Commit 89c8d91e authored by Alan Cox's avatar Alan Cox Committed by Greg Kroah-Hartman

tty: localise the lock

The termios and other changes mean the other protections needed on the driver
tty arrays should be adequate. Turn it all back on.

This contains pieces folded in from the fixes made to the original patches

| From: Geert Uytterhoeven <geert@linux-m68k.org>	(fix m68k)
| From: Paul Gortmaker <paul.gortmaker@windriver.com>	(fix cris)
| From: Jiri Kosina <jkosina@suze.cz>			(lockdep)
| From: Eric Dumazet <eric.dumazet@gmail.com>		(lockdep)
Signed-off-by: default avatarAlan Cox <alan@linux.intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent dc6802a7
...@@ -1033,7 +1033,7 @@ static int get_serial_info(struct tty_struct *tty, struct serial_state *state, ...@@ -1033,7 +1033,7 @@ static int get_serial_info(struct tty_struct *tty, struct serial_state *state,
if (!retinfo) if (!retinfo)
return -EFAULT; return -EFAULT;
memset(&tmp, 0, sizeof(tmp)); memset(&tmp, 0, sizeof(tmp));
tty_lock(); tty_lock(tty);
tmp.line = tty->index; tmp.line = tty->index;
tmp.port = state->port; tmp.port = state->port;
tmp.flags = state->tport.flags; tmp.flags = state->tport.flags;
...@@ -1042,7 +1042,7 @@ static int get_serial_info(struct tty_struct *tty, struct serial_state *state, ...@@ -1042,7 +1042,7 @@ static int get_serial_info(struct tty_struct *tty, struct serial_state *state,
tmp.close_delay = state->tport.close_delay; tmp.close_delay = state->tport.close_delay;
tmp.closing_wait = state->tport.closing_wait; tmp.closing_wait = state->tport.closing_wait;
tmp.custom_divisor = state->custom_divisor; tmp.custom_divisor = state->custom_divisor;
tty_unlock(); tty_unlock(tty);
if (copy_to_user(retinfo,&tmp,sizeof(*retinfo))) if (copy_to_user(retinfo,&tmp,sizeof(*retinfo)))
return -EFAULT; return -EFAULT;
return 0; return 0;
...@@ -1059,12 +1059,12 @@ static int set_serial_info(struct tty_struct *tty, struct serial_state *state, ...@@ -1059,12 +1059,12 @@ static int set_serial_info(struct tty_struct *tty, struct serial_state *state,
if (copy_from_user(&new_serial,new_info,sizeof(new_serial))) if (copy_from_user(&new_serial,new_info,sizeof(new_serial)))
return -EFAULT; return -EFAULT;
tty_lock(); tty_lock(tty);
change_spd = ((new_serial.flags ^ port->flags) & ASYNC_SPD_MASK) || change_spd = ((new_serial.flags ^ port->flags) & ASYNC_SPD_MASK) ||
new_serial.custom_divisor != state->custom_divisor; new_serial.custom_divisor != state->custom_divisor;
if (new_serial.irq || new_serial.port != state->port || if (new_serial.irq || new_serial.port != state->port ||
new_serial.xmit_fifo_size != state->xmit_fifo_size) { new_serial.xmit_fifo_size != state->xmit_fifo_size) {
tty_unlock(); tty_unlock(tty);
return -EINVAL; return -EINVAL;
} }
...@@ -1074,7 +1074,7 @@ static int set_serial_info(struct tty_struct *tty, struct serial_state *state, ...@@ -1074,7 +1074,7 @@ static int set_serial_info(struct tty_struct *tty, struct serial_state *state,
(new_serial.xmit_fifo_size != state->xmit_fifo_size) || (new_serial.xmit_fifo_size != state->xmit_fifo_size) ||
((new_serial.flags & ~ASYNC_USR_MASK) != ((new_serial.flags & ~ASYNC_USR_MASK) !=
(port->flags & ~ASYNC_USR_MASK))) { (port->flags & ~ASYNC_USR_MASK))) {
tty_unlock(); tty_unlock(tty);
return -EPERM; return -EPERM;
} }
port->flags = ((port->flags & ~ASYNC_USR_MASK) | port->flags = ((port->flags & ~ASYNC_USR_MASK) |
...@@ -1084,7 +1084,7 @@ static int set_serial_info(struct tty_struct *tty, struct serial_state *state, ...@@ -1084,7 +1084,7 @@ static int set_serial_info(struct tty_struct *tty, struct serial_state *state,
} }
if (new_serial.baud_base < 9600) { if (new_serial.baud_base < 9600) {
tty_unlock(); tty_unlock(tty);
return -EINVAL; return -EINVAL;
} }
...@@ -1116,7 +1116,7 @@ check_and_exit: ...@@ -1116,7 +1116,7 @@ check_and_exit:
} }
} else } else
retval = startup(tty, state); retval = startup(tty, state);
tty_unlock(); tty_unlock(tty);
return retval; return retval;
} }
......
...@@ -1599,7 +1599,7 @@ static int cy_open(struct tty_struct *tty, struct file *filp) ...@@ -1599,7 +1599,7 @@ static int cy_open(struct tty_struct *tty, struct file *filp)
* If the port is the middle of closing, bail out now * If the port is the middle of closing, bail out now
*/ */
if (tty_hung_up_p(filp) || (info->port.flags & ASYNC_CLOSING)) { if (tty_hung_up_p(filp) || (info->port.flags & ASYNC_CLOSING)) {
wait_event_interruptible_tty(info->port.close_wait, wait_event_interruptible_tty(tty, info->port.close_wait,
!(info->port.flags & ASYNC_CLOSING)); !(info->port.flags & ASYNC_CLOSING));
return (info->port.flags & ASYNC_HUP_NOTIFY) ? -EAGAIN: -ERESTARTSYS; return (info->port.flags & ASYNC_HUP_NOTIFY) ? -EAGAIN: -ERESTARTSYS;
} }
......
...@@ -1065,7 +1065,7 @@ static ssize_t r3964_read(struct tty_struct *tty, struct file *file, ...@@ -1065,7 +1065,7 @@ static ssize_t r3964_read(struct tty_struct *tty, struct file *file,
TRACE_L("read()"); TRACE_L("read()");
tty_lock(); tty_lock(tty);
pClient = findClient(pInfo, task_pid(current)); pClient = findClient(pInfo, task_pid(current));
if (pClient) { if (pClient) {
...@@ -1077,7 +1077,7 @@ static ssize_t r3964_read(struct tty_struct *tty, struct file *file, ...@@ -1077,7 +1077,7 @@ static ssize_t r3964_read(struct tty_struct *tty, struct file *file,
goto unlock; goto unlock;
} }
/* block until there is a message: */ /* block until there is a message: */
wait_event_interruptible_tty(pInfo->read_wait, wait_event_interruptible_tty(tty, pInfo->read_wait,
(pMsg = remove_msg(pInfo, pClient))); (pMsg = remove_msg(pInfo, pClient)));
} }
...@@ -1107,7 +1107,7 @@ static ssize_t r3964_read(struct tty_struct *tty, struct file *file, ...@@ -1107,7 +1107,7 @@ static ssize_t r3964_read(struct tty_struct *tty, struct file *file,
} }
ret = -EPERM; ret = -EPERM;
unlock: unlock:
tty_unlock(); tty_unlock(tty);
return ret; return ret;
} }
...@@ -1156,7 +1156,7 @@ static ssize_t r3964_write(struct tty_struct *tty, struct file *file, ...@@ -1156,7 +1156,7 @@ static ssize_t r3964_write(struct tty_struct *tty, struct file *file,
pHeader->locks = 0; pHeader->locks = 0;
pHeader->owner = NULL; pHeader->owner = NULL;
tty_lock(); tty_lock(tty);
pClient = findClient(pInfo, task_pid(current)); pClient = findClient(pInfo, task_pid(current));
if (pClient) { if (pClient) {
...@@ -1175,7 +1175,7 @@ static ssize_t r3964_write(struct tty_struct *tty, struct file *file, ...@@ -1175,7 +1175,7 @@ static ssize_t r3964_write(struct tty_struct *tty, struct file *file,
add_tx_queue(pInfo, pHeader); add_tx_queue(pInfo, pHeader);
trigger_transmit(pInfo); trigger_transmit(pInfo);
tty_unlock(); tty_unlock(tty);
return 0; return 0;
} }
......
...@@ -47,6 +47,7 @@ static void pty_close(struct tty_struct *tty, struct file *filp) ...@@ -47,6 +47,7 @@ static void pty_close(struct tty_struct *tty, struct file *filp)
wake_up_interruptible(&tty->read_wait); wake_up_interruptible(&tty->read_wait);
wake_up_interruptible(&tty->write_wait); wake_up_interruptible(&tty->write_wait);
tty->packet = 0; tty->packet = 0;
/* Review - krefs on tty_link ?? */
if (!tty->link) if (!tty->link)
return; return;
tty->link->packet = 0; tty->link->packet = 0;
...@@ -62,9 +63,9 @@ static void pty_close(struct tty_struct *tty, struct file *filp) ...@@ -62,9 +63,9 @@ static void pty_close(struct tty_struct *tty, struct file *filp)
mutex_unlock(&devpts_mutex); mutex_unlock(&devpts_mutex);
} }
#endif #endif
tty_unlock(); tty_unlock(tty);
tty_vhangup(tty->link); tty_vhangup(tty->link);
tty_lock(); tty_lock(tty);
} }
} }
...@@ -617,26 +618,27 @@ static int ptmx_open(struct inode *inode, struct file *filp) ...@@ -617,26 +618,27 @@ static int ptmx_open(struct inode *inode, struct file *filp)
return retval; return retval;
/* find a device that is not in use. */ /* find a device that is not in use. */
tty_lock(); mutex_lock(&devpts_mutex);
index = devpts_new_index(inode); index = devpts_new_index(inode);
tty_unlock();
if (index < 0) { if (index < 0) {
retval = index; retval = index;
goto err_file; goto err_file;
} }
mutex_unlock(&devpts_mutex);
mutex_lock(&tty_mutex); mutex_lock(&tty_mutex);
mutex_lock(&devpts_mutex);
tty = tty_init_dev(ptm_driver, index); tty = tty_init_dev(ptm_driver, index);
mutex_unlock(&devpts_mutex);
tty_lock();
mutex_unlock(&tty_mutex);
if (IS_ERR(tty)) { if (IS_ERR(tty)) {
retval = PTR_ERR(tty); retval = PTR_ERR(tty);
goto out; goto out;
} }
/* The tty returned here is locked so we can safely
drop the mutex */
mutex_unlock(&tty_mutex);
set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */ set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
tty_add_file(tty, filp); tty_add_file(tty, filp);
...@@ -649,16 +651,17 @@ static int ptmx_open(struct inode *inode, struct file *filp) ...@@ -649,16 +651,17 @@ static int ptmx_open(struct inode *inode, struct file *filp)
if (retval) if (retval)
goto err_release; goto err_release;
tty_unlock(); tty_unlock(tty);
return 0; return 0;
err_release: err_release:
tty_unlock(); tty_unlock(tty);
tty_release(inode, filp); tty_release(inode, filp);
return retval; return retval;
out: out:
mutex_unlock(&tty_mutex);
devpts_kill_index(inode, index); devpts_kill_index(inode, index);
tty_unlock();
err_file: err_file:
mutex_unlock(&devpts_mutex);
tty_free_file(filp); tty_free_file(filp);
return retval; return retval;
} }
......
...@@ -3976,7 +3976,7 @@ block_til_ready(struct tty_struct *tty, struct file * filp, ...@@ -3976,7 +3976,7 @@ block_til_ready(struct tty_struct *tty, struct file * filp,
*/ */
if (tty_hung_up_p(filp) || if (tty_hung_up_p(filp) ||
(info->flags & ASYNC_CLOSING)) { (info->flags & ASYNC_CLOSING)) {
wait_event_interruptible_tty(info->close_wait, wait_event_interruptible_tty(tty, info->close_wait,
!(info->flags & ASYNC_CLOSING)); !(info->flags & ASYNC_CLOSING));
#ifdef SERIAL_DO_RESTART #ifdef SERIAL_DO_RESTART
if (info->flags & ASYNC_HUP_NOTIFY) if (info->flags & ASYNC_HUP_NOTIFY)
...@@ -4052,9 +4052,9 @@ block_til_ready(struct tty_struct *tty, struct file * filp, ...@@ -4052,9 +4052,9 @@ block_til_ready(struct tty_struct *tty, struct file * filp,
printk("block_til_ready blocking: ttyS%d, count = %d\n", printk("block_til_ready blocking: ttyS%d, count = %d\n",
info->line, info->count); info->line, info->count);
#endif #endif
tty_unlock(); tty_unlock(tty);
schedule(); schedule();
tty_lock(); tty_lock(tty);
} }
set_current_state(TASK_RUNNING); set_current_state(TASK_RUNNING);
remove_wait_queue(&info->open_wait, &wait); remove_wait_queue(&info->open_wait, &wait);
...@@ -4115,7 +4115,7 @@ rs_open(struct tty_struct *tty, struct file * filp) ...@@ -4115,7 +4115,7 @@ rs_open(struct tty_struct *tty, struct file * filp)
*/ */
if (tty_hung_up_p(filp) || if (tty_hung_up_p(filp) ||
(info->flags & ASYNC_CLOSING)) { (info->flags & ASYNC_CLOSING)) {
wait_event_interruptible_tty(info->close_wait, wait_event_interruptible_tty(tty, info->close_wait,
!(info->flags & ASYNC_CLOSING)); !(info->flags & ASYNC_CLOSING));
#ifdef SERIAL_DO_RESTART #ifdef SERIAL_DO_RESTART
return ((info->flags & ASYNC_HUP_NOTIFY) ? return ((info->flags & ASYNC_HUP_NOTIFY) ?
......
...@@ -3338,9 +3338,9 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, ...@@ -3338,9 +3338,9 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
printk("%s(%d):block_til_ready blocking on %s count=%d\n", printk("%s(%d):block_til_ready blocking on %s count=%d\n",
__FILE__,__LINE__, tty->driver->name, port->count ); __FILE__,__LINE__, tty->driver->name, port->count );
tty_unlock(); tty_unlock(tty);
schedule(); schedule();
tty_lock(); tty_lock(tty);
} }
set_current_state(TASK_RUNNING); set_current_state(TASK_RUNNING);
......
...@@ -3336,9 +3336,9 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, ...@@ -3336,9 +3336,9 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
} }
DBGINFO(("%s block_til_ready wait\n", tty->driver->name)); DBGINFO(("%s block_til_ready wait\n", tty->driver->name));
tty_unlock(); tty_unlock(tty);
schedule(); schedule();
tty_lock(); tty_lock(tty);
} }
set_current_state(TASK_RUNNING); set_current_state(TASK_RUNNING);
......
...@@ -3357,9 +3357,9 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, ...@@ -3357,9 +3357,9 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
printk("%s(%d):%s block_til_ready() count=%d\n", printk("%s(%d):%s block_til_ready() count=%d\n",
__FILE__,__LINE__, tty->driver->name, port->count ); __FILE__,__LINE__, tty->driver->name, port->count );
tty_unlock(); tty_unlock(tty);
schedule(); schedule();
tty_lock(); tty_lock(tty);
} }
set_current_state(TASK_RUNNING); set_current_state(TASK_RUNNING);
......
...@@ -187,6 +187,7 @@ void free_tty_struct(struct tty_struct *tty) ...@@ -187,6 +187,7 @@ void free_tty_struct(struct tty_struct *tty)
put_device(tty->dev); put_device(tty->dev);
kfree(tty->write_buf); kfree(tty->write_buf);
tty_buffer_free_all(tty); tty_buffer_free_all(tty);
tty->magic = 0xDEADDEAD;
kfree(tty); kfree(tty);
} }
...@@ -575,7 +576,7 @@ void __tty_hangup(struct tty_struct *tty) ...@@ -575,7 +576,7 @@ void __tty_hangup(struct tty_struct *tty)
} }
spin_unlock(&redirect_lock); spin_unlock(&redirect_lock);
tty_lock(); tty_lock(tty);
/* some functions below drop BTM, so we need this bit */ /* some functions below drop BTM, so we need this bit */
set_bit(TTY_HUPPING, &tty->flags); set_bit(TTY_HUPPING, &tty->flags);
...@@ -668,7 +669,7 @@ void __tty_hangup(struct tty_struct *tty) ...@@ -668,7 +669,7 @@ void __tty_hangup(struct tty_struct *tty)
clear_bit(TTY_HUPPING, &tty->flags); clear_bit(TTY_HUPPING, &tty->flags);
tty_ldisc_enable(tty); tty_ldisc_enable(tty);
tty_unlock(); tty_unlock(tty);
if (f) if (f)
fput(f); fput(f);
...@@ -1105,12 +1106,12 @@ void tty_write_message(struct tty_struct *tty, char *msg) ...@@ -1105,12 +1106,12 @@ void tty_write_message(struct tty_struct *tty, char *msg)
{ {
if (tty) { if (tty) {
mutex_lock(&tty->atomic_write_lock); mutex_lock(&tty->atomic_write_lock);
tty_lock(); tty_lock(tty);
if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) { if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
tty_unlock(); tty_unlock(tty);
tty->ops->write(tty, msg, strlen(msg)); tty->ops->write(tty, msg, strlen(msg));
} else } else
tty_unlock(); tty_unlock(tty);
tty_write_unlock(tty); tty_write_unlock(tty);
} }
return; return;
...@@ -1403,6 +1404,7 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) ...@@ -1403,6 +1404,7 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
} }
initialize_tty_struct(tty, driver, idx); initialize_tty_struct(tty, driver, idx);
tty_lock(tty);
retval = tty_driver_install_tty(driver, tty); retval = tty_driver_install_tty(driver, tty);
if (retval < 0) if (retval < 0)
goto err_deinit_tty; goto err_deinit_tty;
...@@ -1418,9 +1420,11 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) ...@@ -1418,9 +1420,11 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
retval = tty_ldisc_setup(tty, tty->link); retval = tty_ldisc_setup(tty, tty->link);
if (retval) if (retval)
goto err_release_tty; goto err_release_tty;
/* Return the tty locked so that it cannot vanish under the caller */
return tty; return tty;
err_deinit_tty: err_deinit_tty:
tty_unlock(tty);
deinitialize_tty_struct(tty); deinitialize_tty_struct(tty);
free_tty_struct(tty); free_tty_struct(tty);
err_module_put: err_module_put:
...@@ -1429,6 +1433,7 @@ err_module_put: ...@@ -1429,6 +1433,7 @@ err_module_put:
/* call the tty release_tty routine to clean out this slot */ /* call the tty release_tty routine to clean out this slot */
err_release_tty: err_release_tty:
tty_unlock(tty);
printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, " printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
"clearing slot %d\n", idx); "clearing slot %d\n", idx);
release_tty(tty, idx); release_tty(tty, idx);
...@@ -1622,7 +1627,7 @@ int tty_release(struct inode *inode, struct file *filp) ...@@ -1622,7 +1627,7 @@ int tty_release(struct inode *inode, struct file *filp)
if (tty_paranoia_check(tty, inode, __func__)) if (tty_paranoia_check(tty, inode, __func__))
return 0; return 0;
tty_lock(); tty_lock(tty);
check_tty_count(tty, __func__); check_tty_count(tty, __func__);
__tty_fasync(-1, filp, 0); __tty_fasync(-1, filp, 0);
...@@ -1631,10 +1636,11 @@ int tty_release(struct inode *inode, struct file *filp) ...@@ -1631,10 +1636,11 @@ int tty_release(struct inode *inode, struct file *filp)
pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY && pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
tty->driver->subtype == PTY_TYPE_MASTER); tty->driver->subtype == PTY_TYPE_MASTER);
devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0; devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
/* Review: parallel close */
o_tty = tty->link; o_tty = tty->link;
if (tty_release_checks(tty, o_tty, idx)) { if (tty_release_checks(tty, o_tty, idx)) {
tty_unlock(); tty_unlock(tty);
return 0; return 0;
} }
...@@ -1646,7 +1652,7 @@ int tty_release(struct inode *inode, struct file *filp) ...@@ -1646,7 +1652,7 @@ int tty_release(struct inode *inode, struct file *filp)
if (tty->ops->close) if (tty->ops->close)
tty->ops->close(tty, filp); tty->ops->close(tty, filp);
tty_unlock(); tty_unlock(tty);
/* /*
* Sanity check: if tty->count is going to zero, there shouldn't be * Sanity check: if tty->count is going to zero, there shouldn't be
* any waiters on tty->read_wait or tty->write_wait. We test the * any waiters on tty->read_wait or tty->write_wait. We test the
...@@ -1669,7 +1675,7 @@ int tty_release(struct inode *inode, struct file *filp) ...@@ -1669,7 +1675,7 @@ int tty_release(struct inode *inode, struct file *filp)
opens on /dev/tty */ opens on /dev/tty */
mutex_lock(&tty_mutex); mutex_lock(&tty_mutex);
tty_lock(); tty_lock_pair(tty, o_tty);
tty_closing = tty->count <= 1; tty_closing = tty->count <= 1;
o_tty_closing = o_tty && o_tty_closing = o_tty &&
(o_tty->count <= (pty_master ? 1 : 0)); (o_tty->count <= (pty_master ? 1 : 0));
...@@ -1700,7 +1706,7 @@ int tty_release(struct inode *inode, struct file *filp) ...@@ -1700,7 +1706,7 @@ int tty_release(struct inode *inode, struct file *filp)
printk(KERN_WARNING "%s: %s: read/write wait queue active!\n", printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
__func__, tty_name(tty, buf)); __func__, tty_name(tty, buf));
tty_unlock(); tty_unlock_pair(tty, o_tty);
mutex_unlock(&tty_mutex); mutex_unlock(&tty_mutex);
schedule(); schedule();
} }
...@@ -1763,7 +1769,7 @@ int tty_release(struct inode *inode, struct file *filp) ...@@ -1763,7 +1769,7 @@ int tty_release(struct inode *inode, struct file *filp)
} }
mutex_unlock(&tty_mutex); mutex_unlock(&tty_mutex);
tty_unlock(); tty_unlock_pair(tty, o_tty);
/* At this point the TTY_CLOSING flag should ensure a dead tty /* At this point the TTY_CLOSING flag should ensure a dead tty
cannot be re-opened by a racing opener */ cannot be re-opened by a racing opener */
...@@ -1780,7 +1786,9 @@ int tty_release(struct inode *inode, struct file *filp) ...@@ -1780,7 +1786,9 @@ int tty_release(struct inode *inode, struct file *filp)
tty_ldisc_release(tty, o_tty); tty_ldisc_release(tty, o_tty);
/* /*
* The release_tty function takes care of the details of clearing * The release_tty function takes care of the details of clearing
* the slots and preserving the termios structure. * the slots and preserving the termios structure. The tty_unlock_pair
* should be safe as we keep a kref while the tty is locked (so the
* unlock never unlocks a freed tty).
*/ */
mutex_lock(&tty_mutex); mutex_lock(&tty_mutex);
release_tty(tty, idx); release_tty(tty, idx);
...@@ -1789,7 +1797,6 @@ int tty_release(struct inode *inode, struct file *filp) ...@@ -1789,7 +1797,6 @@ int tty_release(struct inode *inode, struct file *filp)
/* Make this pty number available for reallocation */ /* Make this pty number available for reallocation */
if (devpts) if (devpts)
devpts_kill_index(inode, idx); devpts_kill_index(inode, idx);
return 0; return 0;
} }
...@@ -1893,6 +1900,9 @@ static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, ...@@ -1893,6 +1900,9 @@ static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
* Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
* tty->count should protect the rest. * tty->count should protect the rest.
* ->siglock protects ->signal/->sighand * ->siglock protects ->signal/->sighand
*
* Note: the tty_unlock/lock cases without a ref are only safe due to
* tty_mutex
*/ */
static int tty_open(struct inode *inode, struct file *filp) static int tty_open(struct inode *inode, struct file *filp)
...@@ -1916,8 +1926,7 @@ retry_open: ...@@ -1916,8 +1926,7 @@ retry_open:
retval = 0; retval = 0;
mutex_lock(&tty_mutex); mutex_lock(&tty_mutex);
tty_lock(); /* This is protected by the tty_mutex */
tty = tty_open_current_tty(device, filp); tty = tty_open_current_tty(device, filp);
if (IS_ERR(tty)) { if (IS_ERR(tty)) {
retval = PTR_ERR(tty); retval = PTR_ERR(tty);
...@@ -1938,17 +1947,19 @@ retry_open: ...@@ -1938,17 +1947,19 @@ retry_open:
} }
if (tty) { if (tty) {
tty_lock(tty);
retval = tty_reopen(tty); retval = tty_reopen(tty);
if (retval) if (retval < 0) {
tty_unlock(tty);
tty = ERR_PTR(retval); tty = ERR_PTR(retval);
} else }
} else /* Returns with the tty_lock held for now */
tty = tty_init_dev(driver, index); tty = tty_init_dev(driver, index);