Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-26 06:02:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
a501ab75e7
linux/drivers/tty
History
Jiri Slaby a501ab75e7 tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() 
There is a race in pty_write(). pty_write() can be called in parallel
with e.g. ioctl(TIOCSTI) or ioctl(TCXONC) which also inserts chars to
the buffer. Provided, tty_flip_buffer_push() in pty_write() is called
outside the lock, it can commit inconsistent tail. This can lead to out
of bounds writes and other issues. See the Link below.

To fix this, we have to introduce a new helper called
tty_insert_flip_string_and_push_buffer(). It does both
tty_insert_flip_string() and tty_flip_buffer_commit() under the port
lock. It also calls queue_work(), but outside the lock. See
71a174b39f (pty: do tty_flip_buffer_push without port->lock in
pty_write) for the reasons.

Keep the helper internal-only (in drivers' tty.h). It is not intended to
be used widely.

Link: https://seclists.org/oss-sec/2022/q2/155
Fixes: 71a174b39f (pty: do tty_flip_buffer_push without port->lock in pty_write)
Cc: 一只狗 <chennbnbnb@gmail.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Suggested-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Link: https://lore.kernel.org/r/20220707082558.9250-2-jslaby@suse.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-07-08 15:16:28 +02:00
..
hvc xen: branch for v5.19-rc1b 2022-06-04 13:42:53 -07:00
ipwireless tty: drop put_tty_driver 2021-07-27 12:17:21 +02:00
serdev tty: Replace acpi_bus_get_device() 2022-01-31 14:30:06 +01:00
serial serial: 8250: dw: Fix the macro RZN1_UART_xDMACR_8_WORD_BURST 2022-06-30 17:19:11 +02:00
vt vt: fix memory overlapping when deleting chars in the buffer 2022-06-30 17:17:40 +02:00
amiserial.c tty: remove CMSPAR ifdefs 2022-05-19 18:26:16 +02:00
ehv_bytechan.c tty: drop put_tty_driver 2021-07-27 12:17:21 +02:00
goldfish.c tty: goldfish: Fix free_irq() on remove 2022-06-10 13:31:31 +02:00
Kconfig tty: add rpmsg driver 2021-10-21 12:35:35 +02:00
Makefile tty: add rpmsg driver 2021-10-21 12:35:35 +02:00
mips_ejtag_fdc.c tty: mips_ejtag_fdc: Make use of the helper function kthread_run_on_cpu() 2021-12-03 16:00:41 +01:00
moxa.c tty: drivers/tty/, stop using tty_schedule_flip() 2021-11-25 18:35:23 +01:00
mxser.c tty: remove BOTHER ifdefs 2022-05-19 18:26:17 +02:00
n_gsm.c tty: n_gsm: Debug output allocation must use GFP_ATOMIC 2022-06-10 13:30:11 +02:00
n_hdlc.c Linux 5.16-rc6 2021-12-20 10:00:30 +01:00
n_null.c
n_tty.c tty: Rework receive flow control char logic 2022-05-19 18:33:34 +02:00
nozomi.c tty: drop put_tty_driver 2021-07-27 12:17:21 +02:00
pty.c tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() 2022-07-08 15:16:28 +02:00
rpmsg_tty.c tty: rpmsg: Fix race condition releasing tty port 2022-01-26 14:50:26 +01:00
synclink_gt.c tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() 2022-04-14 18:26:30 +02:00
sysrq.c TTY / Serial driver changes for 5.19-rc1 2022-06-03 11:08:40 -07:00
tty_audit.c
tty_baudrate.c tty: remove IBSHIFT ifdefs 2022-05-19 18:26:17 +02:00
tty_buffer.c tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() 2022-07-08 15:16:28 +02:00
tty_io.c memcg: enable accounting for tty-related objects 2022-03-22 15:57:04 -07:00
tty_ioctl.c tty: remove BOTHER ifdefs 2022-05-19 18:26:17 +02:00
tty_jobctrl.c signal: Replace __group_send_sig_info with send_signal_locked 2022-05-11 14:33:17 -05:00
tty_ldisc.c tty: reformat kernel-doc in tty_ldisc.c 2021-11-26 16:27:43 +01:00
tty_ldsem.c tty/ldsem: Fix syntax errors in comments 2021-12-21 09:15:49 +01:00
tty_mutex.c
tty_port.c tty: Drop duplicate NULL check in TTY port functions 2022-02-04 16:58:25 +01:00
tty.h tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() 2022-07-08 15:16:28 +02:00
ttynull.c tty: drop put_tty_driver 2021-07-27 12:17:21 +02:00
vcc.c tty: drop put_tty_driver 2021-07-27 12:17:21 +02:00