Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7f543476 authored by Gaurav Kohli's avatar Gaurav Kohli
Browse files

tty: fix data race between tty_init_dev and flush of buf 



There can be a race, if receive_buf call comes before
tty initialization completes in n_tty_open and tty->disc_data
may be NULL.

CPU0					CPU1
----					----
 000|n_tty_receive_buf_common()   	n_tty_open()
-001|n_tty_receive_buf2()		tty_ldisc_open.isra.3()
-002|tty_ldisc_receive_buf(inline)	tty_ldisc_setup()

Using ldisc semaphore lock in tty_init_dev till disc_data
initializes completely.

Change-Id: I5a5ac8ee5c2c7a260e447b6dae6fd2ea423212d1
Signed-off-by: default avatarGaurav Kohli <gkohli@codeaurora.org>
Reviewed-by: default avatarAlan Cox <alan@linux.intel.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: b027e2298bd588d6fa36ed2eda97447fb3eac078
Git-repo: https://kernel.googlesource.com/pub/scm/linux/kernel/git/gregkh/tty/


Signed-off-by: default avatarGaurav Kohli <gkohli@codeaurora.org>
parent 7662b4eb

drivers/tty/tty_io.c

+7 −1
Original line number Diff line number Diff line
@@ -1543,6 +1543,9 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 
			"%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",

			__func__, tty->driver->name);



	retval = tty_ldisc_lock(tty, 5 * HZ);

	if (retval)

		goto err_release_lock;

	tty->port->itty = tty;



	/*
@@ -1553,6 +1556,7 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 
	retval = tty_ldisc_setup(tty, tty->link);

	if (retval)

		goto err_release_tty;

	tty_ldisc_unlock(tty);

	/* Return the tty locked so that it cannot vanish under the caller */

	return tty;
@@ -1565,9 +1569,11 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 


	/* call the tty release_tty routine to clean out this slot */

err_release_tty:

	tty_unlock(tty);

	tty_ldisc_unlock(tty);

	tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",

			     retval, idx);

err_release_lock:

	tty_unlock(tty);

	release_tty(tty, idx);

	return ERR_PTR(retval);

}

drivers/tty/tty_ldisc.c

+2 −2
Original line number Diff line number Diff line
@@ -333,7 +333,7 @@ static inline void __tty_ldisc_unlock(struct tty_struct *tty) 
	ldsem_up_write(&tty->ldisc_sem);

}



static int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout)

int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout)

{

	int ret;
@@ -344,7 +344,7 @@ static int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout) 
	return 0;

}



static void tty_ldisc_unlock(struct tty_struct *tty)

void tty_ldisc_unlock(struct tty_struct *tty)

{

	clear_bit(TTY_LDISC_HALTED, &tty->flags);

	__tty_ldisc_unlock(tty);

include/linux/tty.h

+2 −0
Original line number Diff line number Diff line
@@ -394,6 +394,8 @@ extern struct tty_struct *get_current_tty(void); 
/* tty_io.c */

extern int __init tty_init(void);

extern const char *tty_name(const struct tty_struct *tty);

extern int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout);

extern void tty_ldisc_unlock(struct tty_struct *tty);

#else

static inline void console_init(void)

{ }