Commit 71378785 authored by Brian Bloniarz's avatar Brian Bloniarz Committed by Greg Kroah-Hartman

Fix OpenSSH pty regression on close

commit 0f40fbbc upstream.

OpenSSH expects the (non-blocking) read() of pty master to return
EAGAIN only if it has received all of the slave-side output after
it has received SIGCHLD. This used to work on pre-3.12 kernels.

This fix effectively forces non-blocking read() and poll() to
block for parallel i/o to complete for all ttys. It also unwinds
these changes:

1) f8747d4a
   tty: Fix pty master read() after slave closes

2) 52bce7f8
   pty, n_tty: Simplify input processing on final close

3) 1a48632f
   pty: Fix input race when closing

Inspired by analysis and patch from Marc Aurele La France <tsi@tuyoix.net>
Reported-by: default avatarVolth <openssh@volth.com>
Reported-by: default avatarMarc Aurele La France <tsi@tuyoix.net>
BugLink: https://bugzilla.mindrot.org/show_bug.cgi?id=52
BugLink: https://bugzilla.mindrot.org/show_bug.cgi?id=2492Signed-off-by: default avatarBrian Bloniarz <brian.bloniarz@gmail.com>
Reviewed-by: default avatarPeter Hurley <peter@hurleysoftware.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent eb578848
...@@ -213,9 +213,6 @@ TTY_IO_ERROR If set, causes all subsequent userspace read/write ...@@ -213,9 +213,6 @@ TTY_IO_ERROR If set, causes all subsequent userspace read/write
TTY_OTHER_CLOSED Device is a pty and the other side has closed. TTY_OTHER_CLOSED Device is a pty and the other side has closed.
TTY_OTHER_DONE Device is a pty and the other side has closed and
all pending input processing has been completed.
TTY_NO_WRITE_SPLIT Prevent driver from splitting up writes into TTY_NO_WRITE_SPLIT Prevent driver from splitting up writes into
smaller chunks. smaller chunks.
......
...@@ -600,7 +600,7 @@ static ssize_t n_hdlc_tty_read(struct tty_struct *tty, struct file *file, ...@@ -600,7 +600,7 @@ static ssize_t n_hdlc_tty_read(struct tty_struct *tty, struct file *file,
add_wait_queue(&tty->read_wait, &wait); add_wait_queue(&tty->read_wait, &wait);
for (;;) { for (;;) {
if (test_bit(TTY_OTHER_DONE, &tty->flags)) { if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
ret = -EIO; ret = -EIO;
break; break;
} }
...@@ -828,7 +828,7 @@ static unsigned int n_hdlc_tty_poll(struct tty_struct *tty, struct file *filp, ...@@ -828,7 +828,7 @@ static unsigned int n_hdlc_tty_poll(struct tty_struct *tty, struct file *filp,
/* set bits for operations that won't block */ /* set bits for operations that won't block */
if (n_hdlc->rx_buf_list.head) if (n_hdlc->rx_buf_list.head)
mask |= POLLIN | POLLRDNORM; /* readable */ mask |= POLLIN | POLLRDNORM; /* readable */
if (test_bit(TTY_OTHER_DONE, &tty->flags)) if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
mask |= POLLHUP; mask |= POLLHUP;
if (tty_hung_up_p(filp)) if (tty_hung_up_p(filp))
mask |= POLLHUP; mask |= POLLHUP;
......
...@@ -1955,18 +1955,6 @@ static inline int input_available_p(struct tty_struct *tty, int poll) ...@@ -1955,18 +1955,6 @@ static inline int input_available_p(struct tty_struct *tty, int poll)
return ldata->commit_head - ldata->read_tail >= amt; return ldata->commit_head - ldata->read_tail >= amt;
} }
static inline int check_other_done(struct tty_struct *tty)
{
int done = test_bit(TTY_OTHER_DONE, &tty->flags);
if (done) {
/* paired with cmpxchg() in check_other_closed(); ensures
* read buffer head index is not stale
*/
smp_mb__after_atomic();
}
return done;
}
/** /**
* copy_from_read_buf - copy read data directly * copy_from_read_buf - copy read data directly
* @tty: terminal device * @tty: terminal device
...@@ -2171,7 +2159,7 @@ static ssize_t n_tty_read(struct tty_struct *tty, struct file *file, ...@@ -2171,7 +2159,7 @@ static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
struct n_tty_data *ldata = tty->disc_data; struct n_tty_data *ldata = tty->disc_data;
unsigned char __user *b = buf; unsigned char __user *b = buf;
DEFINE_WAIT_FUNC(wait, woken_wake_function); DEFINE_WAIT_FUNC(wait, woken_wake_function);
int c, done; int c;
int minimum, time; int minimum, time;
ssize_t retval = 0; ssize_t retval = 0;
long timeout; long timeout;
...@@ -2239,32 +2227,35 @@ static ssize_t n_tty_read(struct tty_struct *tty, struct file *file, ...@@ -2239,32 +2227,35 @@ static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
((minimum - (b - buf)) >= 1)) ((minimum - (b - buf)) >= 1))
ldata->minimum_to_wake = (minimum - (b - buf)); ldata->minimum_to_wake = (minimum - (b - buf));
done = check_other_done(tty);
if (!input_available_p(tty, 0)) { if (!input_available_p(tty, 0)) {
if (done) {
retval = -EIO;
break;
}
if (tty_hung_up_p(file))
break;
if (!timeout)
break;
if (file->f_flags & O_NONBLOCK) {
retval = -EAGAIN;
break;
}
if (signal_pending(current)) {
retval = -ERESTARTSYS;
break;
}
up_read(&tty->termios_rwsem); up_read(&tty->termios_rwsem);
tty_buffer_flush_work(tty->port);
down_read(&tty->termios_rwsem);
if (!input_available_p(tty, 0)) {
if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
retval = -EIO;
break;
}
if (tty_hung_up_p(file))
break;
if (!timeout)
break;
if (file->f_flags & O_NONBLOCK) {
retval = -EAGAIN;
break;
}
if (signal_pending(current)) {
retval = -ERESTARTSYS;
break;
}
up_read(&tty->termios_rwsem);
timeout = wait_woken(&wait, TASK_INTERRUPTIBLE, timeout = wait_woken(&wait, TASK_INTERRUPTIBLE,
timeout); timeout);
down_read(&tty->termios_rwsem); down_read(&tty->termios_rwsem);
continue; continue;
}
} }
if (ldata->icanon && !L_EXTPROC(tty)) { if (ldata->icanon && !L_EXTPROC(tty)) {
...@@ -2446,12 +2437,17 @@ static unsigned int n_tty_poll(struct tty_struct *tty, struct file *file, ...@@ -2446,12 +2437,17 @@ static unsigned int n_tty_poll(struct tty_struct *tty, struct file *file,
poll_wait(file, &tty->read_wait, wait); poll_wait(file, &tty->read_wait, wait);
poll_wait(file, &tty->write_wait, wait); poll_wait(file, &tty->write_wait, wait);
if (check_other_done(tty))
mask |= POLLHUP;
if (input_available_p(tty, 1)) if (input_available_p(tty, 1))
mask |= POLLIN | POLLRDNORM; mask |= POLLIN | POLLRDNORM;
else {
tty_buffer_flush_work(tty->port);
if (input_available_p(tty, 1))
mask |= POLLIN | POLLRDNORM;
}
if (tty->packet && tty->link->ctrl_status) if (tty->packet && tty->link->ctrl_status)
mask |= POLLPRI | POLLIN | POLLRDNORM; mask |= POLLPRI | POLLIN | POLLRDNORM;
if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
mask |= POLLHUP;
if (tty_hung_up_p(file)) if (tty_hung_up_p(file))
mask |= POLLHUP; mask |= POLLHUP;
if (!(mask & (POLLHUP | POLLIN | POLLRDNORM))) { if (!(mask & (POLLHUP | POLLIN | POLLRDNORM))) {
......
...@@ -59,7 +59,7 @@ static void pty_close(struct tty_struct *tty, struct file *filp) ...@@ -59,7 +59,7 @@ static void pty_close(struct tty_struct *tty, struct file *filp)
if (!tty->link) if (!tty->link)
return; return;
set_bit(TTY_OTHER_CLOSED, &tty->link->flags); set_bit(TTY_OTHER_CLOSED, &tty->link->flags);
tty_flip_buffer_push(tty->link->port); wake_up_interruptible(&tty->link->read_wait);
wake_up_interruptible(&tty->link->write_wait); wake_up_interruptible(&tty->link->write_wait);
if (tty->driver->subtype == PTY_TYPE_MASTER) { if (tty->driver->subtype == PTY_TYPE_MASTER) {
set_bit(TTY_OTHER_CLOSED, &tty->flags); set_bit(TTY_OTHER_CLOSED, &tty->flags);
...@@ -247,9 +247,7 @@ static int pty_open(struct tty_struct *tty, struct file *filp) ...@@ -247,9 +247,7 @@ static int pty_open(struct tty_struct *tty, struct file *filp)
goto out; goto out;
clear_bit(TTY_IO_ERROR, &tty->flags); clear_bit(TTY_IO_ERROR, &tty->flags);
/* TTY_OTHER_CLOSED must be cleared before TTY_OTHER_DONE */
clear_bit(TTY_OTHER_CLOSED, &tty->link->flags); clear_bit(TTY_OTHER_CLOSED, &tty->link->flags);
clear_bit(TTY_OTHER_DONE, &tty->link->flags);
set_bit(TTY_THROTTLED, &tty->flags); set_bit(TTY_THROTTLED, &tty->flags);
return 0; return 0;
......
...@@ -37,29 +37,6 @@ ...@@ -37,29 +37,6 @@
#define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF) #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF)
/*
* If all tty flip buffers have been processed by flush_to_ldisc() or
* dropped by tty_buffer_flush(), check if the linked pty has been closed.
* If so, wake the reader/poll to process
*/
static inline void check_other_closed(struct tty_struct *tty)
{
unsigned long flags, old;
/* transition from TTY_OTHER_CLOSED => TTY_OTHER_DONE must be atomic */
for (flags = ACCESS_ONCE(tty->flags);
test_bit(TTY_OTHER_CLOSED, &flags);
) {
old = flags;
__set_bit(TTY_OTHER_DONE, &flags);
flags = cmpxchg(&tty->flags, old, flags);
if (old == flags) {
wake_up_interruptible(&tty->read_wait);
break;
}
}
}
/** /**
* tty_buffer_lock_exclusive - gain exclusive access to buffer * tty_buffer_lock_exclusive - gain exclusive access to buffer
* tty_buffer_unlock_exclusive - release exclusive access * tty_buffer_unlock_exclusive - release exclusive access
...@@ -254,8 +231,6 @@ void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) ...@@ -254,8 +231,6 @@ void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld)
if (ld && ld->ops->flush_buffer) if (ld && ld->ops->flush_buffer)
ld->ops->flush_buffer(tty); ld->ops->flush_buffer(tty);
check_other_closed(tty);
atomic_dec(&buf->priority); atomic_dec(&buf->priority);
mutex_unlock(&buf->lock); mutex_unlock(&buf->lock);
} }
...@@ -505,10 +480,8 @@ static void flush_to_ldisc(struct work_struct *work) ...@@ -505,10 +480,8 @@ static void flush_to_ldisc(struct work_struct *work)
*/ */
count = smp_load_acquire(&head->commit) - head->read; count = smp_load_acquire(&head->commit) - head->read;
if (!count) { if (!count) {
if (next == NULL) { if (next == NULL)
check_other_closed(tty);
break; break;
}
buf->head = next; buf->head = next;
tty_buffer_free(port, head); tty_buffer_free(port, head);
continue; continue;
...@@ -597,3 +570,8 @@ bool tty_buffer_cancel_work(struct tty_port *port) ...@@ -597,3 +570,8 @@ bool tty_buffer_cancel_work(struct tty_port *port)
{ {
return cancel_work_sync(&port->buf.work); return cancel_work_sync(&port->buf.work);
} }
void tty_buffer_flush_work(struct tty_port *port)
{
flush_work(&port->buf.work);
}
...@@ -338,7 +338,6 @@ struct tty_file_private { ...@@ -338,7 +338,6 @@ struct tty_file_private {
#define TTY_EXCLUSIVE 3 /* Exclusive open mode */ #define TTY_EXCLUSIVE 3 /* Exclusive open mode */
#define TTY_DEBUG 4 /* Debugging */ #define TTY_DEBUG 4 /* Debugging */
#define TTY_DO_WRITE_WAKEUP 5 /* Call write_wakeup after queuing new */ #define TTY_DO_WRITE_WAKEUP 5 /* Call write_wakeup after queuing new */
#define TTY_OTHER_DONE 6 /* Closed pty has completed input processing */
#define TTY_LDISC_OPEN 11 /* Line discipline is open */ #define TTY_LDISC_OPEN 11 /* Line discipline is open */
#define TTY_PTY_LOCK 16 /* pty private */ #define TTY_PTY_LOCK 16 /* pty private */
#define TTY_NO_WRITE_SPLIT 17 /* Preserve write boundaries to driver */ #define TTY_NO_WRITE_SPLIT 17 /* Preserve write boundaries to driver */
...@@ -469,6 +468,7 @@ extern void tty_buffer_init(struct tty_port *port); ...@@ -469,6 +468,7 @@ extern void tty_buffer_init(struct tty_port *port);
extern void tty_buffer_set_lock_subclass(struct tty_port *port); extern void tty_buffer_set_lock_subclass(struct tty_port *port);
extern bool tty_buffer_restart_work(struct tty_port *port); extern bool tty_buffer_restart_work(struct tty_port *port);
extern bool tty_buffer_cancel_work(struct tty_port *port); extern bool tty_buffer_cancel_work(struct tty_port *port);
extern void tty_buffer_flush_work(struct tty_port *port);
extern speed_t tty_termios_baud_rate(struct ktermios *termios); extern speed_t tty_termios_baud_rate(struct ktermios *termios);
extern speed_t tty_termios_input_baud_rate(struct ktermios *termios); extern speed_t tty_termios_input_baud_rate(struct ktermios *termios);
extern void tty_termios_encode_baud_rate(struct ktermios *termios, extern void tty_termios_encode_baud_rate(struct ktermios *termios,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment