Commit 9c9f4ded authored by Alan Cox's avatar Alan Cox Committed by Linus Torvalds

tty: Add a kref count

Introduce a kref to the tty structure and use it to protect the tty->signal
tty references. For now we don't introduce it for anything else.
Signed-off-by: default avatarAlan Cox <alan@redhat.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 348eb12e
...@@ -559,6 +559,7 @@ static void do_tty_hangup(struct work_struct *work) ...@@ -559,6 +559,7 @@ static void do_tty_hangup(struct work_struct *work)
struct tty_ldisc *ld; struct tty_ldisc *ld;
int closecount = 0, n; int closecount = 0, n;
unsigned long flags; unsigned long flags;
int refs = 0;
if (!tty) if (!tty)
return; return;
...@@ -625,8 +626,12 @@ static void do_tty_hangup(struct work_struct *work) ...@@ -625,8 +626,12 @@ static void do_tty_hangup(struct work_struct *work)
if (tty->session) { if (tty->session) {
do_each_pid_task(tty->session, PIDTYPE_SID, p) { do_each_pid_task(tty->session, PIDTYPE_SID, p) {
spin_lock_irq(&p->sighand->siglock); spin_lock_irq(&p->sighand->siglock);
if (p->signal->tty == tty) if (p->signal->tty == tty) {
p->signal->tty = NULL; p->signal->tty = NULL;
/* We defer the dereferences outside fo
the tasklist lock */
refs++;
}
if (!p->signal->leader) { if (!p->signal->leader) {
spin_unlock_irq(&p->sighand->siglock); spin_unlock_irq(&p->sighand->siglock);
continue; continue;
...@@ -652,6 +657,10 @@ static void do_tty_hangup(struct work_struct *work) ...@@ -652,6 +657,10 @@ static void do_tty_hangup(struct work_struct *work)
tty->ctrl_status = 0; tty->ctrl_status = 0;
spin_unlock_irqrestore(&tty->ctrl_lock, flags); spin_unlock_irqrestore(&tty->ctrl_lock, flags);
/* Account for the p->signal references we killed */
while (refs--)
tty_kref_put(tty);
/* /*
* If one of the devices matches a console pointer, we * If one of the devices matches a console pointer, we
* cannot just call hangup() because that will cause * cannot just call hangup() because that will cause
...@@ -1424,6 +1433,7 @@ static int init_dev(struct tty_driver *driver, int idx, ...@@ -1424,6 +1433,7 @@ static int init_dev(struct tty_driver *driver, int idx,
/** /**
* release_one_tty - release tty structure memory * release_one_tty - release tty structure memory
* @kref: kref of tty we are obliterating
* *
* Releases memory associated with a tty structure, and clears out the * Releases memory associated with a tty structure, and clears out the
* driver table slots. This function is called when a device is no longer * driver table slots. This function is called when a device is no longer
...@@ -1433,17 +1443,19 @@ static int init_dev(struct tty_driver *driver, int idx, ...@@ -1433,17 +1443,19 @@ static int init_dev(struct tty_driver *driver, int idx,
* tty_mutex - sometimes only * tty_mutex - sometimes only
* takes the file list lock internally when working on the list * takes the file list lock internally when working on the list
* of ttys that the driver keeps. * of ttys that the driver keeps.
* FIXME: should we require tty_mutex is held here ??
*/ */
static void release_one_tty(struct tty_struct *tty, int idx) static void release_one_tty(struct kref *kref)
{ {
struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM; int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
struct ktermios *tp; struct ktermios *tp;
int idx = tty->index;
if (!devpts) if (!devpts)
tty->driver->ttys[idx] = NULL; tty->driver->ttys[idx] = NULL;
if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) { if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
/* FIXME: Locking on ->termios array */
tp = tty->termios; tp = tty->termios;
if (!devpts) if (!devpts)
tty->driver->termios[idx] = NULL; tty->driver->termios[idx] = NULL;
...@@ -1457,6 +1469,7 @@ static void release_one_tty(struct tty_struct *tty, int idx) ...@@ -1457,6 +1469,7 @@ static void release_one_tty(struct tty_struct *tty, int idx)
tty->magic = 0; tty->magic = 0;
/* FIXME: locking on tty->driver->refcount */
tty->driver->refcount--; tty->driver->refcount--;
file_list_lock(); file_list_lock();
...@@ -1466,6 +1479,21 @@ static void release_one_tty(struct tty_struct *tty, int idx) ...@@ -1466,6 +1479,21 @@ static void release_one_tty(struct tty_struct *tty, int idx)
free_tty_struct(tty); free_tty_struct(tty);
} }
/**
* tty_kref_put - release a tty kref
* @tty: tty device
*
* Release a reference to a tty device and if need be let the kref
* layer destruct the object for us
*/
void tty_kref_put(struct tty_struct *tty)
{
if (tty)
kref_put(&tty->kref, release_one_tty);
}
EXPORT_SYMBOL(tty_kref_put);
/** /**
* release_tty - release tty structure memory * release_tty - release tty structure memory
* *
...@@ -1477,14 +1505,20 @@ static void release_one_tty(struct tty_struct *tty, int idx) ...@@ -1477,14 +1505,20 @@ static void release_one_tty(struct tty_struct *tty, int idx)
* takes the file list lock internally when working on the list * takes the file list lock internally when working on the list
* of ttys that the driver keeps. * of ttys that the driver keeps.
* FIXME: should we require tty_mutex is held here ?? * FIXME: should we require tty_mutex is held here ??
*
* FIXME: We want to defer the module put of the driver to the
* destructor.
*/ */
static void release_tty(struct tty_struct *tty, int idx) static void release_tty(struct tty_struct *tty, int idx)
{ {
struct tty_driver *driver = tty->driver; struct tty_driver *driver = tty->driver;
/* This should always be true but check for the moment */
WARN_ON(tty->index != idx);
if (tty->link) if (tty->link)
release_one_tty(tty->link, idx); tty_kref_put(tty->link);
release_one_tty(tty, idx); tty_kref_put(tty);
module_put(driver->owner); module_put(driver->owner);
} }
...@@ -2798,6 +2832,7 @@ EXPORT_SYMBOL(do_SAK); ...@@ -2798,6 +2832,7 @@ EXPORT_SYMBOL(do_SAK);
static void initialize_tty_struct(struct tty_struct *tty) static void initialize_tty_struct(struct tty_struct *tty)
{ {
memset(tty, 0, sizeof(struct tty_struct)); memset(tty, 0, sizeof(struct tty_struct));
kref_init(&tty->kref);
tty->magic = TTY_MAGIC; tty->magic = TTY_MAGIC;
tty_ldisc_init(tty); tty_ldisc_init(tty);
tty->session = NULL; tty->session = NULL;
...@@ -3053,9 +3088,12 @@ EXPORT_SYMBOL(tty_devnum); ...@@ -3053,9 +3088,12 @@ EXPORT_SYMBOL(tty_devnum);
void proc_clear_tty(struct task_struct *p) void proc_clear_tty(struct task_struct *p)
{ {
struct tty_struct *tty;
spin_lock_irq(&p->sighand->siglock); spin_lock_irq(&p->sighand->siglock);
tty = p->signal->tty;
p->signal->tty = NULL; p->signal->tty = NULL;
spin_unlock_irq(&p->sighand->siglock); spin_unlock_irq(&p->sighand->siglock);
tty_kref_put(tty);
} }
/* Called under the sighand lock */ /* Called under the sighand lock */
...@@ -3071,9 +3109,13 @@ static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty) ...@@ -3071,9 +3109,13 @@ static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
tty->pgrp = get_pid(task_pgrp(tsk)); tty->pgrp = get_pid(task_pgrp(tsk));
spin_unlock_irqrestore(&tty->ctrl_lock, flags); spin_unlock_irqrestore(&tty->ctrl_lock, flags);
tty->session = get_pid(task_session(tsk)); tty->session = get_pid(task_session(tsk));
if (tsk->signal->tty) {
printk(KERN_DEBUG "tty not NULL!!\n");
tty_kref_put(tsk->signal->tty);
}
} }
put_pid(tsk->signal->tty_old_pgrp); put_pid(tsk->signal->tty_old_pgrp);
tsk->signal->tty = tty; tsk->signal->tty = tty_kref_get(tty);
tsk->signal->tty_old_pgrp = NULL; tsk->signal->tty_old_pgrp = NULL;
} }
......
...@@ -209,6 +209,7 @@ struct tty_operations; ...@@ -209,6 +209,7 @@ struct tty_operations;
struct tty_struct { struct tty_struct {
int magic; int magic;
struct kref kref;
struct tty_driver *driver; struct tty_driver *driver;
const struct tty_operations *ops; const struct tty_operations *ops;
int index; int index;
...@@ -311,6 +312,23 @@ extern int kmsg_redirect; ...@@ -311,6 +312,23 @@ extern int kmsg_redirect;
extern void console_init(void); extern void console_init(void);
extern int vcs_init(void); extern int vcs_init(void);
/**
* tty_kref_get - get a tty reference
* @tty: tty device
*
* Return a new reference to a tty object. The caller must hold
* sufficient locks/counts to ensure that their existing reference cannot
* go away
*/
extern inline struct tty_struct *tty_kref_get(struct tty_struct *tty)
{
if (tty)
kref_get(&tty->kref);
return tty;
}
extern void tty_kref_put(struct tty_struct *tty);
extern int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, extern int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
const char *routine); const char *routine);
extern char *tty_name(struct tty_struct *tty, char *buf); extern char *tty_name(struct tty_struct *tty, char *buf);
......
...@@ -802,6 +802,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk) ...@@ -802,6 +802,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
sig->leader = 0; /* session leadership doesn't inherit */ sig->leader = 0; /* session leadership doesn't inherit */
sig->tty_old_pgrp = NULL; sig->tty_old_pgrp = NULL;
sig->tty = NULL;
sig->utime = sig->stime = sig->cutime = sig->cstime = cputime_zero; sig->utime = sig->stime = sig->cutime = sig->cstime = cputime_zero;
sig->gtime = cputime_zero; sig->gtime = cputime_zero;
...@@ -838,6 +839,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk) ...@@ -838,6 +839,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
void __cleanup_signal(struct signal_struct *sig) void __cleanup_signal(struct signal_struct *sig)
{ {
exit_thread_group_keys(sig); exit_thread_group_keys(sig);
tty_kref_put(sig->tty);
kmem_cache_free(signal_cachep, sig); kmem_cache_free(signal_cachep, sig);
} }
...@@ -1227,7 +1229,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, ...@@ -1227,7 +1229,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
p->nsproxy->pid_ns->child_reaper = p; p->nsproxy->pid_ns->child_reaper = p;
p->signal->leader_pid = pid; p->signal->leader_pid = pid;
p->signal->tty = current->signal->tty; tty_kref_put(p->signal->tty);
p->signal->tty = tty_kref_get(current->signal->tty);
set_task_pgrp(p, task_pgrp_nr(current)); set_task_pgrp(p, task_pgrp_nr(current));
set_task_session(p, task_session_nr(current)); set_task_session(p, task_session_nr(current));
attach_pid(p, PIDTYPE_PGID, task_pgrp(current)); attach_pid(p, PIDTYPE_PGID, task_pgrp(current));
......
...@@ -1060,9 +1060,7 @@ asmlinkage long sys_setsid(void) ...@@ -1060,9 +1060,7 @@ asmlinkage long sys_setsid(void)
group_leader->signal->leader = 1; group_leader->signal->leader = 1;
__set_special_pids(sid); __set_special_pids(sid);
spin_lock(&group_leader->sighand->siglock); proc_clear_tty(group_leader);
group_leader->signal->tty = NULL;
spin_unlock(&group_leader->sighand->siglock);
err = session; err = session;
out: out:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment