Commit 9c1729db authored by Alan Cox's avatar Alan Cox Committed by Linus Torvalds

Prevent an O_NDELAY writer from blocking when a tty write is blocked by the tty atomic writer mutex

Without this a tty write could block if a previous blocking tty write was
in progress on the same tty and blocked by a line discipline or hardware
event.  Originally found and reported by Dave Johnson.
Signed-off-by: default avatarAlan Cox <alan@redhat.com>
Acked-by: default avatarDave Johnson <djohnson+linux-kernel@sw.starentnetworks.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent c9c64155
...@@ -780,13 +780,14 @@ static unsigned int n_hdlc_tty_poll(struct tty_struct *tty, struct file *filp, ...@@ -780,13 +780,14 @@ static unsigned int n_hdlc_tty_poll(struct tty_struct *tty, struct file *filp,
poll_wait(filp, &tty->write_wait, wait); poll_wait(filp, &tty->write_wait, wait);
/* set bits for operations that won't block */ /* set bits for operations that won't block */
if(n_hdlc->rx_buf_list.head) if (n_hdlc->rx_buf_list.head)
mask |= POLLIN | POLLRDNORM; /* readable */ mask |= POLLIN | POLLRDNORM; /* readable */
if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
mask |= POLLHUP; mask |= POLLHUP;
if(tty_hung_up_p(filp)) if (tty_hung_up_p(filp))
mask |= POLLHUP; mask |= POLLHUP;
if(n_hdlc->tx_free_buf_list.head) if (!tty_is_writelocked(tty) &&
n_hdlc->tx_free_buf_list.head)
mask |= POLLOUT | POLLWRNORM; /* writable */ mask |= POLLOUT | POLLWRNORM; /* writable */
} }
return mask; return mask;
...@@ -861,7 +862,7 @@ static void n_hdlc_buf_put(struct n_hdlc_buf_list *list, ...@@ -861,7 +862,7 @@ static void n_hdlc_buf_put(struct n_hdlc_buf_list *list,
spin_lock_irqsave(&list->spinlock,flags); spin_lock_irqsave(&list->spinlock,flags);
buf->link=NULL; buf->link=NULL;
if(list->tail) if (list->tail)
list->tail->link = buf; list->tail->link = buf;
else else
list->head = buf; list->head = buf;
......
...@@ -1538,7 +1538,8 @@ static unsigned int normal_poll(struct tty_struct * tty, struct file * file, pol ...@@ -1538,7 +1538,8 @@ static unsigned int normal_poll(struct tty_struct * tty, struct file * file, pol
else else
tty->minimum_to_wake = 1; tty->minimum_to_wake = 1;
} }
if (tty->driver->chars_in_buffer(tty) < WAKEUP_CHARS && if (!tty_is_writelocked(tty) &&
tty->driver->chars_in_buffer(tty) < WAKEUP_CHARS &&
tty->driver->write_room(tty) > 0) tty->driver->write_room(tty) > 0)
mask |= POLLOUT | POLLWRNORM; mask |= POLLOUT | POLLWRNORM;
return mask; return mask;
......
...@@ -1726,6 +1726,23 @@ static ssize_t tty_read(struct file * file, char __user * buf, size_t count, ...@@ -1726,6 +1726,23 @@ static ssize_t tty_read(struct file * file, char __user * buf, size_t count,
return i; return i;
} }
void tty_write_unlock(struct tty_struct *tty)
{
mutex_unlock(&tty->atomic_write_lock);
wake_up_interruptible(&tty->write_wait);
}
int tty_write_lock(struct tty_struct *tty, int ndelay)
{
if (!mutex_trylock(&tty->atomic_write_lock)) {
if (ndelay)
return -EAGAIN;
if (mutex_lock_interruptible(&tty->atomic_write_lock))
return -ERESTARTSYS;
}
return 0;
}
/* /*
* Split writes up in sane blocksizes to avoid * Split writes up in sane blocksizes to avoid
* denial-of-service type attacks * denial-of-service type attacks
...@@ -1737,13 +1754,12 @@ static inline ssize_t do_tty_write( ...@@ -1737,13 +1754,12 @@ static inline ssize_t do_tty_write(
const char __user *buf, const char __user *buf,
size_t count) size_t count)
{ {
ssize_t ret = 0, written = 0; ssize_t ret, written = 0;
unsigned int chunk; unsigned int chunk;
/* FIXME: O_NDELAY ... */ ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
if (mutex_lock_interruptible(&tty->atomic_write_lock)) { if (ret < 0)
return -ERESTARTSYS; return ret;
}
/* /*
* We chunk up writes into a temporary buffer. This * We chunk up writes into a temporary buffer. This
...@@ -1776,8 +1792,8 @@ static inline ssize_t do_tty_write( ...@@ -1776,8 +1792,8 @@ static inline ssize_t do_tty_write(
buf = kmalloc(chunk, GFP_KERNEL); buf = kmalloc(chunk, GFP_KERNEL);
if (!buf) { if (!buf) {
mutex_unlock(&tty->atomic_write_lock); ret = -ENOMEM;
return -ENOMEM; goto out;
} }
kfree(tty->write_buf); kfree(tty->write_buf);
tty->write_cnt = chunk; tty->write_cnt = chunk;
...@@ -1812,7 +1828,8 @@ static inline ssize_t do_tty_write( ...@@ -1812,7 +1828,8 @@ static inline ssize_t do_tty_write(
inode->i_mtime = current_fs_time(inode->i_sb); inode->i_mtime = current_fs_time(inode->i_sb);
ret = written; ret = written;
} }
mutex_unlock(&tty->atomic_write_lock); out:
tty_write_unlock(tty);
return ret; return ret;
} }
...@@ -3163,14 +3180,13 @@ static int tiocsetd(struct tty_struct *tty, int __user *p) ...@@ -3163,14 +3180,13 @@ static int tiocsetd(struct tty_struct *tty, int __user *p)
static int send_break(struct tty_struct *tty, unsigned int duration) static int send_break(struct tty_struct *tty, unsigned int duration)
{ {
if (mutex_lock_interruptible(&tty->atomic_write_lock)) if (tty_write_lock(tty, 0) < 0)
return -EINTR; return -EINTR;
tty->driver->break_ctl(tty, -1); tty->driver->break_ctl(tty, -1);
if (!signal_pending(current)) { if (!signal_pending(current))
msleep_interruptible(duration); msleep_interruptible(duration);
}
tty->driver->break_ctl(tty, 0); tty->driver->break_ctl(tty, 0);
mutex_unlock(&tty->atomic_write_lock); tty_write_unlock(tty);
if (signal_pending(current)) if (signal_pending(current))
return -EINTR; return -EINTR;
return 0; return 0;
......
...@@ -667,7 +667,7 @@ static int send_prio_char(struct tty_struct *tty, char ch) ...@@ -667,7 +667,7 @@ static int send_prio_char(struct tty_struct *tty, char ch)
return 0; return 0;
} }
if (mutex_lock_interruptible(&tty->atomic_write_lock)) if (tty_write_lock(tty, 0) < 0)
return -ERESTARTSYS; return -ERESTARTSYS;
if (was_stopped) if (was_stopped)
...@@ -675,7 +675,7 @@ static int send_prio_char(struct tty_struct *tty, char ch) ...@@ -675,7 +675,7 @@ static int send_prio_char(struct tty_struct *tty, char ch)
tty->driver->write(tty, &ch, 1); tty->driver->write(tty, &ch, 1);
if (was_stopped) if (was_stopped)
stop_tty(tty); stop_tty(tty);
mutex_unlock(&tty->atomic_write_lock); tty_write_unlock(tty);
return 0; return 0;
} }
......
...@@ -338,6 +338,12 @@ extern struct tty_struct *get_current_tty(void); ...@@ -338,6 +338,12 @@ extern struct tty_struct *get_current_tty(void);
extern struct mutex tty_mutex; extern struct mutex tty_mutex;
extern void tty_write_unlock(struct tty_struct *tty);
extern int tty_write_lock(struct tty_struct *tty, int ndelay);
#define tty_is_writelocked(tty) (mutex_is_locked(&tty->atomic_write_lock))
/* n_tty.c */ /* n_tty.c */
extern struct tty_ldisc tty_ldisc_N_TTY; extern struct tty_ldisc tty_ldisc_N_TTY;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment