Re: 2.4.17 OOPS in tty code.

Jan Hudec (bulb@ucw.cz)
Thu, 31 Jan 2002 01:21:33 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robbert Kouprie: "RE: NIC lockup in 2.4.17 (SMP/APIC/Intel 82557)"
Previous message: Alan Cox: "Re: A modest proposal -- We need a patch penguin"

> Hello All,
>
> Tty device code causes oopses when closing /dev/console and devfs is used.
> The bug is reproducible on 2.4.17 UML port. The uml arch code however does
> not seem involved. The problem is, that the tty flip buffer flushing task
> somehow remains in the tq_timer task queue when the tty struct is freed.
> When the device is subsequently reopened (or the memory allocated for other
> purpose), run_task_queue OOPSes when it comes acros the entry, that has
> it's pointers overwriten.

Well, I hunted down the bug a bit more. The user-mode code DOES get involved.
When /dev/console is open, the pointer is written to vts[line].tty (in
console_open), but noone cares to remove it when it's freed. And I don't
have any process running on line 0. Just I am not sure, weather the correct
way is to avoid freeing the structure (eg. via ref-count) or to remove the
pointer in close_console.

--------------------------------------------------------------------------------
- Jan Hudec `Bulb' <bulb@ucw.cz>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Robbert Kouprie: "RE: NIC lockup in 2.4.17 (SMP/APIC/Intel 82557)"
Previous message: Alan Cox: "Re: A modest proposal -- We need a patch penguin"