[PATCH V2] fbcon -- fix race between open and removal of framebuffers

From: Tim Gardner
Date: Tue May 10 2011 - 08:48:05 EST

Next message: Jan Kara: "Re: [PATCHSET v3.1 0/7] data integrity: Stabilize pages duringwriteback for various fses"
Previous message: Jonathan Cameron: "Re: [PATCH 005/206] Staging: hv: Rename the device type variable"
Next in thread: Jack Stone: "Re: [PATCH V2] fbcon -- fix race between open and removal of framebuffers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a multi-part message in MIME format.On 05/05/2011 11:00 PM, Jack Stone wrote:

On 05/05/2011 18:41, tim.gardner@xxxxxxxxxxxxx wrote:
+static struct fb_info *get_framebuffer_info(int idx)
+__acquires(&registered_lock)
+__releases(&registered_lock)
+{
+ struct fb_info *fb_info;
+
+ spin_lock(&registered_lock);
+ fb_info = registered_fb[idx];
+ fb_info->ref_count++;
+ spin_unlock(&registered_lock);
+
+ return fb_info;
+}
+
static int
fb_open(struct inode *inode, struct file *file)
__acquires(&info->lock)
@@ -1363,13 +1421,17 @@ __releases(&info->lock)

if (fbidx>= FB_MAX)
return -ENODEV;
- info = registered_fb[fbidx];
+ info = get_framebuffer_info(fbidx);
if (!info)
request_module("fb%d", fbidx);
- info = registered_fb[fbidx];
+ info = get_framebuffer_info(fbidx);
if (!info)
return -ENODEV;

If the first get_framebuffer_info succeeds don't you up the ref count
twice? Shouldn't this be:

info = get_framebuffer_info(fbidx);
if (!info) {
request_module("fb%d", fbidx);
info = get_framebuffer_info(fbidx);
}
if (!info)
return -ENODEV;

Thanks,

Jack

Good catch. See attached.

rtg
--
Tim Gardner tim.gardner@xxxxxxxxxxxxx

Next message: Jan Kara: "Re: [PATCHSET v3.1 0/7] data integrity: Stabilize pages duringwriteback for various fses"
Previous message: Jonathan Cameron: "Re: [PATCH 005/206] Staging: hv: Rename the device type variable"
Next in thread: Jack Stone: "Re: [PATCH V2] fbcon -- fix race between open and removal of framebuffers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]