linuxconsole-dev

tty_struct curruption

[Andreas S. <an...@sc...>]

i am observing a memory corruption in the tty_struct. (at least)
the flip structure is overwritten. I know that this can not only
be due to the backport to 2.4 (i use the ruby backport) and to
Aivils added memset()s after kalloc()s, because there is a
comment in that flip stucture saying:
>·······unsigned char>··slop[4]; /* N.B. bug overwrites buffer by 1 */

I tried to track this down with (among others) kdb, but that
seems to have problems with trapping some special memory writes.
Keith works on that...

So has someone experienced something similar and found the
reason?

(i noticed that in tty_io.h there are several points where return
values are not caught and no error handling is in place. is this
work in progress? By whom?)

Re: tty_struct curruption

[Andreas S. <an...@sc...>]

* Andreas Schuldei (an...@sc...) [021011 12:26]:
> i am observing a memory corruption in the tty_struct. (at least)
> the flip structure is overwritten. I know that this can not only
> be due to the backport to 2.4 (i use the ruby backport) and to
> Aivils added memset()s after kalloc()s, because there is a
> comment in that flip stucture saying:
> >·······unsigned char>··slop[4]; /* N.B. bug overwrites buffer by 1 */

alan cox (i met him at a linux fair this week) said this was from
before 2.4 and is fixed. so we could clean this up. 

He also was very interested in the mulit-user multi-console
thing. But then he is also very polite. (c:

> So has someone experienced something similar and found the
> reason?

and now i also found the inital cause (not yet the solution):
this happens during boottime when loadkeys is running. kernel
memory is free()d but the pointer to the memory is still used as
before.

My guess is that only people who actually load a keymap (speak:
non americans) at boottime are bitten by this. if loadkeys is not
run, all is fine.