, int idx,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* release_one_tty - release tty structure memory
|
* release_one_tty - release tty structure memory
|
||||||
|
* @kref: kref of tty we are obliterating
|
||||||
*
|
*
|
||||||
* Releases memory associated with a tty structure, and clears out the
|
* Releases memory associated with a tty structure, and clears out the
|
||||||
* driver table slots. This function is called when a device is no longer
|
* driver table slots. This function is called when a device is no longer
|
||||||
|
@ -1433,17 +1443,19 @@ static int init_dev(struct tty_driver *driver, int idx,
|
||||||
* tty_mutex - sometimes only
|
* tty_mutex - sometimes only
|
||||||
* takes the file list lock internally when working on the list
|
* takes the file list lock internally when working on the list
|
||||||
* of ttys that the driver keeps.
|
* of ttys that the driver keeps.
|
||||||
* FIXME: should we require tty_mutex is held here ??
|
|
||||||
*/
|
*/
|
||||||
static void release_one_tty(struct tty_struct *tty, int idx)
|
static void release_one_tty(struct kref *kref)
|
||||||
{
|
{
|
||||||
|
struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
|
||||||
int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
|
int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
|
||||||
struct ktermios *tp;
|
struct ktermios *tp;
|
||||||
|
int idx = tty->index;
|
||||||
|
|
||||||
if (!devpts)
|
if (!devpts)
|
||||||
tty->driver->ttys[idx] = NULL;
|
tty->driver->ttys[idx] = NULL;
|
||||||
|
|
||||||
if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
|
if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
|
||||||
|
/* FIXME: Locking on ->termios array */
|
||||||
tp = tty->termios;
|
tp = tty->termios;
|
||||||
if (!devpts)
|
if (!devpts)
|
||||||
tty->driver->termios[idx] = NULL;
|
tty->driver->termios[idx] = NULL;
|
||||||
|
@ -1457,6 +1469,7 @@ static void release_one_tty(struct tty_struct *tty, int idx)
|
||||||
|
|
||||||
|
|
||||||
tty->magic = 0;
|
tty->magic = 0;
|
||||||
|
/* FIXME: locking on tty->driver->refcount */
|
||||||
tty->driver->refcount--;
|
tty->driver->refcount--;
|
||||||
|
|
||||||
file_list_lock();
|
file_list_lock();
|
||||||
|
@ -1466,6 +1479,21 @@ static void release_one_tty(struct tty_struct *tty, int idx)
|
||||||
free_tty_struct(tty);
|
free_tty_struct(tty);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* tty_kref_put - release a tty kref
|
||||||
|
* @tty: tty device
|
||||||
|
*
|
||||||
|
* Release a reference to a tty device and if need be let the kref
|
||||||
|
* layer destruct the object for us
|
||||||
|
*/
|
||||||
|
|
||||||
|
void tty_kref_put(struct tty_struct *tty)
|
||||||
|
{
|
||||||
|
if (tty)
|
||||||
|
kref_put(&tty->kref, release_one_tty);
|
||||||
|
}
|
||||||
|
EXPORT_SYMBOL(tty_kref_put);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* release_tty - release tty structure memory
|
* release_tty - release tty structure memory
|
||||||
*
|
*
|
||||||
|
@ -1477,14 +1505,20 @@ static void release_one_tty(struct tty_struct *tty, int idx)
|
||||||
* takes the file list lock internally when working on the list
|
* takes the file list lock internally when working on the list
|
||||||
* of ttys that the driver keeps.
|
* of ttys that the driver keeps.
|
||||||
* FIXME: should we require tty_mutex is held here ??
|
* FIXME: should we require tty_mutex is held here ??
|
||||||
|
*
|
||||||
|
* FIXME: We want to defer the module put of the driver to the
|
||||||
|
* destructor.
|
||||||
*/
|
*/
|
||||||
static void release_tty(struct tty_struct *tty, int idx)
|
static void release_tty(struct tty_struct *tty, int idx)
|
||||||
{
|
{
|
||||||
struct tty_driver *driver = tty->driver;
|
struct tty_driver *driver = tty->driver;
|
||||||
|
|
||||||
|
/* This should always be true but check for the moment */
|
||||||
|
WARN_ON(tty->index != idx);
|
||||||
|
|
||||||
if (tty->link)
|
if (tty->link)
|
||||||
release_one_tty(tty->link, idx);
|
tty_kref_put(tty->link);
|
||||||
release_one_tty(tty, idx);
|
tty_kref_put(tty);
|
||||||
module_put(driver->owner);
|
module_put(driver->owner);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2798,6 +2832,7 @@ EXPORT_SYMBOL(do_SAK);
|
||||||
static void initialize_tty_struct(struct tty_struct *tty)
|
static void initialize_tty_struct(struct tty_struct *tty)
|
||||||
{
|
{
|
||||||
memset(tty, 0, sizeof(struct tty_struct));
|
memset(tty, 0, sizeof(struct tty_struct));
|
||||||
|
kref_init(&tty->kref);
|
||||||
tty->magic = TTY_MAGIC;
|
tty->magic = TTY_MAGIC;
|
||||||
tty_ldisc_init(tty);
|
tty_ldisc_init(tty);
|
||||||
tty->session = NULL;
|
tty->session = NULL;
|
||||||
|
@ -3053,9 +3088,12 @@ EXPORT_SYMBOL(tty_devnum);
|
||||||
|
|
||||||
void proc_clear_tty(struct task_struct *p)
|
void proc_clear_tty(struct task_struct *p)
|
||||||
{
|
{
|
||||||
|
struct tty_struct *tty;
|
||||||
spin_lock_irq(&p->sighand->siglock);
|
spin_lock_irq(&p->sighand->siglock);
|
||||||
|
tty = p->signal->tty;
|
||||||
p->signal->tty = NULL;
|
p->signal->tty = NULL;
|
||||||
spin_unlock_irq(&p->sighand->siglock);
|
spin_unlock_irq(&p->sighand->siglock);
|
||||||
|
tty_kref_put(tty);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Called under the sighand lock */
|
/* Called under the sighand lock */
|
||||||
|
@ -3071,9 +3109,13 @@ static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
|
||||||
tty->pgrp = get_pid(task_pgrp(tsk));
|
tty->pgrp = get_pid(task_pgrp(tsk));
|
||||||
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
|
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
|
||||||
tty->session = get_pid(task_session(tsk));
|
tty->session = get_pid(task_session(tsk));
|
||||||
|
if (tsk->signal->tty) {
|
||||||
|
printk(KERN_DEBUG "tty not NULL!!\n");
|
||||||
|
tty_kref_put(tsk->signal->tty);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
put_pid(tsk->signal->tty_old_pgrp);
|
put_pid(tsk->signal->tty_old_pgrp);
|
||||||
tsk->signal->tty = tty;
|
tsk->signal->tty = tty_kref_get(tty);
|
||||||
tsk->signal->tty_old_pgrp = NULL;
|
tsk->signal->tty_old_pgrp = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -209,6 +209,7 @@ struct tty_operations;
|
||||||
|
|
||||||
struct tty_struct {
|
struct tty_struct {
|
||||||
int magic;
|
int magic;
|
||||||
|
struct kref kref;
|
||||||
struct tty_driver *driver;
|
struct tty_driver *driver;
|
||||||
const struct tty_operations *ops;
|
const struct tty_operations *ops;
|
||||||
int index;
|
int index;
|
||||||
|
@ -311,6 +312,23 @@ extern int kmsg_redirect;
|
||||||
extern void console_init(void);
|
extern void console_init(void);
|
||||||
extern int vcs_init(void);
|
extern int vcs_init(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* tty_kref_get - get a tty reference
|
||||||
|
* @tty: tty device
|
||||||
|
*
|
||||||
|
* Return a new reference to a tty object. The caller must hold
|
||||||
|
* sufficient locks/counts to ensure that their existing reference cannot
|
||||||
|
* go away
|
||||||
|
*/
|
||||||
|
|
||||||
|
extern inline struct tty_struct *tty_kref_get(struct tty_struct *tty)
|
||||||
|
{
|
||||||
|
if (tty)
|
||||||
|
kref_get(&tty->kref);
|
||||||
|
return tty;
|
||||||
|
}
|
||||||
|
extern void tty_kref_put(struct tty_struct *tty);
|
||||||
|
|
||||||
extern int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
|
extern int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
|
||||||
const char *routine);
|
const char *routine);
|
||||||
extern char *tty_name(struct tty_struct *tty, char *buf);
|
extern char *tty_name(struct tty_struct *tty, char *buf);
|
||||||
|
|
|
@ -802,6 +802,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
|
||||||
|
|
||||||
sig->leader = 0; /* session leadership doesn't inherit */
|
sig->leader = 0; /* session leadership doesn't inherit */
|
||||||
sig->tty_old_pgrp = NULL;
|
sig->tty_old_pgrp = NULL;
|
||||||
|
sig->tty = NULL;
|
||||||
|
|
||||||
sig->utime = sig->stime = sig->cutime = sig->cstime = cputime_zero;
|
sig->utime = sig->stime = sig->cutime = sig->cstime = cputime_zero;
|
||||||
sig->gtime = cputime_zero;
|
sig->gtime = cputime_zero;
|
||||||
|
@ -838,6 +839,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
|
||||||
void __cleanup_signal(struct signal_struct *sig)
|
void __cleanup_signal(struct signal_struct *sig)
|
||||||
{
|
{
|
||||||
exit_thread_group_keys(sig);
|
exit_thread_group_keys(sig);
|
||||||
|
tty_kref_put(sig->tty);
|
||||||
kmem_cache_free(signal_cachep, sig);
|
kmem_cache_free(signal_cachep, sig);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1227,7 +1229,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
|
||||||
p->nsproxy->pid_ns->child_reaper = p;
|
p->nsproxy->pid_ns->child_reaper = p;
|
||||||
|
|
||||||
p->signal->leader_pid = pid;
|
p->signal->leader_pid = pid;
|
||||||
p->signal->tty = current->signal->tty;
|
tty_kref_put(p->signal->tty);
|
||||||
|
p->signal->tty = tty_kref_get(current->signal->tty);
|
||||||
set_task_pgrp(p, task_pgrp_nr(current));
|
set_task_pgrp(p, task_pgrp_nr(current));
|
||||||
set_task_session(p, task_session_nr(current));
|
set_task_session(p, task_session_nr(current));
|
||||||
attach_pid(p, PIDTYPE_PGID, task_pgrp(current));
|
attach_pid(p, PIDTYPE_PGID, task_pgrp(current));
|
||||||
|
|
|
@ -1060,9 +1060,7 @@ asmlinkage long sys_setsid(void)
|
||||||
group_leader->signal->leader = 1;
|
group_leader->signal->leader = 1;
|
||||||
__set_special_pids(sid);
|
__set_special_pids(sid);
|
||||||
|
|
||||||
spin_lock(&group_leader->sighand->siglock);
|
proc_clear_tty(group_leader);
|
||||||
group_leader->signal->tty = NULL;
|
|
||||||
spin_unlock(&group_leader->sighand->siglock);
|
|
||||||
|
|
||||||
err = session;
|
err = session;
|
||||||
out:
|
out:
|
||||||
|
|
Loading…
Reference in a new issue