Sebastian Siewior wrote:
quoted text
>> --- /dev/null
>> +++ b/drivers/input/lirc/lirc_dev.c
...
quoted text
>> +#include <linux/ioctl.h>
>> +#include <linux/fs.h>
>> +#include <linux/poll.h>
>> +#include <linux/smp_lock.h>
> if you need this than you use the BKL back. As far as I remember
> the ioctl() handler in kernel core no longer takes the BKL and I don't
> see any locking in irctl_ioctl(). 

Really?  .open() has been changed to be called without the BKL held, but 
.ioctl() is still called with BKL protection.  Currently, many .ioctl() 
implementations are replaced by .unlocked_ioctl() which take the BKL 
themselves if necessary or if it is not yet clear whether they would 
work without BKL protection.

...
quoted text
>> +static struct file_operations fops = {
>> +	.read		= irctl_read,
>> +	.write		= irctl_write,
>> +	.poll		= irctl_poll,
>> +	.ioctl		= irctl_ioctl,
>> +	.open		= irctl_open,
>> +	.release	= irctl_close
>> +};

This should be audited for the following aspects:

   - Could there be a race condition between irctl_open() and
     lirc_dev_init()?  If yes, try to rework them to eliminate the race,
     or as a last resort take the BKL in irctl_open().

   - Does irctl_ioctl() require BKL protection, i.e. does it have to be
     serialized against itself and against irctl_open()?  If not, replace
     it by .unlocked_ioctl.  If yes, preferably convert it to
     .unlocked_ioctl too and add a local mutex for the necessary
     serialization.

(Added Cc: Jonathan Corbet to correct me if I'm wrong.)
-- 
Stefan Richter
-=====-==--- =--= -=--=
http://arcgraph.de/sr/
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/