From 71d5865b10cc1ab56974808bee61b377f4d2ff9e Mon Sep 17 00:00:00 2001 From: David van Moolenbroek Date: Tue, 6 Nov 2012 00:11:16 +0100 Subject: [PATCH] TTY: fix crash obtaining kernel messages Also fix a case of potential message loss in TTY and LOG. --- drivers/log/diag.c | 14 +++++++------- drivers/tty/tty.c | 19 ++++++++++--------- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/drivers/log/diag.c b/drivers/log/diag.c index ac7841ba4..28eb1e7e4 100644 --- a/drivers/log/diag.c +++ b/drivers/log/diag.c @@ -21,8 +21,7 @@ void do_new_kmess(void) /* Notification for a new kernel message. */ static struct kmessages *kmess; /* entire kmess structure */ static char print_buf[_KMESS_BUF_SIZE]; /* copy new message here */ - int bytes; - int i, r; + int i, r, next, bytes; static int prev_next = 0; assert(_minix_kerninfo); @@ -31,12 +30,13 @@ void do_new_kmess(void) /* Print only the new part. Determine how many new bytes there are with * help of the current and previous 'next' index. Note that the kernel * buffer is circular. This works fine if less than KMESS_BUF_SIZE bytes - * are new data; else we miss % KMESS_BUF_SIZE here. + * are new data; else we miss % KMESS_BUF_SIZE here. Obtain 'next' only + * once, since we are operating on shared memory here. * Check for size being positive, the buffer might as well be emptied! */ - if (kmess->km_size > 0) { - bytes = ((kmess->km_next + _KMESS_BUF_SIZE) - prev_next) % - _KMESS_BUF_SIZE; + next = kmess->km_next; + bytes = ((next + _KMESS_BUF_SIZE) - prev_next) % _KMESS_BUF_SIZE; + if (bytes > 0) { r= prev_next; /* start at previous old */ i=0; while (bytes > 0) { @@ -53,5 +53,5 @@ void do_new_kmess(void) /* Almost done, store 'next' so that we can determine what part of the * kernel messages buffer to print next time a notification arrives. */ - prev_next = kmess->km_next; + prev_next = next; } diff --git a/drivers/tty/tty.c b/drivers/tty/tty.c index 29d65a054..c1dc41a02 100644 --- a/drivers/tty/tty.c +++ b/drivers/tty/tty.c @@ -456,9 +456,9 @@ do_new_kmess(void) { /* Kernel wants to print a new message */ struct kmessages *kmess_ptr; /* kmessages structure */ - char kernel_buf_copy[2*_KMESS_BUF_SIZE]; + char kernel_buf_copy[_KMESS_BUF_SIZE]; static int prev_next = 0; - int bytes, copy, restore = 0; + int next, bytes, copy, restore = 0; tty_t *tp, rtp; message print_kmsg; @@ -468,14 +468,15 @@ do_new_kmess(void) /* The kernel buffer is circular; print only the new part. Determine * how many new bytes there are with the help of current and * previous 'next' index. This works fine if less than _KMESS_BUF_SIZE - * bytes is new data; else we miss % _KMESS_BUF_SIZE here. + * bytes is new data; else we miss % _KMESS_BUF_SIZE here. Obtain + * 'next' only once, since we are operating on shared memory here. * Check for size being positive; the buffer might as well be emptied! */ - if (kmess_ptr->km_size > 0) { - bytes = ((kmess_ptr->km_next + _KMESS_BUF_SIZE) - prev_next) % - _KMESS_BUF_SIZE; - /* Copy from current position to end of buffer */ - copy = (prev_next + bytes) % _KMESS_BUF_SIZE; + next = kmess_ptr->km_next; + bytes = ((next + _KMESS_BUF_SIZE) - prev_next) % _KMESS_BUF_SIZE; + if (bytes > 0) { + /* Copy from current position toward end of buffer */ + copy = MIN(_KMESS_BUF_SIZE - prev_next, bytes); memcpy(kernel_buf_copy, &kmess_ptr->km_buf[prev_next], copy); /* Copy remainder from start of buffer */ @@ -510,7 +511,7 @@ do_new_kmess(void) /* Store 'next' pointer so that we can determine what part of the * kernel messages buffer to print next time a notification arrives. */ - prev_next = kmess_ptr->km_next; + prev_next = next; } /*===========================================================================*