Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-03 01:21:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
4903fde804
linux/drivers/tty
History
Hui Li 4903fde804 tty: fix hang on tty device with no_room set 
It is possible to hang pty devices in this case, the reader was
blocking at epoll on master side, the writer was sleeping at
wait_woken inside n_tty_write on slave side, and the write buffer
on tty_port was full, we found that the reader and writer would
never be woken again and blocked forever.

The problem was caused by a race between reader and kworker:
n_tty_read(reader):  n_tty_receive_buf_common(kworker):
copy_from_read_buf()|
                    |room = N_TTY_BUF_SIZE - (ldata->read_head - tail)
                    |room <= 0
n_tty_kick_worker() |
                    |ldata->no_room = true

After writing to slave device, writer wakes up kworker to flush
data on tty_port to reader, and the kworker finds that reader
has no room to store data so room <= 0 is met. At this moment,
reader consumes all the data on reader buffer and calls
n_tty_kick_worker to check ldata->no_room which is false and
reader quits reading. Then kworker sets ldata->no_room=true
and quits too.

If write buffer is not full, writer will wake kworker to flush data
again after following writes, but if write buffer is full and writer
goes to sleep, kworker will never be woken again and tty device is
blocked.

This problem can be solved with a check for read buffer size inside
n_tty_receive_buf_common, if read buffer is empty and ldata->no_room
is true, a call to n_tty_kick_worker is necessary to keep flushing
data to reader.

Cc: <stable@vger.kernel.org>
Fixes: 42458f41d0 ("n_tty: Ensure reader restarts worker for next reader")
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Hui Li <caelli@tencent.com>
Message-ID: <1680749090-14106-1-git-send-email-caelli@tencent.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-06-15 12:21:11 +02:00
..
hvc xen: branch for v6.3-rc4 2023-03-24 09:44:43 -07:00
ipwireless
serdev serdev: Add method to assert break signal over tty UART port 2023-04-23 21:51:25 -07:00
serial serial: core: fix -EPROBE_DEFER handling in init 2023-06-15 12:20:51 +02:00
vt vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF 2023-05-13 20:01:13 +09:00
amiserial.c tty: Convert hw_stopped in tty_struct to bool 2023-03-17 15:01:09 +01:00
ehv_bytechan.c tty: evh_bytechan: Replace NO_IRQ by 0 2022-11-02 08:10:42 +01:00
goldfish.c tty: goldfish: Fix free_irq() on remove 2022-06-10 13:31:31 +02:00
Kconfig Char/Misc drivers for 6.4-rc1 2023-04-27 12:07:50 -07:00
Makefile
mips_ejtag_fdc.c serial: Convert SERIAL_XMIT_SIZE to UART_XMIT_SIZE 2022-06-27 14:41:31 +02:00
moxa.c tty: moxa: Rename dtr/rts parameters/variables to active 2023-01-19 16:04:35 +01:00
mxser.c tty: Convert hw_stopped in tty_struct to bool 2023-03-17 15:01:09 +01:00
n_gsm.c n_gsm: Use array_index_nospec() with index that comes from userspace 2023-04-20 14:11:33 +02:00
n_hdlc.c tty: n_hdlc: remove HDLC_MAGIC 2022-09-22 16:12:34 +02:00
n_null.c
n_tty.c tty: fix hang on tty device with no_room set 2023-06-15 12:21:11 +02:00
nozomi.c
pty.c tty: make tty_class a static const structure 2023-04-03 21:43:07 +02:00
rpmsg_tty.c tty: rpmsg: Fix race condition releasing tty port 2022-01-26 14:50:26 +01:00
synclink_gt.c tty: synclink_gt: don't allocate and pass dummy flags 2023-04-20 13:32:53 +02:00
sysrq.c treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
tty_audit.c
tty_baudrate.c tty: Fix comment style in tty_termios_input_baud_rate() 2022-08-30 14:22:34 +02:00
tty_buffer.c tty: Convert tty_buffer flags to bool 2022-11-09 13:02:16 +01:00
tty_io.c Driver core changes for 6.4-rc1 2023-04-27 11:53:57 -07:00
tty_ioctl.c tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH 2023-03-29 10:55:53 +02:00
tty_jobctrl.c signal: Replace __group_send_sig_info with send_signal_locked 2022-05-11 14:33:17 -05:00
tty_ldisc.c tty: tty_ldisc: Remove the ret variable 2023-03-09 17:11:18 +01:00
tty_ldsem.c
tty_mutex.c tty: remove TTY_MAGIC 2022-09-22 16:12:34 +02:00
tty_port.c tty: Convert ->dtr_rts() to take bool argument 2023-01-19 16:04:35 +01:00
tty.h tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH 2023-03-29 10:55:53 +02:00
ttynull.c
vcc.c termios: start unifying non-UAPI parts of asm/termios.h 2022-09-09 10:44:34 +02:00