On Tuesday 07 May 2013, Jiri Slaby wrote:
> From: "sal...@us.ibm.com" <sal...@us.ibm.com>
>
> The patch fixes a problem in the lp driver that can cause oopses as
> follows:
> process A: calls lp_write, which in turn calls
> parport_ieee1284_write_compat, and that invokes
> parport_wait_peripheral
> process B: meanwhile does an ioctl(LPGETSTATUS), which call
> lp_release_parport when done. This function will set
> physport->cad = NULL.
> process A: parport_wait_peripheral tries to dereference
> physport->cad and dies
>
> So, protect that code with the port_mutex in order to protect against
> simultaneous calls to lp_read/lp_write.
>
> Similar protection is probably required for ioctl(LPRESET)...
>
> This patch was done by IBM a while back and we (at suse) have that
> since at least 2004 in our repos. Let's make it upstream.
Hmm, it seems the driver has changed a bit since 2004, at least when
I added the lp_mutex to lp_open()/lp_ioctl(). It's probably worth
taking a look at the bigger picture now, to combine lp_mutex with
lp_table[minor].port_mutex. I don't see any reason why we can't always
use the per-device mutex. The only shared variable is the lp_count
number, and that is not protected under lp_mutex today, and presumably
not updated at run time either.
Arnd
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
