• Paul Fulghum's avatar
    [PATCH] ptmx: fix duplicate idr_remove · 9453a5ad
    Paul Fulghum authored
    Remove duplicate call to idr_remove() in ptmx_open.
    
    Error during open can result in call to release_dev() followed by call to
    idr_remove().  release_dev already calls idr_remove so the second call can
    cause a stack dump in idr_remove()->sub_remove() flagging an attempt to
    release an already released entry.
    
    I reproduces this on a machine with a misconfigured X server (attempting to
    restart multiple times rapidly) getting the same error as the 1st link
    below.
    
    This also seems to be related to:
    http://marc.theaimsgroup.com/?l=selinux&m=110536513426735&w=2
    http://marc.theaimsgroup.com/?l=selinux&m=110596994916785&w=2
    
    The stack dump can occur on close (as well as open) as shown
    in the 1st instance above, possible from something like:
    
    process A - open (index=0), open fail to out1,
      release_dev calls idr_remove (index 0), down(sem) sleeps
    process B - open (index=0), open OK (idr allocated)
    process A - wake and call idr_remove on index 0
    ...
    process B - close, release_dev, stack dump on idr_remove (index=0)
      because entry already removed
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    9453a5ad
tty_io.c 81.3 KB