Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 71378785 authored by Brian Bloniarz's avatar Brian Bloniarz Committed by Greg Kroah-Hartman
Browse files

Fix OpenSSH pty regression on close 



commit 0f40fbbcc34e093255a2b2d70b6b0fb48c3f39aa upstream.

OpenSSH expects the (non-blocking) read() of pty master to return
EAGAIN only if it has received all of the slave-side output after
it has received SIGCHLD. This used to work on pre-3.12 kernels.

This fix effectively forces non-blocking read() and poll() to
block for parallel i/o to complete for all ttys. It also unwinds
these changes:

1) f8747d4a
   tty: Fix pty master read() after slave closes

2) 52bce7f8
   pty, n_tty: Simplify input processing on final close

3) 1a48632f
   pty: Fix input race when closing

Inspired by analysis and patch from Marc Aurele La France <tsi@tuyoix.net>

Reported-by: default avatarVolth <openssh@volth.com>
Reported-by: default avatarMarc Aurele La France <tsi@tuyoix.net>
BugLink: https://bugzilla.mindrot.org/show_bug.cgi?id=52
BugLink: https://bugzilla.mindrot.org/show_bug.cgi?id=2492


Signed-off-by: default avatarBrian Bloniarz <brian.bloniarz@gmail.com>
Reviewed-by: default avatarPeter Hurley <peter@hurleysoftware.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent eb578848

Documentation/serial/tty.txt

+0 −3
Original line number Original line Diff line number Diff line
@@ -213,9 +213,6 @@ TTY_IO_ERROR If set, causes all subsequent userspace read/write 




TTY_OTHER_CLOSED	Device is a pty and the other side has closed.

TTY_OTHER_CLOSED	Device is a pty and the other side has closed.





TTY_OTHER_DONE		Device is a pty and the other side has closed and

			all pending input processing has been completed.



TTY_NO_WRITE_SPLIT	Prevent driver from splitting up writes into

TTY_NO_WRITE_SPLIT	Prevent driver from splitting up writes into

			smaller chunks.

			smaller chunks.

drivers/tty/n_hdlc.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -600,7 +600,7 @@ static ssize_t n_hdlc_tty_read(struct tty_struct *tty, struct file *file, 
	add_wait_queue(&tty->read_wait, &wait);

	add_wait_queue(&tty->read_wait, &wait);





	for (;;) {

	for (;;) {

		if (test_bit(TTY_OTHER_DONE, &tty->flags)) {

		if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {

			ret = -EIO;

			ret = -EIO;

			break;

			break;

		}

		}
@@ -828,7 +828,7 @@ static unsigned int n_hdlc_tty_poll(struct tty_struct *tty, struct file *filp, 
		/* set bits for operations that won't block */

		/* set bits for operations that won't block */

		if (n_hdlc->rx_buf_list.head)

		if (n_hdlc->rx_buf_list.head)

			mask |= POLLIN | POLLRDNORM;	/* readable */

			mask |= POLLIN | POLLRDNORM;	/* readable */

		if (test_bit(TTY_OTHER_DONE, &tty->flags))

		if (test_bit(TTY_OTHER_CLOSED, &tty->flags))

			mask |= POLLHUP;

			mask |= POLLHUP;

		if (tty_hung_up_p(filp))

		if (tty_hung_up_p(filp))

			mask |= POLLHUP;

			mask |= POLLHUP;

drivers/tty/n_tty.c

+33 −37
Original line number Original line Diff line number Diff line
@@ -1955,18 +1955,6 @@ static inline int input_available_p(struct tty_struct *tty, int poll) 
		return ldata->commit_head - ldata->read_tail >= amt;

		return ldata->commit_head - ldata->read_tail >= amt;

}

}





static inline int check_other_done(struct tty_struct *tty)

{

	int done = test_bit(TTY_OTHER_DONE, &tty->flags);

	if (done) {

		/* paired with cmpxchg() in check_other_closed(); ensures

		 * read buffer head index is not stale

		 */

		smp_mb__after_atomic();

	}

	return done;

}



/**

/**

 *	copy_from_read_buf	-	copy read data directly

 *	copy_from_read_buf	-	copy read data directly

 *	@tty: terminal device

 *	@tty: terminal device
@@ -2171,7 +2159,7 @@ static ssize_t n_tty_read(struct tty_struct *tty, struct file *file, 
	struct n_tty_data *ldata = tty->disc_data;

	struct n_tty_data *ldata = tty->disc_data;

	unsigned char __user *b = buf;

	unsigned char __user *b = buf;

	DEFINE_WAIT_FUNC(wait, woken_wake_function);

	DEFINE_WAIT_FUNC(wait, woken_wake_function);

	int c, done;

	int c;

	int minimum, time;

	int minimum, time;

	ssize_t retval = 0;

	ssize_t retval = 0;

	long timeout;

	long timeout;
@@ -2239,10 +2227,12 @@ static ssize_t n_tty_read(struct tty_struct *tty, struct file *file, 
		    ((minimum - (b - buf)) >= 1))

		    ((minimum - (b - buf)) >= 1))

			ldata->minimum_to_wake = (minimum - (b - buf));

			ldata->minimum_to_wake = (minimum - (b - buf));





		done = check_other_done(tty);



		if (!input_available_p(tty, 0)) {

		if (!input_available_p(tty, 0)) {

			if (done) {

			up_read(&tty->termios_rwsem);

			tty_buffer_flush_work(tty->port);

			down_read(&tty->termios_rwsem);

			if (!input_available_p(tty, 0)) {

				if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {

					retval = -EIO;

					retval = -EIO;

					break;

					break;

				}

				}
@@ -2266,6 +2256,7 @@ static ssize_t n_tty_read(struct tty_struct *tty, struct file *file, 
				down_read(&tty->termios_rwsem);

				down_read(&tty->termios_rwsem);

				continue;

				continue;

			}

			}

		}





		if (ldata->icanon && !L_EXTPROC(tty)) {

		if (ldata->icanon && !L_EXTPROC(tty)) {

			retval = canon_copy_from_read_buf(tty, &b, &nr);

			retval = canon_copy_from_read_buf(tty, &b, &nr);
@@ -2446,12 +2437,17 @@ static unsigned int n_tty_poll(struct tty_struct *tty, struct file *file, 




	poll_wait(file, &tty->read_wait, wait);

	poll_wait(file, &tty->read_wait, wait);

	poll_wait(file, &tty->write_wait, wait);

	poll_wait(file, &tty->write_wait, wait);

	if (check_other_done(tty))

		mask |= POLLHUP;

	if (input_available_p(tty, 1))

	if (input_available_p(tty, 1))

		mask |= POLLIN | POLLRDNORM;

		mask |= POLLIN | POLLRDNORM;

	else {

		tty_buffer_flush_work(tty->port);

		if (input_available_p(tty, 1))

			mask |= POLLIN | POLLRDNORM;

	}

	if (tty->packet && tty->link->ctrl_status)

	if (tty->packet && tty->link->ctrl_status)

		mask |= POLLPRI | POLLIN | POLLRDNORM;

		mask |= POLLPRI | POLLIN | POLLRDNORM;

	if (test_bit(TTY_OTHER_CLOSED, &tty->flags))

		mask |= POLLHUP;

	if (tty_hung_up_p(file))

	if (tty_hung_up_p(file))

		mask |= POLLHUP;

		mask |= POLLHUP;

	if (!(mask & (POLLHUP | POLLIN | POLLRDNORM))) {

	if (!(mask & (POLLHUP | POLLIN | POLLRDNORM))) {

drivers/tty/pty.c

+1 −3
Original line number Original line Diff line number Diff line
@@ -59,7 +59,7 @@ static void pty_close(struct tty_struct *tty, struct file *filp) 
	if (!tty->link)

	if (!tty->link)

		return;

		return;

	set_bit(TTY_OTHER_CLOSED, &tty->link->flags);

	set_bit(TTY_OTHER_CLOSED, &tty->link->flags);

	tty_flip_buffer_push(tty->link->port);

	wake_up_interruptible(&tty->link->read_wait);

	wake_up_interruptible(&tty->link->write_wait);

	wake_up_interruptible(&tty->link->write_wait);

	if (tty->driver->subtype == PTY_TYPE_MASTER) {

	if (tty->driver->subtype == PTY_TYPE_MASTER) {

		set_bit(TTY_OTHER_CLOSED, &tty->flags);

		set_bit(TTY_OTHER_CLOSED, &tty->flags);
@@ -247,9 +247,7 @@ static int pty_open(struct tty_struct *tty, struct file *filp) 
		goto out;

		goto out;





	clear_bit(TTY_IO_ERROR, &tty->flags);

	clear_bit(TTY_IO_ERROR, &tty->flags);

	/* TTY_OTHER_CLOSED must be cleared before TTY_OTHER_DONE */

	clear_bit(TTY_OTHER_CLOSED, &tty->link->flags);

	clear_bit(TTY_OTHER_CLOSED, &tty->link->flags);

	clear_bit(TTY_OTHER_DONE, &tty->link->flags);

	set_bit(TTY_THROTTLED, &tty->flags);

	set_bit(TTY_THROTTLED, &tty->flags);

	return 0;

	return 0;

drivers/tty/tty_buffer.c

+6 −28
Original line number Original line Diff line number Diff line
@@ -37,29 +37,6 @@ 




#define TTY_BUFFER_PAGE	(((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF)

#define TTY_BUFFER_PAGE	(((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF)





/*

 * If all tty flip buffers have been processed by flush_to_ldisc() or

 * dropped by tty_buffer_flush(), check if the linked pty has been closed.

 * If so, wake the reader/poll to process

 */

static inline void check_other_closed(struct tty_struct *tty)

{

	unsigned long flags, old;



	/* transition from TTY_OTHER_CLOSED => TTY_OTHER_DONE must be atomic */

	for (flags = ACCESS_ONCE(tty->flags);

	     test_bit(TTY_OTHER_CLOSED, &flags);

	     ) {

		old = flags;

		__set_bit(TTY_OTHER_DONE, &flags);

		flags = cmpxchg(&tty->flags, old, flags);

		if (old == flags) {

			wake_up_interruptible(&tty->read_wait);

			break;

		}

	}

}



/**

/**

 *	tty_buffer_lock_exclusive	-	gain exclusive access to buffer

 *	tty_buffer_lock_exclusive	-	gain exclusive access to buffer

 *	tty_buffer_unlock_exclusive	-	release exclusive access

 *	tty_buffer_unlock_exclusive	-	release exclusive access
@@ -254,8 +231,6 @@ void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) 
	if (ld && ld->ops->flush_buffer)

	if (ld && ld->ops->flush_buffer)

		ld->ops->flush_buffer(tty);

		ld->ops->flush_buffer(tty);





	check_other_closed(tty);



	atomic_dec(&buf->priority);

	atomic_dec(&buf->priority);

	mutex_unlock(&buf->lock);

	mutex_unlock(&buf->lock);

}

}
@@ -505,10 +480,8 @@ static void flush_to_ldisc(struct work_struct *work) 
		 */

		 */

		count = smp_load_acquire(&head->commit) - head->read;

		count = smp_load_acquire(&head->commit) - head->read;

		if (!count) {

		if (!count) {

			if (next == NULL) {

			if (next == NULL)

				check_other_closed(tty);

				break;

				break;

			}

			buf->head = next;

			buf->head = next;

			tty_buffer_free(port, head);

			tty_buffer_free(port, head);

			continue;

			continue;
@@ -597,3 +570,8 @@ bool tty_buffer_cancel_work(struct tty_port *port) 
{

{

	return cancel_work_sync(&port->buf.work);

	return cancel_work_sync(&port->buf.work);

}

}



void tty_buffer_flush_work(struct tty_port *port)

{

	flush_work(&port->buf.work);

}