#
c8b710b3 |
| 10-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix ldisc leak in failed tty_init_dev()
release_tty() leaks the ldisc instance when called directly (rather than when releasing the file descriptor from tty_release()).
Since tty_ldisc_release
tty: Fix ldisc leak in failed tty_init_dev()
release_tty() leaks the ldisc instance when called directly (rather than when releasing the file descriptor from tty_release()).
Since tty_ldisc_release() clears tty->ldisc, releasing the ldisc instance at tty teardown if tty->ldisc is non-null is not in danger of double-releasing the ldisc.
Remove deinitialize_tty_struct() now that free_tty_struct() always performs the tty_ldisc_deinit().
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
dd42bf11 |
| 27-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Prevent ldisc drivers from re-using stale tty fields
Line discipline drivers may mistakenly misuse ldisc-related fields when initializing. For example, a failure to initialize tty->receive_room
tty: Prevent ldisc drivers from re-using stale tty fields
Line discipline drivers may mistakenly misuse ldisc-related fields when initializing. For example, a failure to initialize tty->receive_room in the N_GIGASET_M101 line discipline was recently found and fixed [1]. Now, the N_X25 line discipline has been discovered accessing the previous line discipline's already-freed private data [2].
Harden the ldisc interface against misuse by initializing revelant tty fields before instancing the new line discipline.
[1] commit fd98e9419d8d622a4de91f76b306af6aa627aa9c Author: Tilman Schmidt <tilman@imap.cc> Date: Tue Jul 14 00:37:13 2015 +0200
isdn/gigaset: reset tty->receive_room when attaching ser_gigaset
[2] Report from Sasha Levin <sasha.levin@oracle.com> [ 634.336761] ================================================================== [ 634.338226] BUG: KASAN: use-after-free in x25_asy_open_tty+0x13d/0x490 at addr ffff8800a743efd0 [ 634.339558] Read of size 4 by task syzkaller_execu/8981 [ 634.340359] ============================================================================= [ 634.341598] BUG kmalloc-512 (Not tainted): kasan: bad access detected ... [ 634.405018] Call Trace: [ 634.405277] dump_stack (lib/dump_stack.c:52) [ 634.405775] print_trailer (mm/slub.c:655) [ 634.406361] object_err (mm/slub.c:662) [ 634.406824] kasan_report_error (mm/kasan/report.c:138 mm/kasan/report.c:236) [ 634.409581] __asan_report_load4_noabort (mm/kasan/report.c:279) [ 634.411355] x25_asy_open_tty (drivers/net/wan/x25_asy.c:559 (discriminator 1)) [ 634.413997] tty_ldisc_open.isra.2 (drivers/tty/tty_ldisc.c:447) [ 634.414549] tty_set_ldisc (drivers/tty/tty_ldisc.c:567) [ 634.415057] tty_ioctl (drivers/tty/tty_io.c:2646 drivers/tty/tty_io.c:2879) [ 634.423524] do_vfs_ioctl (fs/ioctl.c:43 fs/ioctl.c:607) [ 634.427491] SyS_ioctl (fs/ioctl.c:622 fs/ioctl.c:613) [ 634.427945] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:188)
Cc: Tilman Schmidt <tilman@imap.cc> Cc: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
63d8cb3f |
| 08-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Simplify tty_set_ldisc() exit handling
Perform common exit for both successful and error exit handling in tty_set_ldisc(). Fixes unlikely possibility of failing to restart input kworker when sw
tty: Simplify tty_set_ldisc() exit handling
Perform common exit for both successful and error exit handling in tty_set_ldisc(). Fixes unlikely possibility of failing to restart input kworker when switching to the same line discipline (noop case).
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
cb128f69 |
| 27-Oct-2015 |
Denys Vlasenko <dvlasenk@redhat.com> |
tty/tty_ldisc: Deinline tty_ldisc_put, save 368 bytes
This function compiles to 72 bytes of machine code.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com> CC: Jiri Slaby <jslaby@suse.com> CC: li
tty/tty_ldisc: Deinline tty_ldisc_put, save 368 bytes
This function compiles to 72 bytes of machine code.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com> CC: Jiri Slaby <jslaby@suse.com> CC: linux-serial@vger.kernel.org Reviewed-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
17a69219 |
| 08-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix direct use of tty buffer work
Recent abstraction of tty buffer work introduced api to manage tty input kworker; use it.
Fixes: e176058f0de5 ("tty: Abstract tty buffer work") Signed-off-by:
tty: Fix direct use of tty buffer work
Recent abstraction of tty buffer work introduced api to manage tty input kworker; use it.
Fixes: e176058f0de5 ("tty: Abstract tty buffer work") Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
52772ea6 |
| 04-Oct-2015 |
Guillaume Gomez <guillaume1.gomez@gmail.com> |
tty: remove unneeded return statement
Signed-off-by: Guillaume Gomez <guillaume1.gomez@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fb6edc91 |
| 13-Jul-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: core: Improve ldisc debug messages
Add debug messages for ldisc open and close, and remove "closing ldisc" message from tty_ldisc_release(), because a close message is now printed for both ldis
tty: core: Improve ldisc debug messages
Add debug messages for ldisc open and close, and remove "closing ldisc" message from tty_ldisc_release(), because a close message is now printed for both ldiscs; always print ldisc pointer first so ldisc changes are easier to identify.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
0a6adc13 |
| 13-Jul-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Use tty_debug() for tty_ldisc_debug()
Replace tty_ldisc_debug() macro definition; substitute with equivalent tty_debug() invocation.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Sign
tty: Use tty_debug() for tty_ldisc_debug()
Replace tty_ldisc_debug() macro definition; substitute with equivalent tty_debug() invocation.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
429b4749 |
| 31-Mar-2015 |
Rasmus Villemoes <linux@rasmusvillemoes.dk> |
tty: remove buf parameter from tty_name()
tty_name no longer uses the buf parameter, so remove it along with all the 64 byte stack buffers that used to be passed in.
Mostly generated by the coccine
tty: remove buf parameter from tty_name()
tty_name no longer uses the buf parameter, so remove it along with all the 64 byte stack buffers that used to be passed in.
Mostly generated by the coccinelle script
@depends on patch@ identifier buf; constant C; expression tty; @@ - char buf[C]; <+... - tty_name(tty, buf) + tty_name(tty) ...+>
allmodconfig compiles, so I'm fairly confident the stack buffers weren't used for other purposes as well.
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Reviewed-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Jesper Nilsson <jesper.nilsson@axis.com> Acked-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
9191aaaa |
| 05-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Allow safe access to termios for set_ldisc() handlers
Allow a tty driver to safely access termios settings while handling the set_ldisc() notification. UART drivers use the set_ldisc() notifica
tty: Allow safe access to termios for set_ldisc() handlers
Allow a tty driver to safely access termios settings while handling the set_ldisc() notification. UART drivers use the set_ldisc() notification to check if the N_PPS line discipline is being enabled; if so, modem status interrupts may also need to be enabled. Conversely, modem status interrupts may need to be disabled if switching away from the N_PPS line discipline.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
86c80a8e |
| 05-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Flush ldisc buffer atomically with tty flip buffers
tty_ldisc_flush() first clears the line discipline input buffer, then clears the tty flip buffers. However, this allows for existing data in
tty: Flush ldisc buffer atomically with tty flip buffers
tty_ldisc_flush() first clears the line discipline input buffer, then clears the tty flip buffers. However, this allows for existing data in the tty flip buffers to be added after the ldisc input buffer has been cleared, but before the flip buffers have been cleared.
Add an optional ldisc parameter to tty_buffer_flush() to allow tty_ldisc_flush() to pass the ldisc to clear.
NB: Initially, the plan was to do this automatically in tty_buffer_flush(). However, an audit of the behavior of existing line disciplines showed that performing a ldisc buffer flush on ioctl(TCFLSH) was not always the outcome. For example, some line disciplines have flush_buffer() methods but not ioctl() methods, so a ->flush_buffer() command would be unexpected.
Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
276a661a |
| 05-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix timeout on pty set ldisc
When changing the ldisc on one end of a pty pair, there may be waiting readers/writers on the other end which may not exit from the ldisc i/o loop, preventing tty_l
tty: Fix timeout on pty set ldisc
When changing the ldisc on one end of a pty pair, there may be waiting readers/writers on the other end which may not exit from the ldisc i/o loop, preventing tty_ldisc_lock_pair_timeout() from acquiring the other side's ldisc lock.
Only acquire this side's ldisc lock; although this will no longer prevent the other side from writing new input, that input will not be processed until after the ldisc change completes. This has no effect on normal ttys; new input from the driver was never disabled.
Remove tty_ldisc_enable_pair().
Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
fae76e9a |
| 05-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix hung task on pty hangup
When hanging up one end of a pty pair, there may be waiting readers/writers on the other end which may not exit, preventing tty_ldisc_lock_pair() from acquiring the
tty: Fix hung task on pty hangup
When hanging up one end of a pty pair, there may be waiting readers/writers on the other end which may not exit, preventing tty_ldisc_lock_pair() from acquiring the other side's ldisc lock.
Only acquire this side's ldisc lock; although this will no longer prevent the other side from writing new input, that input will not be processing until after the ldisc hangup is complete.
Reported-by: Sasha Levin <sasha.levin@oracle.com> Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
e80a10ee |
| 05-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Prefix tty_ldisc_{lock,lock_nested,unlock} functions
tty_ldisc_lock(), tty_ldisc_unlock(), and tty_ldisc_lock_nested() are low-level aliases for the underlying lock mechanism. Rename with doubl
tty: Prefix tty_ldisc_{lock,lock_nested,unlock} functions
tty_ldisc_lock(), tty_ldisc_unlock(), and tty_ldisc_lock_nested() are low-level aliases for the underlying lock mechanism. Rename with double underscore to allow for new, higher level functions with those names.
Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
62462aef |
| 05-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Simplify tty_ldisc_release() interface
Passing the 'other' tty to tty_ldisc_release() only makes sense for a pty pair; make o_tty function local instead.
Reviewed-by: Alan Cox <alan@linux.inte
tty: Simplify tty_ldisc_release() interface
Passing the 'other' tty to tty_ldisc_release() only makes sense for a pty pair; make o_tty function local instead.
Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
3ff51a19 |
| 05-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Remove TTY_HUPPING
Now that tty_ldisc_hangup() does not drop the tty lock, it is no longer possible to observe TTY_HUPPING while holding the tty lock on another cpu.
Remove TTY_HUPPING bit def
tty: Remove TTY_HUPPING
Now that tty_ldisc_hangup() does not drop the tty lock, it is no longer possible to observe TTY_HUPPING while holding the tty lock on another cpu.
Remove TTY_HUPPING bit definition.
Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
c8483bc9 |
| 05-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Invert tty_lock/ldisc_sem lock order
Dropping the tty lock to acquire the tty->ldisc_sem allows several race conditions (such as hangup while changing the ldisc) which requires extra states and
tty: Invert tty_lock/ldisc_sem lock order
Dropping the tty lock to acquire the tty->ldisc_sem allows several race conditions (such as hangup while changing the ldisc) which requires extra states and testing. The ldisc_sem->tty_lock lock order has not been required since tty buffer ownership was moved to tty_port.
Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
3ee175d9 |
| 05-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Don't hold tty_lock for ldisc release
The tty->ldisc_sem write lock is sufficient for serializing changes to tty->ldisc; holding the tty lock is not required.
Reviewed-by: Alan Cox <alan@linux
tty: Don't hold tty_lock for ldisc release
The tty->ldisc_sem write lock is sufficient for serializing changes to tty->ldisc; holding the tty lock is not required.
Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
f8e87cb4 |
| 03-Jan-2014 |
Paul Gortmaker <paul.gortmaker@windriver.com> |
tty: delete non-required instances of include <linux/init.h>
None of these files are actually using any __init type directives and hence don't need to include <linux/init.h>. Most are just a left o
tty: delete non-required instances of include <linux/init.h>
None of these files are actually using any __init type directives and hence don't need to include <linux/init.h>. Most are just a left over from __devinit and __cpuinit removal, or simply due to code getting copied from one driver to the next.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
6a1c0680 |
| 15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Convert termios_mutex to termios_rwsem
termios is commonly accessed unsafely (especially by N_TTY) because the existing mutex forces exclusive access. Convert existing usage.
Signed-off-by: Pe
tty: Convert termios_mutex to termios_rwsem
termios is commonly accessed unsafely (especially by N_TTY) because the existing mutex forces exclusive access. Convert existing usage.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
3b80df7c |
| 15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Don't change receive_room for ioctl(TIOCSETD)
tty_set_ldisc() is guaranteed exclusive use of the line discipline by tty_ldisc_lock_pair_timeout(); shutting off input by resetting receive_room i
tty: Don't change receive_room for ioctl(TIOCSETD)
tty_set_ldisc() is guaranteed exclusive use of the line discipline by tty_ldisc_lock_pair_timeout(); shutting off input by resetting receive_room is unnecessary.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
b0e95858 |
| 15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Clarify multiple-references comment in TIOCSETD ioctl
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e97733ca |
| 15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix hangup race with TIOCSETD ioctl
The hangup may already have happened; check for that state also.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <g
tty: Fix hangup race with TIOCSETD ioctl
The hangup may already have happened; check for that state also.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
9fbfa34c |
| 15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Clarify ldisc variable
Rename o_ldisc to avoid confusion with the ldisc of the 'other' tty.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@lin
tty: Clarify ldisc variable
Rename o_ldisc to avoid confusion with the ldisc of the 'other' tty.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
36697529 |
| 15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Replace ldisc locking with ldisc_sem
Line discipline locking was performed with a combination of a mutex, a status bit, a count, and a waitqueue -- basically, a rw semaphore.
Replace the exist
tty: Replace ldisc locking with ldisc_sem
Line discipline locking was performed with a combination of a mutex, a status bit, a count, and a waitqueue -- basically, a rw semaphore.
Replace the existing combination with an ld_semaphore.
Fixes: 1) the 'reference acquire after ldisc locked' bug 2) the over-complicated halt mechanism 3) lock order wrt. tty_lock() 4) dropping locks while changing ldisc 5) previously unidentified deadlock while locking ldisc from both linked ttys concurrently 6) previously unidentified recursive deadlocks
Adds much-needed lockdep diagnostics.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|