#
66aad7d8 |
|
07-Dec-2023 |
Oliver Neukum <oneukum@suse.com> |
usb: cdc-acm: return correct error code on unsupported break In ACM support for sending breaks to devices is optional. If a device says that it doenot support sending breaks, the host must respect that. Given the number of optional features providing tty operations for each combination is not practical and errors need to be returned dynamically if unsupported features are requested. In case a device does not support break, we want the tty layer to treat that like it treats drivers that statically cannot support sending a break. It ignores the inability and does nothing. This patch uses EOPNOTSUPP to indicate that. Signed-off-by: Oliver Neukum <oneukum@suse.com> Fixes: 9e98966c7bb94 ("tty: rework break handling") Link: https://lore.kernel.org/r/20231207132639.18250-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4ff4379c |
|
26-Nov-2023 |
Florian Eckert <fe@dev.tdt.de> |
tty: add new helper function tty_get_tiocm There is no in-kernel function to get the status register of a tty device like the TIOCMGET ioctl returns to userspace. Create a new function, tty_get_tiocm(), to obtain the status register that other portions of the kernel can call if they need this information, and move the existing internal tty_tiocmget() function to use this interface. Signed-off-by: Florian Eckert <fe@dev.tdt.de> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Link: https://lore.kernel.org/r/20231127110311.3583957-2-fe@dev.tdt.de Signed-off-by: Lee Jones <lee@kernel.org>
|
#
4e8d8878 |
|
06-Dec-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: core: the rest to u8 There are still last minor users in the tty core that still reference characters by the 'char' type. Switch them to u8. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20231206073712.17776-6-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
3a00da02 |
|
06-Dec-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: make tty_operations::send_xchar accept u8 char tty_operations::send_xchar is one of the last users of 'char' type for characters in the tty layer. Convert it to u8 now. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Cc: Karsten Keil <isdn@linux-pingi.de> Cc: Ulf Hansson <ulf.hansson@linaro.org> Cc: Marcel Holtmann <marcel@holtmann.org> Cc: Johan Hedberg <johan.hedberg@gmail.com> Cc: Luiz Augusto von Dentz <luiz.dentz@gmail.com> Cc: netdev@vger.kernel.org Cc: linux-mmc@vger.kernel.org Cc: linux-bluetooth@vger.kernel.org Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org> Link: https://lore.kernel.org/r/20231206073712.17776-5-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d22d53ad |
|
21-Nov-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: remove unneeded mbz from tiocsti() 'mbz' in tiocsti() is used only to pass TTY_NORMAL to tty_ldisc_ops::receive_buf(). But that can be achieved easier by simply passing NULL to ::receive_buf(). So drop this 'mbz'. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20231121092258.9334-3-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4c74253b |
|
21-Nov-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: deprecate tty_write_message() tty_write_message() has only one user: quotas. In particular, there the use depends on CONFIG_PRINT_QUOTA_WARNING. And that is deprecated and marked as BROKEN already too. So make tty_write_message() dependent on that very config option. This action in fact drops tty_write_message() from the vmlinux binary. Good riddance. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Cc: Jan Kara <jack@suse.com> Acked-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20231121092258.9334-2-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
838eb763 |
|
19-Oct-2023 |
Florian Eckert <fe@dev.tdt.de> |
tty: whitespaces in descriptions corrected by replacing tabs with spaces Tabs were used in the function description, to make this look more uniform, the tabs were replaced by spaces where necessary. While we're at it, I also replaced the 'ndashes' with simple dashes, since only those are supported by sphinx. Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Florian Eckert <fe@dev.tdt.de> Link: https://lore.kernel.org/r/20231019112809.881730-2-fe@dev.tdt.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
24f2cd01 |
|
19-Sep-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: use 'if' in send_break() instead of 'goto' Now, the "jumped-over" code is simple enough to be put inside an 'if'. Do so to make it 'goto'-less. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20230919085156.1578-16-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fd99392b |
|
19-Sep-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: don't check for signal_pending() in send_break() msleep_interruptible() will check on its own. So no need to do the check in send_break() before calling the above. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20230919085156.1578-15-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
66619686 |
|
19-Sep-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: early return from send_break() on TTY_DRIVER_HARDWARE_BREAK If the driver sets TTY_DRIVER_HARDWARE_BREAK, we leave ops->break_ctl() to the driver and return from send_break(). But we do it using a local variable and keep the code flowing through the end of the function. Instead, do 'return' immediately with the ops->break_ctl()'s return value. This way, we don't have to stuff the 'else' branch of the 'if' with the software break handling. And we can re-indent the function too. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20230919085156.1578-14-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c38f45ef |
|
19-Sep-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: stop using ndash in kernel-doc An ndash used instead of a single dash renders a bullet to the result. So use only single dashes in kernel-doc. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20230919085156.1578-11-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
06a743af |
|
02-Oct-2023 |
Joel Granados <j.granados@samsung.com> |
tty: Remove now superfluous sentinel element from ctl_table array This commit comes at the tail end of a greater effort to remove the empty elements at the end of the ctl_table arrays (sentinels) which will reduce the overall build time size of the kernel and run time memory bloat by ~64 bytes per sentinel (further information Link : https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@bombadil.infradead.org/) Remove sentinel from tty_table Signed-off-by: Joel Granados <j.granados@samsung.com> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
|
#
ee088ed7 |
|
04-Oct-2023 |
Jeff Layton <jlayton@kernel.org> |
tty: convert to new timestamp accessors Convert to using the new inode timestamp accessor functions. Signed-off-by: Jeff Layton <jlayton@kernel.org> Link: https://lore.kernel.org/r/20231004185347.80880-9-jlayton@kernel.org Signed-off-by: Christian Brauner <brauner@kernel.org>
|
#
48a6ab88 |
|
10-Aug-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: use min() for size computation in iterate_tty_read() The computation is more obvious with min(). Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20230810091510.13006-27-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e3afc5b0 |
|
10-Aug-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: switch size and count types in iterate_tty_read() to size_t ld->ops->read() returns ssize_t. copy_to_iter() returns size_t. So switch the variables ('size' and 'copied', respectively) to the corresponding types. This allows for use of min() in the next patch. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20230810091510.13006-26-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
24b01c5d |
|
10-Aug-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: use ssize_t for iterate_tty_read() returned type tty_read() is supposed to return ssize_t. It takes the return value from iterate_tty_read(). That currently returns int. On the top of that, iterate_tty_write() already returns ssize_t. So switch iterate_tty_read() to ssize_t too, so that all three are consistent. This means 'i' in tty_read() changes its type too. And while changing that, rename this generic 'i' to more dedicated 'ret'. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20230810091510.13006-25-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ccc8dc00 |
|
10-Aug-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: use min() in iterate_tty_write() It simplifies the code. The "price" is we have to unify 'chunk' to be size_t the same as 'count' is. But that change is actually correct. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20230810091510.13006-24-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a32a672d |
|
10-Aug-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: rename and de-inline do_tty_write() Make do_tty_write()'s name sound similar to iterate_tty_read(). They both do similar things, so there is no reason for so distinct names. The new name is therefore iterate_tty_write(). Drop the unnedeed inline modifier too. Let the compiler decide. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20230810091510.13006-23-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f47a4fd6 |
|
10-Aug-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: don't pass write() to do_tty_write() write() passed to do_tty_write() is always ld->ops->write(). Instead, align with iterate_tty_read() and pass the whole ld instead. This makes the code easier to follow as it is clear what the write is. And also the function signature is more readable. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20230810091510.13006-22-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
af815336 |
|
10-Aug-2023 |
Jiri Slaby (SUSE) <jirislaby@kernel.org> |
tty: change tty_write_lock()'s ndelay parameter to bool It's a yes-no parameter, so convert it to bool to be obvious. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20230810091510.13006-6-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
b4940f6c |
|
12-Jul-2023 |
Jiri Slaby <jirislaby@kernel.org> |
tty: make check_tty_count() void The return value is unused, so drop it. Signed-off-by: Jiri Slaby (SUSE) <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20230712085830.4908-1-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5ffd2c37 |
|
17-Aug-2023 |
Oleg Nesterov <oleg@redhat.com> |
kill do_each_thread() Eric has pointed out that we still have 3 users of do_each_thread(). Change them to use for_each_process_thread() and kill this helper. There is a subtle change, after do_each_thread/while_each_thread g == t == &init_task, while after for_each_process_thread() they both point to nowhere, but this doesn't matter. > Why is for_each_process_thread() better than do_each_thread()? Say, for_each_process_thread() is rcu safe, do_each_thread() is not. And certainly for_each_process_thread(p, t) { do_something(p, t); } looks better than do_each_thread(p, t) { do_something(p, t); } while_each_thread(p, t); And again, there are only 3 users of this awkward helper left. It should have been killed years ago and in fact I thought it had already been killed. It uses while_each_thread() which needs some changes. Link: https://lkml.kernel.org/r/20230817163708.GA8248@redhat.com Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: "Christian Brauner (Microsoft)" <brauner@kernel.org> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Jiri Slaby <jirislaby@kernel.org> # tty/serial Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
|
#
690c8b80 |
|
09-Jul-2023 |
Samuel Thibault <samuel.thibault@ens-lyon.org> |
TIOCSTI: always enable for CAP_SYS_ADMIN 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled") broke BRLTTY's ability to simulate keypresses on the console, thus effectively breaking braille keyboards of blind users. This restores the TIOCSTI feature for CAP_SYS_ADMIN processes, which BRLTTY is, thus fixing braille keyboards without re-opening the security issue. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Kees Cook <keescook@chromium.org> Fixes: 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled") Cc: stable@vger.kernel.org Reported-by: Nicolas Pitre <nico@fluxnic.net> Link: https://lore.kernel.org/r/20230710002645.v565c7xq5iddruse@begin Acked-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
360c11e2 |
|
13-Jun-2023 |
Michal Sekletar <msekleta@redhat.com> |
tty: tty_io: update timestamps on all device nodes User space applications watch for timestamp changes on character device files in order to determine idle time of a given terminal session. For example, "w" program uses this information to populate the IDLE column of its output [1]. Similarly, systemd-logind has optional feature where it uses atime of the tty character device to determine if there was activity on the terminal associated with the logind's session object. If there was no activity for a configured period of time then logind will terminate such session [2]. Now, usually (e.g. bash running on the terminal) the use of the terminal will update timestamps (atime and mtime) on the corresponding terminal character device. However, if access to the terminal, e.g. /dev/pts/0, is performed through magic character device /dev/tty then such access obviously changes the state of the terminal, however timestamps on the device that correspond to the terminal (/dev/pts/0) are not updated. This patch makes sure that we update timestamps on *all* character devices that correspond to the given tty, because outside observers (w, systemd-logind) are maybe checking these timestamps. Obviously, they can not check timestamps on /dev/tty as that has per-process meaning. [1] https://gitlab.com/procps-ng/procps/-/blob/v4.0.0/w.c#L286 [2] https://github.com/systemd/systemd/blob/v252/NEWS#L477 Signed-off-by: Michal Sekletar <msekleta@redhat.com> Message-ID: <20230613172107.78138-1-msekleta@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
b0072734 |
|
22-May-2023 |
David Howells <dhowells@redhat.com> |
tty, proc, kernfs, random: Use copy_splice_read() Use copy_splice_read() for tty, procfs, kernfs and random files rather than going through generic_file_splice_read() as they just copy the file into the output buffer and don't splice pages. This avoids the need for them to have a ->read_folio() to satisfy filemap_splice_read(). Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> cc: Christoph Hellwig <hch@lst.de> cc: Jens Axboe <axboe@kernel.dk> cc: Al Viro <viro@zeniv.linux.org.uk> cc: John Hubbard <jhubbard@nvidia.com> cc: David Hildenbrand <david@redhat.com> cc: Matthew Wilcox <willy@infradead.org> cc: Miklos Szeredi <miklos@szeredi.hu> cc: Arnd Bergmann <arnd@arndb.de> cc: linux-block@vger.kernel.org cc: linux-fsdevel@vger.kernel.org cc: linux-mm@kvack.org Link: https://lore.kernel.org/r/20230522135018.2742245-13-dhowells@redhat.com Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
#
862d8312 |
|
02-Apr-2023 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
tty: make tty_class a static const structure Now that the driver core allows for struct class to be in read-only memory, move the tty_class structure to be declared at build time placing it into read-only memory, instead of having to be dynamically allocated at boot time. Cc: "Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/2023040250-landowner-unfitted-11f4@gregkh Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
094fb49a |
|
17-Mar-2023 |
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> |
tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH If userspace races tcsetattr() with a write, the drained condition might not be guaranteed by the kernel. There is a race window after checking Tx is empty before tty_set_termios() takes termios_rwsem for write. During that race window, more characters can be queued by a racing writer. Any ongoing transmission might produce garbage during HW's ->set_termios() call. The intent of TCSADRAIN/FLUSH seems to be preventing such a character corruption. If those flags are set, take tty's write lock to stop any writer before performing the lower layer Tx empty check and wait for the pending characters to be sent (if any). The initial wait for all-writers-done must be placed outside of tty's write lock to avoid deadlock which makes it impossible to use tty_wait_until_sent(). The write lock is retried if a racing write is detected. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Link: https://lore.kernel.org/r/20230317113318.31327-2-ilpo.jarvinen@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
1aaba11d |
|
13-Mar-2023 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
driver core: class: remove module * from class_create() The module pointer in class_create() never actually did anything, and it shouldn't have been requred to be set as a parameter even if it did something. So just remove it and fix up all callers of the function in the kernel tree at the same time. Cc: "Rafael J. Wysocki" <rafael@kernel.org> Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Link: https://lore.kernel.org/r/20230313181843.1207845-4-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6d12b774 |
|
02-Mar-2023 |
Luis Chamberlain <mcgrof@kernel.org> |
tty: simplify sysctl registration register_sysctl_table() is a deprecated compatibility wrapper. register_sysctl_init() can do the directory creation for you so just use that Signed-off-by: Luis Chamberlain <mcgrof@kernel.org> Link: https://lore.kernel.org/r/20230302204612.782387-7-mcgrof@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
db4df8e9 |
|
08-Dec-2022 |
Sven Schnelle <svens@linux.ibm.com> |
tty: fix out-of-bounds access in tty_driver_lookup_tty() When specifying an invalid console= device like console=tty3270, tty_driver_lookup_tty() returns the tty struct without checking whether index is a valid number. To reproduce: qemu-system-x86_64 -enable-kvm -nographic -serial mon:stdio \ -kernel ../linux-build-x86/arch/x86/boot/bzImage \ -append "console=ttyS0 console=tty3270" This crashes with: [ 0.770599] BUG: kernel NULL pointer dereference, address: 00000000000000ef [ 0.771265] #PF: supervisor read access in kernel mode [ 0.771773] #PF: error_code(0x0000) - not-present page [ 0.772609] Oops: 0000 [#1] PREEMPT SMP PTI [ 0.774878] RIP: 0010:tty_open+0x268/0x6f0 [ 0.784013] chrdev_open+0xbd/0x230 [ 0.784444] ? cdev_device_add+0x80/0x80 [ 0.784920] do_dentry_open+0x1e0/0x410 [ 0.785389] path_openat+0xca9/0x1050 [ 0.785813] do_filp_open+0xaa/0x150 [ 0.786240] file_open_name+0x133/0x1b0 [ 0.786746] filp_open+0x27/0x50 [ 0.787244] console_on_rootfs+0x14/0x4d [ 0.787800] kernel_init_freeable+0x1e4/0x20d [ 0.788383] ? rest_init+0xc0/0xc0 [ 0.788881] kernel_init+0x11/0x120 [ 0.789356] ret_from_fork+0x22/0x30 Signed-off-by: Sven Schnelle <svens@linux.ibm.com> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20221209112737.3222509-2-svens@linux.ibm.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ff62b8e6 |
|
23-Nov-2022 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
driver core: make struct class.devnode() take a const * The devnode() in struct class should not be modifying the device that is passed into it, so mark it as a const * and propagate the function signature changes out into all relevant subsystems that use this callback. Cc: Fenghua Yu <fenghua.yu@intel.com> Cc: Reinette Chatre <reinette.chatre@intel.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: x86@kernel.org Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Cc: Jens Axboe <axboe@kernel.dk> Cc: Justin Sanders <justin@coraid.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Sumit Semwal <sumit.semwal@linaro.org> Cc: Benjamin Gaignard <benjamin.gaignard@collabora.com> Cc: Liam Mark <lmark@codeaurora.org> Cc: Laura Abbott <labbott@redhat.com> Cc: Brian Starkey <Brian.Starkey@arm.com> Cc: John Stultz <jstultz@google.com> Cc: "Christian König" <christian.koenig@amd.com> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> Cc: Maxime Ripard <mripard@kernel.org> Cc: Thomas Zimmermann <tzimmermann@suse.de> Cc: David Airlie <airlied@gmail.com> Cc: Daniel Vetter <daniel@ffwll.ch> Cc: Jason Gunthorpe <jgg@ziepe.ca> Cc: Leon Romanovsky <leon@kernel.org> Cc: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com> Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com> Cc: Mauro Carvalho Chehab <mchehab@kernel.org> Cc: Sean Young <sean@mess.org> Cc: Frank Haverkamp <haver@linux.ibm.com> Cc: Jiri Slaby <jirislaby@kernel.org> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Cc: Alex Williamson <alex.williamson@redhat.com> Cc: Cornelia Huck <cohuck@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Anton Vorontsov <anton@enomsg.org> Cc: Colin Cross <ccross@android.com> Cc: Tony Luck <tony.luck@intel.com> Cc: Jaroslav Kysela <perex@perex.cz> Cc: Takashi Iwai <tiwai@suse.com> Cc: Hans Verkuil <hverkuil-cisco@xs4all.nl> Cc: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Cc: Xie Yongji <xieyongji@bytedance.com> Cc: Gautam Dawar <gautam.dawar@xilinx.com> Cc: Dan Carpenter <error27@gmail.com> Cc: Eli Cohen <elic@nvidia.com> Cc: Parav Pandit <parav@nvidia.com> Cc: Maxime Coquelin <maxime.coquelin@redhat.com> Cc: alsa-devel@alsa-project.org Cc: dri-devel@lists.freedesktop.org Cc: kvm@vger.kernel.org Cc: linaro-mm-sig@lists.linaro.org Cc: linux-block@vger.kernel.org Cc: linux-input@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: linux-media@vger.kernel.org Cc: linux-rdma@vger.kernel.org Cc: linux-scsi@vger.kernel.org Cc: linux-usb@vger.kernel.org Cc: virtualization@lists.linux-foundation.org Link: https://lore.kernel.org/r/20221123122523.1332370-2-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5c30f3e4 |
|
06-Nov-2022 |
Kees Cook <keescook@chromium.org> |
tty: Move TIOCSTI toggle variable before kerndoc The variable "tty_legacy_tiocsti" should be defined before the kerndoc for the tiocsti() function. The new variable was breaking the "htmldocs" build target: drivers/tty/tty_io.c:2271: warning: cannot understand function prototype: 'bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI); ' Fixes: 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled") Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Link: https://lore.kernel.org/lkml/20221107143434.66f7be35@canb.auug.org.au Cc: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Randy Dunlap <rdunlap@infradead.org> Link: https://lore.kernel.org/r/20221107034631.never.637-kees@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
83efeeeb |
|
22-Oct-2022 |
Kees Cook <keescook@chromium.org> |
tty: Allow TIOCSTI to be disabled TIOCSTI continues its long history of being used in privilege escalation attacks[1]. Prior attempts to provide a mechanism to disable this have devolved into discussions around creating full-blown LSMs to provide arbitrary ioctl filtering, which is hugely over-engineered -- only TIOCSTI is being used this way. 3 years ago OpenBSD entirely removed TIOCSTI[2], Android has had it filtered for longer[3], and the tools that had historically used TIOCSTI either do not need it, are not commonly built with it, or have had its use removed. Provide a simple CONFIG and global sysctl to disable this for the system builders who have wanted this functionality for literally decades now, much like the ldisc_autoload CONFIG and sysctl. [1] https://lore.kernel.org/linux-hardening/Y0m9l52AKmw6Yxi1@hostpad [2] https://undeadly.org/cgi?action=article;sid=20170701132619 [3] https://lore.kernel.org/lkml/CAFJ0LnFGRuEEn1tCLhoki8ZyWrKfktbF+rwwN7WzyC_kBFoQVA@mail.gmail.com/ Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Jiri Slaby <jirislaby@kernel.org> Cc: Simon Brand <simon.brand@postadigitale.de> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20221022182949.2684794-2-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5fd8c2d3 |
|
22-Oct-2022 |
Kees Cook <keescook@chromium.org> |
tty: Move sysctl setup into "core" tty logic In preparation for adding another sysctl to the tty subsystem, move the tty setup code into the "core" tty code, which contains tty_init() itself. Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20221022182949.2684794-1-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
7c2af0f6 |
|
16-Nov-2022 |
John Ogness <john.ogness@linutronix.de> |
tty: tty_io: use console_list_lock for list synchronization show_cons_active() uses the console_lock to gather information on registered consoles. It requires that no consoles are unregistered until it is finished. The console_list_lock should be used because list synchronization responsibility will be removed from the console_lock in a later change. Note, the console_lock is still needed to serialize the device() callback with other console operations. Signed-off-by: John Ogness <john.ogness@linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Petr Mladek <pmladek@suse.com> Signed-off-by: Petr Mladek <pmladek@suse.com> Link: https://lore.kernel.org/r/20221116162152.193147-34-john.ogness@linutronix.de
|
#
d25a2e74 |
|
16-Nov-2022 |
John Ogness <john.ogness@linutronix.de> |
tty: tty_io: document console_lock usage show_cons_active() uses the console_lock to gather information on registered consoles. Since the console_lock is being used for multiple reasons, explicitly document these reasons. This will be useful when the console_lock is split into fine-grained locking. Signed-off-by: John Ogness <john.ogness@linutronix.de> Reviewed-by: Petr Mladek <pmladek@suse.com> Signed-off-by: Petr Mladek <pmladek@suse.com> Link: https://lore.kernel.org/r/20221116162152.193147-10-john.ogness@linutronix.de
|
#
5052df99 |
|
15-Sep-2022 |
наб <nabijaczleweli@nabijaczleweli.xyz> |
tty: remove TTY_DRIVER_MAGIC According to Greg, in the context of magic numbers as defined in magic-number.rst, "the tty layer should not need this and I'll gladly take patches" Acked-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: https://lore.kernel.org/linux-doc/YyMlovoskUcHLEb7@kroah.com/ Link: https://lore.kernel.org/r/723478a270a3858f27843cbec621df4d5d44efcc.1663288066.git.nabijaczleweli@nabijaczleweli.xyz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
7a4e0d2c |
|
15-Sep-2022 |
наб <nabijaczleweli@nabijaczleweli.xyz> |
tty: remove TTY_MAGIC According to Greg, in the context of magic numbers as defined in magic-number.rst, "the tty layer should not need this and I'll gladly take patches" Acked-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: https://lore.kernel.org/linux-doc/YyMlovoskUcHLEb7@kroah.com/ Link: https://lore.kernel.org/r/476d024cd6b04160a5de381ea2b9856b60088cbd.1663288066.git.nabijaczleweli@nabijaczleweli.xyz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c9874d3f |
|
16-Aug-2018 |
Al Viro <viro@zeniv.linux.org.uk> |
termios: start unifying non-UAPI parts of asm/termios.h * new header (linut/termios_internal.h), pulled by the users of those suckers * defaults for INIT_C_CC and externs for conversion helpers moved over there * remove termios-base.h (empty now) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Link: https://lore.kernel.org/r/YxDmptU7dNGZ+/Hn@ZenIV Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
da1bb4ed |
|
21-May-2022 |
Julia Lawall <Julia.Lawall@inria.fr> |
tty: fix typos in comments Spelling mistakes (triple letters) in comments. Detected with the help of Coccinelle. Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> Link: https://lore.kernel.org/r/20220521111145.81697-95-Julia.Lawall@inria.fr Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c72d8592 |
|
22-Mar-2022 |
Vasily Averin <vvs@virtuozzo.com> |
memcg: enable accounting for tty-related objects At each login the user forces the kernel to create a new terminal and allocate up to ~1Kb memory for the tty-related structures. By default it's allowed to create up to 4096 ptys with 1024 reserve for initial mount namespace only and the settings are controlled by host admin. Though this default is not enough for hosters with thousands of containers per node. Host admin can be forced to increase it up to NR_UNIX98_PTY_MAX = 1<<20. By default container is restricted by pty mount_opt.max = 1024, but admin inside container can change it via remount. As a result, one container can consume almost all allowed ptys and allocate up to 1Gb of unaccounted memory. It is not enough per-se to trigger OOM on host, however anyway, it allows to significantly exceed the assigned memcg limit and leads to troubles on the over-committed node. It makes sense to account for them to restrict the host's memory consumption from inside the memcg-limited container. Link: https://lkml.kernel.org/r/5d4bca06-7d4f-a905-e518-12981ebca1b3@virtuozzo.com Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Shakeel Butt <shakeelb@google.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Vladimir Davydov <vdavydov.dev@gmail.com> Cc: Roman Gushchin <roman.gushchin@linux.dev> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
d6d9d17a |
|
20-Dec-2021 |
Andy Shevchenko <andriy.shevchenko@linux.intel.com> |
tty: tty_io: Switch to vmalloc() fallback in case of TTY_NO_WRITE_SPLIT When TTY_NO_WRITE_SPLIT is set and 64 KiB chunks are used, allow vmalloc() fallback. Supply __GFP_RETRY_MAYFAIL to make kmalloc() preferable over vmalloc() since we may want a better performance. Note, both current users copy data to another buffer anyway, so the type of our allocation doesn't affect their expectations. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/r/20211220133250.3070-1-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
31bc35d3 |
|
26-Nov-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: add kernel-doc for tty_standard_install It is the only missing exported function which is not documented. Fix it. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20211126081611.11001-23-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
38581283 |
|
26-Nov-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: add kernel-doc for more tty_driver functions The only documented function for tty_driver structure allocation/registration was __tty_alloc_driver(). Fix highlighting in that comment. And add kernel-doc headers to all tty_driver_kref_put(), tty_register_driver(), and tty_unregister_driver() -- i.e. the main ones. More to follow later. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20211126081611.11001-18-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
796a75a9 |
|
26-Nov-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: reformat kernel-doc in tty_io.c Kernel-doc is a bit strict about some formatting. So fix these: 1) When there is a tab in comments, it thinks the line is a continuation one. So the description of the functions end up as descriptions of the last parameter described. Remove the tabs. 2) Remove newlines before parameters description and after the comments. This was not wrong per se, only inconsistent with the rest of the file. 3) Add periods to the end of sentences where appropriate. 4) Add "()" to function names and "%" to constants, so that they are properly highlighted. By the above, this patch also unifies these docs with the other kernel-doc's in this file. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20211126081611.11001-13-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d78328bc |
|
22-Nov-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: remove file from tty_ldisc_ops::ioctl and compat_ioctl After the previous patches, noone needs 'file' parameter in neither ioctl hook from tty_ldisc_ops. So remove 'file' from both of them. Cc: Marcel Holtmann <marcel@holtmann.org> Cc: Johan Hedberg <johan.hedberg@gmail.com> Cc: Luiz Augusto von Dentz <luiz.dentz@gmail.com> Cc: Wolfgang Grandegger <wg@grandegger.com> Cc: Marc Kleine-Budde <mkl@pengutronix.de> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Andreas Koensgen <ajk@comnets.uni-bremen.de> Cc: Paul Mackerras <paulus@samba.org> Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> [NFC] Acked-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Acked-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20211122094529.24171-1-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
954a0881 |
|
18-Nov-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: clean up whitespace in __do_SAK() Remove spaces before the 'i' variable declaration and wrap parameters of group_send_sig_info(). Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20211118071911.12059-4-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
8cb28417 |
|
18-Nov-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: remove tty NULL check from __do_SAK() Both do_SAK_work() and vc_SAK() provide a valid tty to __do_SAK(), so remove the check. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20211118071911.12059-3-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
463d4c74 |
|
18-Nov-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: remove TTY_SOFT_SAK part from __do_SAK() Remove the TTY_SOFT_SAK part. It is never defined, so this is only confusing. It was actually never defined since its introduction in 0.99.14g. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20211118071911.12059-2-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
bb2853a6 |
|
22-Aug-2021 |
Nguyen Dinh Phi <phind.uet@gmail.com> |
tty: Fix data race between tiocsti() and flush_to_ldisc() The ops->receive_buf() may be accessed concurrently from these two functions. If the driver flushes data to the line discipline receive_buf() method while tiocsti() is waiting for the ops->receive_buf() to finish its work, the data race will happen. For example: tty_ioctl |tty_ldisc_receive_buf ->tioctsi | ->tty_port_default_receive_buf | ->tty_ldisc_receive_buf ->hci_uart_tty_receive | ->hci_uart_tty_receive ->h4_recv | ->h4_recv In this case, the h4 receive buffer will be overwritten by the latecomer, and we will lost the data. Hence, change tioctsi() function to use the exclusive lock interface from tty_buffer to avoid the data race. Reported-by: syzbot+97388eb9d31b997fe1d0@syzkaller.appspotmail.com Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Nguyen Dinh Phi <phind.uet@gmail.com> Link: https://lore.kernel.org/r/20210823000641.2082292-1-phind.uet@gmail.com Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
9f90a4dd |
|
23-Jul-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: drop put_tty_driver put_tty_driver() is an alias for tty_driver_kref_put(). There is no need for two exported identical functions, therefore switch all users of old put_tty_driver() to new tty_driver_kref_put() and remove the former for good. Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Cc: Matt Turner <mattst88@gmail.com> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Cc: Jeff Dike <jdike@addtoit.com> Cc: Richard Weinberger <richard@nod.at> Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com> Cc: Chris Zankel <chris@zankel.net> Cc: Max Filippov <jcmvbkbc@gmail.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Samuel Iglesias Gonsalvez <siglesias@igalia.com> Cc: Jens Taprogge <jens.taprogge@taprogge.org> Cc: Karsten Keil <isdn@linux-pingi.de> Cc: Scott Branden <scott.branden@broadcom.com> Cc: Ulf Hansson <ulf.hansson@linaro.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Heiko Carstens <hca@linux.ibm.com> Cc: Vasily Gorbik <gor@linux.ibm.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: David Lin <dtwlin@gmail.com> Cc: Johan Hovold <johan@kernel.org> Cc: Alex Elder <elder@kernel.org> Cc: Jiri Slaby <jirislaby@kernel.org> Cc: Laurentiu Tudor <laurentiu.tudor@nxp.com> Cc: Jiri Kosina <jikos@kernel.org> Cc: David Sterba <dsterba@suse.com> Cc: Shawn Guo <shawnguo@kernel.org> Cc: Sascha Hauer <s.hauer@pengutronix.de> Cc: Pengutronix Kernel Team <kernel@pengutronix.de> Cc: Fabio Estevam <festevam@gmail.com> Cc: NXP Linux Team <linux-imx@nxp.com> Cc: Oliver Neukum <oneukum@suse.com> Cc: Felipe Balbi <balbi@kernel.org> Cc: Mathias Nyman <mathias.nyman@intel.com> Cc: Marcel Holtmann <marcel@holtmann.org> Cc: Johan Hedberg <johan.hedberg@gmail.com> Cc: Luiz Augusto von Dentz <luiz.dentz@gmail.com> Acked-by: Alex Elder <elder@linaro.org> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Acked-by: Max Filippov <jcmvbkbc@gmail.com> Acked-by: David Sterba <dsterba@suse.com> Acked-by: Samuel Iglesias Gonsálvez <siglesias@igalia.com> Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20210723074317.32690-8-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
cb9ea618 |
|
23-Jul-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: make tty_set_operations an inline Since commit f34d7a5b7010 (tty: The big operations rework) in 2008, tty_set_operations() is a simple one-line assignment. There is no reason for this to be an exported function, hence move it to a header and make an inline from that. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20210723074317.32690-7-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d06e256f |
|
19-May-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: fix kernel-doc for {start,stop}_tty Commit f9e053dcfc02 (tty: Serialize tty flow control changes with flow_lock) renamed start_tty to __start_tty and stop_tty to __stop_tty and introduced new start_tty and stop_tty. But it left kernel-doc comments on the old locations: tty_io.c:785: warning: expecting prototype for stop_tty(). Prototype was for __stop_tty() instead tty_io.c:816: warning: expecting prototype for start_tty(). Prototype was for __start_tty() instead Fix that by moving the comments to appropriate locations. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20210519072153.3859-4-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
756a4e4a |
|
19-May-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: fix kernel-doc for tty_{read,write} After commits a9cbbb80e3e7 (tty: avoid using vfs_iocb_iter_write() for redirected console writes) and dd78b0c483e3 (tty: implement read_iter), the tty_read and tty_write kernel-doc comments don't match the code: tty_io.c:931: warning: Function parameter or member 'iocb' not described in 'tty_read' tty_io.c:931: warning: Function parameter or member 'to' not described in 'tty_read' tty_io.c:931: warning: Excess function parameter 'file' description in 'tty_read' tty_io.c:931: warning: Excess function parameter 'buf' description in 'tty_read' tty_io.c:931: warning: Excess function parameter 'count' description in 'tty_read' tty_io.c:931: warning: Excess function parameter 'ppos' description in 'tty_read' tty_io.c:1115: warning: Function parameter or member 'iocb' not described in 'file_tty_write' tty_io.c:1115: warning: Function parameter or member 'from' not described in 'file_tty_write' tty_io.c:1115: warning: expecting prototype for tty_write(). Prototype was for file_tty_write() instead Fix them to correspond the reality, i.e. the switch from read/write to read_iter/write_iter. Cc: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20210519072153.3859-3-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fab49103 |
|
12-May-2021 |
Xiaofei Tan <tanxiaofei@huawei.com> |
tty: tty_io: Remove return in void function Remove return in void function, reported by checkpatch.pl. Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com> Link: https://lore.kernel.org/r/1620811585-18582-15-git-send-email-tanxiaofei@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
27eab129 |
|
12-May-2021 |
Xiaofei Tan <tanxiaofei@huawei.com> |
tty: tty_io: Delete a blank line before EXPORT_SYMBOL(foo) Delete a blank line before EXPORT_SYMBOL(foo) so that EXPORT_SYMBOL(foo) immediately follow its function/variable, reported by checkpatch.pl. Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com> Link: https://lore.kernel.org/r/1620811585-18582-14-git-send-email-tanxiaofei@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5e4d5ac3 |
|
12-May-2021 |
Xiaofei Tan <tanxiaofei@huawei.com> |
tty: tty_io: Fix an issue of code indent for conditional statements Fix an issue of code indent for conditional statements,reported by checkpatch.pl. Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com> Link: https://lore.kernel.org/r/1620811585-18582-13-git-send-email-tanxiaofei@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
44969f85 |
|
12-May-2021 |
Xiaofei Tan <tanxiaofei@huawei.com> |
tty: tty_io: Remove the repeated word 'can' Remove the repeated word 'can' following advice of checkpatch.pl Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com> Link: https://lore.kernel.org/r/1620811585-18582-12-git-send-email-tanxiaofei@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
b426a5b8 |
|
12-May-2021 |
Xiaofei Tan <tanxiaofei@huawei.com> |
tty: tty_io: Fix coding style issues of block comments Fix coding style issues of block comments, reported by checkpatch.pl. Besides, add a period at the end of the sentenses. Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com> Link: https://lore.kernel.org/r/1620811585-18582-11-git-send-email-tanxiaofei@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d91c1a3e |
|
12-May-2021 |
Xiaofei Tan <tanxiaofei@huawei.com> |
tty: tty_io: Fix trailing whitespace issues Fix trailing whitespace issues, reported by checkpatch.pl. Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com> Link: https://lore.kernel.org/r/1620811585-18582-10-git-send-email-tanxiaofei@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
94bc2eb5 |
|
12-May-2021 |
Xiaofei Tan <tanxiaofei@huawei.com> |
tty: tty_io: Fix spaces required around that ':' Fix spaces required around that ':', reported by checkpatch.pl. Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com> Link: https://lore.kernel.org/r/1620811585-18582-9-git-send-email-tanxiaofei@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e73b2407 |
|
12-May-2021 |
Xiaofei Tan <tanxiaofei@huawei.com> |
tty: tty_io: Add a blank line after declarations Add a blank line after declarations, reported by checkpatch.pl. Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com> Link: https://lore.kernel.org/r/1620811585-18582-8-git-send-email-tanxiaofei@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
395e7833 |
|
12-May-2021 |
Xiaofei Tan <tanxiaofei@huawei.com> |
tty: tty_io: Remove spaces before tabs Remove spaces before tabs following the advice of checkpatch.pl. Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com> Link: https://lore.kernel.org/r/1620811585-18582-7-git-send-email-tanxiaofei@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
64d608db |
|
05-May-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: cumulate and document tty_struct::ctrl* members Group the ctrl members under a single struct called ctrl. The new struct contains 'pgrp', 'session', 'pktstatus', and 'packet'. 'pktstatus' and 'packet' used to be bits in a bitfield. The struct also contains the lock protecting them to share the same cache line. Note that commit c545b66c6922b (tty: Serialize tcflow() with other tty flow control changes) added a padding to the original bitfield. It was for the bitfield to occupy a whole 64b word to avoid interferring stores on Alpha (cannot we evaporate this arch with weird implications to C code yet?). But it doesn't work as expected as the padding (tty_struct::ctrl_unused) is aligned to a 8B boundary too and occupies some bytes from the next word. So make it reliable by: 1) setting __aligned of the struct -- that aligns the start, and 2) making 'unsigned long unused[0]' as the last member of the struct -- pads the end. Add a kerneldoc comment for this grouped members. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: netdev@vger.kernel.org Link: https://lore.kernel.org/r/20210505091928.22010-14-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6e94dbc7 |
|
05-May-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: cumulate and document tty_struct::flow* members Group the flow flags under a single struct called flow. The new struct contains 'stopped' and 'tco_stopped' bools which used to be bits in a bitfield. The struct also contains the lock protecting them to potentially share the same cache line. Note that commit c545b66c6922b (tty: Serialize tcflow() with other tty flow control changes) added a padding to the original bitfield. It was for the bitfield to occupy a whole 64b word to avoid interferring stores on Alpha (cannot we evaporate this arch with weird implications to C code yet?). But it doesn't work as expected as the padding (tty_struct::unused) is aligned to a 8B boundary too and occupies some bytes from the next word. So make it reliable by: 1) setting __aligned of the struct -- that aligns the start, and 2) making 'unsigned long unused[0]' as the last member of the struct -- pads the end. This is also the perfect time to start the documentation of tty_struct where all this lives. So we start by documenting what these bools actually serve for. And why we do all the alignment dances. Only the few up-to-date information from the Theodore's comment made it into this new Kerneldoc comment. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Ulf Hansson <ulf.hansson@linaro.org> Cc: Heiko Carstens <hca@linux.ibm.com> Cc: Vasily Gorbik <gor@linux.ibm.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Shawn Guo <shawnguo@kernel.org> Cc: Sascha Hauer <s.hauer@pengutronix.de> Cc: Vineet Gupta <vgupta@synopsys.com> Cc: "Maciej W. Rozycki" <macro@orcam.me.uk> Link: https://lore.kernel.org/r/20210505091928.22010-13-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
dd9f6114 |
|
08-Apr-2021 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
tty: make tty_release_redirect() static No one calls this outside of the tty_io.c file, so mark this static and do not export the symbol anymore. Cc: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20210408125134.3016837-11-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
98602c01 |
|
08-Apr-2021 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
tty: create internal tty.h file There are a number of functions and #defines in include/linux/tty.h that do not belong there as they are private to the tty core code. Create an initial drivers/tty/tty.h file and copy the odd "tty logging" macros into it to seed the file with some initial things that we know nothing outside of the tty core should be calling. Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Cc: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20210408125134.3016837-2-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
885c77d5 |
|
07-Apr-2021 |
Johan Hovold <johan@kernel.org> |
tty: refactor TIOCSSERIAL handling Factor out the deprecated serial flags handling and tty-operation check shared with the compat TIOCSSERIAL handler. Signed-off-by: Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20210407095208.31838-6-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
1b7bc6b1 |
|
07-Apr-2021 |
Johan Hovold <johan@kernel.org> |
tty: use pr_warn_ratelimited() for deprecated serial flags Use pr_warn_ratelimited() when warning about deprecated serial flags instead of open coding. Signed-off-by: Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20210407095208.31838-5-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
1b8b2086 |
|
07-Apr-2021 |
Johan Hovold <johan@kernel.org> |
tty: fix return value for unsupported ioctls Drivers should return -ENOTTY ("Inappropriate I/O control operation") when an ioctl isn't supported, while -EINVAL is used for invalid arguments. Fix up the TIOCMGET, TIOCMSET and TIOCGICOUNT helpers which returned -EINVAL when a tty driver did not implement the corresponding operations. Note that the TIOCMGET and TIOCMSET helpers predate git and do not get a corresponding Fixes tag below. Fixes: d281da7ff6f7 ("tty: Make tiocgicount a handler") Signed-off-by: Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20210407095208.31838-3-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a846dcf9 |
|
01-Mar-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: localise ptychar and make it const ptychar was not const, so mark it as such. And move this variable to the only place where it's used. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20210302062214.29627-36-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a872ab4d |
|
01-Mar-2021 |
Jiri Slaby <jirislaby@kernel.org> |
tty: let tty_unregister_driver return void Now that noone checks the return value, switch the return type of tty_unregister_driver to void. We can do that as we always return zero. Generally, drivers are not allowed to call tty_unregister_driver while there are open devices. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20210302062214.29627-35-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c776b77a |
|
04-Mar-2021 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
Revert "drivers:tty:pty: Fix a race causing data loss on close" This reverts commit 33d4ae98859873ddd49e22e4ca724387548b3d89. Pierre-Louis writes: Our SOF/audio CI shows an across-the-board regression when we try v5.12-rc1, specifically on pause/resume tests with an interactive terminal running 'aplay -i' commands managed by expect to simulate the user pressing the space bar to pause/unpause. It turns out the processes are not longer killed and the audio devices remain busy (see publicly available test results listed below). git bisect points to commit 33d4ae9885987 ("drivers:tty:pty: Fix a race causing data loss on close"). Reverting the patch fixes the issue on all test devices. Further analysis with Corey Minyard points to a problem where a slave tty will not get a SIGHUP when the master is closed. So revert this for now: Reported-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com> Link: https://lore.kernel.org/r/00154592-c5ee-aaba-956e-b265473b53bc@linux.intel.com Cc: Corey Minyard <cminyard@mvista.com> Cc: Jiri Slaby <jirislaby@kernel.org> Cc: Mark Brown <broonie@kernel.org>, Fixes: 33d4ae988598 ("drivers:tty:pty: Fix a race causing data loss on close") Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
3342ff26 |
|
20-Feb-2021 |
Linus Torvalds <torvalds@linux-foundation.org> |
tty: protect tty_write from odd low-level tty disciplines Al root-caused a new warning from syzbot to the ttyprintk tty driver returning a write count larger than the data the tty layer actually gave it. Which confused the tty write code mightily, and with the new iov_iter based code, caused a WARNING in iov_iter_revert(). syzbot correctly bisected the source of the new warning to commit 9bb48c82aced ("tty: implement write_iter"), but the oddity goes back much further, it just didn't get caught by anything before. Reported-by: syzbot+3d2c27c2b7dc2a94814d@syzkaller.appspotmail.com Fixes: 9bb48c82aced ("tty: implement write_iter") Debugged-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
e71a8d5c |
|
21-Jan-2021 |
Linus Torvalds <torvalds@linux-foundation.org> |
tty: fix up iterate_tty_read() EOVERFLOW handling When I converted the tty_ldisc_ops 'read()' function to take a kernel pointer, I was a bit too aggressive about the ldisc returning EOVERFLOW. Yes, we want to have EOVERFLOW override any partially read data (because the whole point is that the buffer was too small for the whole packet, and we don't want to see partial packets), but it shouldn't override a previous EFAULT. And in fact, it really is just EOVERFLOW that is special and should throw away any partially read data, not "any error". Admittedly EOVERFLOW is currently the only one that can happen for a continuation read - and if the first read iteration returns an error we won't have this issue. So this is more of a technicality, but let's just make the intent very explicit, and re-organize the error handling a bit so that this is all clearer. Reported-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/CAHk-=wh+-rGsa=xruEWdg_fJViFG8rN9bpLrfLz=_yBYh2tBhA@mail.gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ddc5fda7 |
|
21-Jan-2021 |
Linus Torvalds <torvalds@linux-foundation.org> |
tty: fix up hung_up_tty_read() conversion In commit "tty: implement read_iter", I left the read_iter conversion of the hung up tty case alone, because I incorrectly thought it didn't matter. Jiri showed me the errors of my ways, and pointed out the problems with that incomplete conversion. Fix it all up. Reported-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/CAHk-=wh+-rGsa=xruEWdg_fJViFG8rN9bpLrfLz=_yBYh2tBhA@mail.gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c7135bbe |
|
21-Jan-2021 |
Linus Torvalds <torvalds@linux-foundation.org> |
tty: fix up hung_up_tty_write() conversion In commit "tty: implement write_iter", I left the write_iter conversion of the hung up tty case alone, because I incorrectly thought it didn't matter. Jiri showed me the errors of my ways, and pointed out the problems with that incomplete conversion. Fix it all up. Reported-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/CAHk-=wh+-rGsa=xruEWdg_fJViFG8rN9bpLrfLz=_yBYh2tBhA@mail.gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
dd78b0c4 |
|
19-Jan-2021 |
Linus Torvalds <torvalds@linux-foundation.org> |
tty: implement read_iter Now that the ldisc read() function takes kernel pointers, it's fairly straightforward to make the tty file operations use .read_iter() instead of .read(). That automatically gives us vread() and friends, and also makes it possible to do .splice_read() on ttys again. Fixes: 36e2c7421f02 ("fs: don't allow splice read/write without explicit ops") Reported-by: Oliver Giles <ohw.giles@gmail.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
3b830a9c |
|
18-Jan-2021 |
Linus Torvalds <torvalds@linux-foundation.org> |
tty: convert tty_ldisc_ops 'read()' function to take a kernel pointer The tty line discipline .read() function was passed the final user pointer destination as an argument, which doesn't match the 'write()' function, and makes it very inconvenient to do a splice method for ttys. This is a conversion to use a kernel buffer instead. NOTE! It does this by passing the tty line discipline ->read() function an additional "cookie" to fill in, and an offset into the cookie data. The line discipline can fill in the cookie data with its own private information, and then the reader will repeat the read until either the cookie is cleared or it runs out of data. The only real user of this is N_HDLC, which can use this to handle big packets, even if the kernel buffer is smaller than the whole packet. Cc: Christoph Hellwig <hch@lst.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
33d4ae98 |
|
23-Nov-2020 |
Corey Minyard <cminyard@mvista.com> |
drivers:tty:pty: Fix a race causing data loss on close Remove the tty_vhangup() from the pty code and just release the redirect. The tty_vhangup() results in data loss and data out of order issues. If you write to a pty master an immediately close the pty master, the receiver might get a chunk of data dropped, but then receive some later data. That's obviously something rather unexpected for a user. It certainly confused my test program. It turns out that tty_vhangup() on the slave pty gets called from pty_close(), and that causes the data on the slave side to be flushed, but due to races more data can be copied into the slave side's buffer after that. Consider the following sequence: thread1 thread2 thread3 ------- ------- ------- | |-write data into buffer, | | n_tty buffer is filled | | along with other buffers | |-pty_close(master) | |--tty_vhangup(slave) | |---tty_ldisc_hangup() | |----n_tty_flush_buffer() | |-----reset_buffer_flags() |-n_tty_read() | |--up_read(&tty->termios_rwsem); | |------down_read(&tty->termios_rwsem) | |------clear n_tty buffer contents | |------up_read(&tty->termios_rwsem) |--tty_buffer_flush_work() | |--schedules work calling | | flush_to_ldisc() | | |-flush_to_ldisc() | |--receive_buf() | |---tty_port_default_receive_buf() | |----tty_ldisc_receive_buf() | |-----n_tty_receive_buf2() | |------n_tty_receive_buf_common() | |-------down_read(&tty->termios_rwsem) | |-------__receive_buf() | | copies data into n_tty buffer | |-------up_read(&tty->termios_rwsem) |--down_read(&tty->termios_rwsem) |--copy buffer data to user >From this sequence, you can see that thread2 writes to the buffer then only clears the part of the buffer in n_tty. The n_tty receive buffer code then copies more data into the n_tty buffer. But part of the vhangup, releasing the redirect, is still required to avoid issues with consoles running on pty slaves. So do that. As far as I can tell, that is all that should be required. Signed-off-by: Corey Minyard <cminyard@mvista.com> Link: https://lore.kernel.org/r/20201124004902.1398477-3-minyard@acm.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f446776e |
|
23-Nov-2020 |
Corey Minyard <cminyard@mvista.com> |
tty: Export redirect release This will be required by the pty code when it removes tty_vhangup() on master close. Signed-off-by: Corey Minyard <cminyard@mvista.com> Link: https://lore.kernel.org/r/20201124004902.1398477-2-minyard@acm.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d20c219c |
|
18-Dec-2020 |
Uwe Kleine-König <u.kleine-koenig@pengutronix.de> |
tty: new helper function tty_get_icount() For a given struct tty_struct this yields the corresponding statistics about sent and received characters (and some more) which is needed to implement an LED trigger for tty devices. The new function is then used to simplify tty_tiocgicount(). Reviewed-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Link: https://lore.kernel.org/r/20201218104246.591315-3-u.kleine-koenig@pengutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4ea3cd65 |
|
18-Dec-2020 |
Uwe Kleine-König <u.kleine-koenig@pengutronix.de> |
tty: rename tty_kopen() and add new function tty_kopen_shared() Introduce a new function tty_kopen_shared() that yields a struct tty_struct. The semantic difference to tty_kopen() is that the tty is expected to be used already. So rename tty_kopen() to tty_kopen_exclusive() for clearness, adapt the single user and put the common code in a new static helper function. tty_kopen_shared is to be used to implement an LED trigger for tty devices in one of the next patches. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Link: https://lore.kernel.org/r/20201218104246.591315-2-u.kleine-koenig@pengutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a9cbbb80 |
|
29-Jan-2021 |
Linus Torvalds <torvalds@linux-foundation.org> |
tty: avoid using vfs_iocb_iter_write() for redirected console writes It turns out that the vfs_iocb_iter_{read,write}() functions are entirely broken, and don't actually use the passed-in file pointer for IO - only for the preparatory work (permission checking and for the write_iter function lookup). That worked fine for overlayfs, which always builds the new iocb with the same file pointer that it passes in, but in the general case it ends up doing nonsensical things (and could cause an iterator call that doesn't even match the passed-in file pointer). This subtly broke the tty conversion to write_iter in commit 9bb48c82aced ("tty: implement write_iter"), because the console redirection didn't actually end up redirecting anything, since the passed-in file pointer was basically ignored, and the actual write was done with the original non-redirected console tty after all. The main visible effect of this is that the console messages were no longer logged to /var/log/boot.log during graphical boot. Fix the issue by simply not using the vfs write "helper" function at all, and just redirecting the write entirely internally to the tty layer. Do the target writability permission checks when actually registering the target tty with TIOCCONS instead of at write time. Fixes: 9bb48c82aced ("tty: implement write_iter") Reported-and-tested-by: Hans de Goede <hdegoede@redhat.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
9f12e37c |
|
25-Jan-2021 |
Sami Tolvanen <samitolvanen@google.com> |
Commit 9bb48c82aced ("tty: implement write_iter") converted the tty layer to use write_iter. Fix the redirected_tty_write declaration also in n_tty and change the comparisons to use write_iter instead of write. [ Also moved the declaration of redirected_tty_write() to the proper location in a header file. The reason for the bug was the bogus extern declaration in n_tty.c silently not matching the changed definition in tty_io.c, and because it wasn't in a shared header file, there was no cross-checking of the declaration. Sami noticed because Clang's Control Flow Integrity checking ended up incidentally noticing the inconsistent declaration. - Linus ] Fixes: 9bb48c82aced ("tty: implement write_iter") Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
17749851 |
|
21-Jan-2021 |
Linus Torvalds <torvalds@linux-foundation.org> |
tty: fix up hung_up_tty_write() conversion In commit "tty: implement write_iter", I left the write_iter conversion of the hung up tty case alone, because I incorrectly thought it didn't matter. Jiri showed me the errors of my ways, and pointed out the problems with that incomplete conversion. Fix it all up. Reported-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/CAHk-=wh+-rGsa=xruEWdg_fJViFG8rN9bpLrfLz=_yBYh2tBhA@mail.gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
9bb48c82 |
|
19-Jan-2021 |
Linus Torvalds <torvalds@linux-foundation.org> |
tty: implement write_iter This makes the tty layer use the .write_iter() function instead of the traditional .write() functionality. That allows writev(), but more importantly also makes it possible to enable .splice_write() for ttys, reinstating the "splice to tty" functionality that was lost in commit 36e2c7421f02 ("fs: don't allow splice read/write without explicit ops"). Fixes: 36e2c7421f02 ("fs: don't allow splice read/write without explicit ops") Reported-by: Oliver Giles <ohw.giles@gmail.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
c8bcd9c5 |
|
02-Dec-2020 |
Jann Horn <jannh@google.com> |
tty: Fix ->session locking Currently, locking of ->session is very inconsistent; most places protect it using the legacy tty mutex, but disassociate_ctty(), __do_SAK(), tiocspgrp() and tiocgsid() don't. Two of the writers hold the ctrl_lock (because they already need it for ->pgrp), but __proc_set_tty() doesn't do that yet. On a PREEMPT=y system, an unprivileged user can theoretically abuse this broken locking to read 4 bytes of freed memory via TIOCGSID if tiocgsid() is preempted long enough at the right point. (Other things might also go wrong, especially if root-only ioctls are involved; I'm not sure about that.) Change the locking on ->session such that: - tty_lock() is held by all writers: By making disassociate_ctty() hold it. This should be fine because the same lock can already be taken through the call to tty_vhangup_session(). The tricky part is that we need to shorten the area covered by siglock to be able to take tty_lock() without ugly retry logic; as far as I can tell, this should be fine, since nothing in the signal_struct is touched in the `if (tty)` branch. - ctrl_lock is held by all writers: By changing __proc_set_tty() to hold the lock a little longer. - All readers that aren't holding tty_lock() hold ctrl_lock: By adding locking to tiocgsid() and __do_SAK(), and expanding the area covered by ctrl_lock in tiocspgrp(). Cc: stable@kernel.org Signed-off-by: Jann Horn <jannh@google.com> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4466d6d2 |
|
05-Nov-2020 |
Matthias Reichl <hias@horus.com> |
tty: fix crash in release_tty if tty->port is not set Commit 2ae0b31e0face ("tty: don't crash in tty_init_dev when missing tty_port") didn't fully prevent the crash as the cleanup path in tty_init_dev() calls release_tty() which dereferences tty->port without checking it for non-null. Add tty->port checks to release_tty to avoid the kernel crash. Fixes: 2ae0b31e0face ("tty: don't crash in tty_init_dev when missing tty_port") Signed-off-by: Matthias Reichl <hias@horus.com> Link: https://lore.kernel.org/r/20201105123432.4448-1-hias@horus.com Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
08aa5042 |
|
04-Nov-2020 |
Lee Jones <lee.jones@linaro.org> |
tty: tty_io: Fix some kernel-doc issues Demote non-conformant headers and supply some missing descriptions. Fixes the following W=1 kernel build warning(s): drivers/tty/tty_io.c:218: warning: Function parameter or member 'file' not described in 'tty_free_file' drivers/tty/tty_io.c:566: warning: Function parameter or member 'exit_session' not described in '__tty_hangup' drivers/tty/tty_io.c:1077: warning: Function parameter or member 'tty' not described in 'tty_send_xchar' drivers/tty/tty_io.c:1077: warning: Function parameter or member 'ch' not described in 'tty_send_xchar' drivers/tty/tty_io.c:1155: warning: Function parameter or member 'file' not described in 'tty_driver_lookup_tty' drivers/tty/tty_io.c:1508: warning: Function parameter or member 'tty' not described in 'release_tty' drivers/tty/tty_io.c:1508: warning: Function parameter or member 'idx' not described in 'release_tty' drivers/tty/tty_io.c:2973: warning: Function parameter or member 'driver' not described in 'alloc_tty_struct' drivers/tty/tty_io.c:2973: warning: Function parameter or member 'idx' not described in 'alloc_tty_struct' Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Jiri Slaby <jirislaby@kernel.org> Cc: Nick Holloway <alfie@dcs.warwick.ac.uk> Cc: -- <julian@uhunix.uhcc.hawaii.edu> Cc: Marko Kohtala <Marko.Kohtala@hut.fi> Cc: Bill Hawes <whawes@star.net> Cc: "C. Scott Ananian" <cananian@alumni.princeton.edu> Cc: Russell King <rmk@arm.linux.org.uk> Cc: Andrew Morton <andrewm@uow.edu.eu> Signed-off-by: Lee Jones <lee.jones@linaro.org> Link: https://lore.kernel.org/r/20201104193549.4026187-13-lee.jones@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
aec51036 |
|
04-Nov-2020 |
Lee Jones <lee.jones@linaro.org> |
tty: tty_io: Move 'tty_sysctl_init's prototype to shared space Fixes the following W=1 kernel build warning(s): drivers/tty/tty_ldisc.c:883:6: warning: no previous prototype for ‘tty_sysctl_init’ [-Wmissing-prototypes] 883 | void tty_sysctl_init(void) | ^~~~~~~~~~~~~~~ Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Jiri Slaby <jirislaby@kernel.org> Cc: Nick Holloway <alfie@dcs.warwick.ac.uk> Cc: -- <julian@uhunix.uhcc.hawaii.edu> Cc: Marko Kohtala <Marko.Kohtala@hut.fi> Cc: Bill Hawes <whawes@star.net> Cc: "C. Scott Ananian" <cananian@alumni.princeton.edu> Cc: Russell King <rmk@arm.linux.org.uk> Cc: Andrew Morton <andrewm@uow.edu.eu> Signed-off-by: Lee Jones <lee.jones@linaro.org> Link: https://lore.kernel.org/r/20201104193549.4026187-5-lee.jones@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fa441954 |
|
18-Aug-2020 |
Jiri Slaby <jirislaby@kernel.org> |
tty: fix kernel-doc With W=1, the kernel-doc checker complains quite a lot in the tty layer. Over the time, many documented parameters were renamed, removed or switched from tty to tty_port and similar. Some were mistyped in the doc too. So fix all these in the tty core. (But do not add the missing ones which the checker complains about too. Not now.) The rest in the tty layer will follow in the next patches. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20200818085655.12071-4-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a3241891 |
|
23-Jul-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
tty: Use the preferred form for passing the size of a structure type Use the preferred form for passing the size of a structure type. The alternative form where the structure type is spelled out hurts readability and introduces an opportunity for a bug when the object type is changed but the corresponding object identifier to which the sizeof operator is applied is not. Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Acked-by: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/b04dd8cdd67bd6ffde3fd12940aeef35fdb824a6.1595543280.git.gustavoars@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
52b52e91 |
|
23-Jul-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
tty: Fix identation issues in struct serial_struct32 Fix the following checkpatch.pl warnings together with all the identation issues in struct serial_struct32: ERROR: code indent should use tabs where possible + char reserved_char;$ WARNING: please, no spaces at the start of a line + char reserved_char;$ ERROR: code indent should use tabs where possible + compat_int_t reserved;$ WARNING: please, no spaces at the start of a line + compat_int_t reserved;$ Acked-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Link: https://lore.kernel.org/r/77576843397aeab0af8aa0423a9768f3ca8dedfb.1595543280.git.gustavoars@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e5b9f4b1 |
|
23-Jul-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
tty: Avoid the use of one-element arrays One-element arrays are being deprecated[1]. Replace the one-element arrays with simple value types 'char reserved_char' and 'compat_int_t reserved'[2], once it seems these are just placeholders for alignment. [1] https://github.com/KSPP/linux/issues/79 [2] https://github.com/KSPP/linux/issues/86 Tested-by: kernel test robot <lkp@intel.com> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/0-day/tty-20200716.md Acked-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Link: https://lore.kernel.org/r/f49bf0e27eaac396c96d21392c8c284f9f5ef52a.1595543280.git.gustavoars@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6e622cd8 |
|
24-Feb-2020 |
Eric Biggers <ebiggers@google.com> |
tty: fix compat TIOCGSERIAL checking wrong function ptr Commit 77654350306a ("take compat TIOC[SG]SERIAL treatment into tty_compat_ioctl()") changed the compat version of TIOCGSERIAL to start checking for the presence of the ->set_serial function pointer rather than ->get_serial. This appears to be a copy-and-paste error, since ->get_serial is the function pointer that is called as well as the pointer that is checked by the non-compat version of TIOCGSERIAL. Fix this by checking the correct function pointer. Fixes: 77654350306a ("take compat TIOC[SG]SERIAL treatment into tty_compat_ioctl()") Cc: <stable@vger.kernel.org> # v4.20+ Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20200224182044.234553-3-ebiggers@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
17329563 |
|
24-Feb-2020 |
Eric Biggers <ebiggers@google.com> |
tty: fix compat TIOCGSERIAL leaking uninitialized memory Commit 77654350306a ("take compat TIOC[SG]SERIAL treatment into tty_compat_ioctl()") changed the compat version of TIOCGSERIAL to start copying a whole 'serial_struct32' to userspace rather than individual fields, but failed to initialize all padding and fields -- namely the hole after the 'iomem_reg_shift' field, and the 'reserved' field. Fix this by initializing the struct to zero. [v2: use sizeof, and convert the adjacent line for consistency.] Reported-by: syzbot+8da9175e28eadcb203ce@syzkaller.appspotmail.com Fixes: 77654350306a ("take compat TIOC[SG]SERIAL treatment into tty_compat_ioctl()") Cc: <stable@vger.kernel.org> # v4.20+ Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Jiri Slaby <jslaby@suse.cz> Link: https://lore.kernel.org/r/20200224182044.234553-2-ebiggers@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ed069827 |
|
24-Feb-2020 |
Eric Biggers <ebiggers@google.com> |
tty: drop outdated comments about release_tty() locking The current version of the TTY code unlocks the tty_struct(s) before release_tty() rather than after. Moreover, tty_unlock_pair() no longer exists. Thus, remove the outdated comments regarding tty_unlock_pair(). Signed-off-by: Eric Biggers <ebiggers@google.com> Link: https://lore.kernel.org/r/20200224073359.292795-1-ebiggers@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f1d31743 |
|
17-Dec-2019 |
Uwe Kleine-König <u.kleine-koenig@pengutronix.de> |
tty: drop useless variable initialisation in tty_kopen() The driver variable is assigned to unconditionally and not used before. So there is no need to explicitly initialize it at the start of tty_kopen(). Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Link: https://lore.kernel.org/r/20191217075040.8020-1-u.kleine-koenig@pengutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
2ae0b31e |
|
22-Nov-2019 |
Jiri Slaby <jirislaby@kernel.org> |
tty: don't crash in tty_init_dev when missing tty_port We currently warn the user when tty->port is not set in tty_init_dev yet. The warning says that the kernel will crash later. And it really will only few lines below at: tty->port->itty = tty; So be nice and avoid the crash -- return an error instead. And update the warning. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Sudip Mukherjee <sudipm.mukherjee@gmail.com> Link: https://lore.kernel.org/r/20191122101721.7222-1-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
14ce3848 |
|
20-Nov-2019 |
Sudip Mukherjee <sudipm.mukherjee@gmail.com> |
tty: remove unused argument from tty_open_by_driver() The argument 'inode' passed to tty_open_by_driver() was not being used. Remove the extra argument. Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com> Link: https://lore.kernel.org/r/20191120151709.14148-1-sudipm.mukherjee@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
b7aff093 |
|
06-Jun-2019 |
Arnd Bergmann <arnd@arndb.de> |
tty: handle compat PPP ioctls Multiple tty devices are have tty devices that handle the PPPIOCGUNIT and PPPIOCGCHAN ioctls. To avoid adding a compat_ioctl handler to each of those, add it directly in tty_compat_ioctl so we can remove the calls from fs/compat_ioctl.c. Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Paul Mackerras <paulus@samba.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
#
c7dc504e |
|
03-Jun-2019 |
Arnd Bergmann <arnd@arndb.de> |
compat_ioctl: move SIOCOUTQ out of compat_ioctl.c All users of this call are in socket or tty code, so handling it there means we can avoid the table entry in fs/compat_ioctl.c. Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Eric Dumazet <edumazet@google.com> Cc: netdev@vger.kernel.org Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
#
4495dfdd |
|
23-Jul-2019 |
Suzuki K Poulose <suzuki.poulose@arm.com> |
drivers: Introduce device lookup variants by device type Add a helper to match a device by its type and provide wrappers for {bus/class/driver}_find_device() APIs. Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Harald Freudenberger <freude@linux.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: linux-usb@vger.kernel.org Cc: Oliver Neukum <oneukum@suse.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Tomas Winkler <tomas.winkler@intel.com> Cc: "Rafael J. Wysocki" <rafael@kernel.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Ulf Hansson <ulf.hansson@linaro.org> Cc: Joe Perches <joe@perches.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> Link: https://lore.kernel.org/r/20190723221838.12024-5-suzuki.poulose@arm.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
8c8af41d |
|
09-May-2019 |
Lin Yi <teroincn@163.com> |
tty: tty_io: fix driver refcount imbalance on error path tty_lookup_driver take a reference to the struct tty_driver, but forget to release it on the error path, lead to a memory leak. add a tty_driver_kref_put before error return. Signed-off-by: Lin Yi <teroincn@163.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
8daa89e0 |
|
18-Apr-2019 |
Johan Hovold <johan@kernel.org> |
tty: update obsolete termios comment Update an obsolete comment referring to the termios_locked structure which was removed over a decade ago by commit fe6e29fdb1a7 ("tty: simplify ktermios allocation"). While at it, fix the "Thus" typo. Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0eae4686 |
|
29-Mar-2019 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
Revert "tty: pty: Fix race condition between release_one_tty and pty_write" This reverts commit b9ca5f8560af244489b4a1bc1ae88b341f24bc95 as 0-day shows it has a circular locking dependency. Fixes: b9ca5f8560af ("tty: pty: Fix race condition between release_one_tty and pty_write") Reported-by: kernel test robot <lkp@intel.com> Cc: Sahara <keun-o.park@darkmatter.ae> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
b9ca5f85 |
|
11-Feb-2019 |
Sahara <keun-o.park@darkmatter.ae> |
tty: pty: Fix race condition between release_one_tty and pty_write Especially when a linked tty is used such as pty, the linked tty port's buf works have not been cancelled while master tty port's buf work has been cancelled. Since release_one_tty and flush_to_ldisc run in workqueue threads separately, when pty_cleanup happens and link tty port is freed, flush_to_ldisc tries to access freed port and port->itty, eventually it causes a panic. This patch utilizes the magic value with holding the tty_mutex to check if the tty->link is valid. Fixes: 2b022ab7542d ("pty: cancel pty slave port buf's work in tty_release") Signed-off-by: Sahara <keun-o.park@darkmatter.ae> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
7c0cca7c |
|
21-Jan-2019 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
tty: ldisc: add sysctl to prevent autoloading of ldiscs By default, the kernel will automatically load the module of any line dicipline that is asked for. As this sometimes isn't the safest thing to do, provide a sysctl to disable this feature. By default, we set this to 'y' as that is the historical way that Linux has worked, and we do not want to break working systems. But in the future, perhaps this can default to 'n' to prevent this functionality. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
27cfb3a5 |
|
20-Jan-2019 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
tty: Handle problem if line discipline does not have receive_buf Some tty line disciplines do not have a receive buf callback, so properly check for that before calling it. If they do not have this callback, just eat the character quietly, as we can't fail this call. Reported-by: Jann Horn <jannh@google.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d3736d82 |
|
08-Jan-2019 |
Dmitry Safonov <0x7f454c46@gmail.com> |
tty: Don't hold ldisc lock in tty_reopen() if ldisc present Try to get reference for ldisc during tty_reopen(). If ldisc present, we don't need to do tty_ldisc_reinit() and lock the write side for line discipline semaphore. Effectively, it optimizes fast-path for tty_reopen(), but more importantly it won't interrupt ongoing IO on the tty as no ldisc change is needed. Fixes user-visible issue when tty_reopen() interrupted login process for user with a long password, observed and reported by Lukas. Fixes: c96cf923a98d ("tty: Don't block on IO when ldisc change is pending") Fixes: 83d817f41070 ("tty: Hold tty_ldisc_lock() during tty_reopen()") Cc: Jiri Slaby <jslaby@suse.com> Reported-by: Lukas F. Hartmann <lukas@mntmn.com> Tested-by: Lukas F. Hartmann <lukas@mntmn.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Dmitry Safonov <dima@arista.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
cf62a1a1 |
|
31-Oct-2018 |
Dmitry Safonov <0x7f454c46@gmail.com> |
tty: Simplify tty->count math in tty_reopen() As notted by Jiri, tty_ldisc_reinit() shouldn't rely on tty counter. Simplify math by increasing the counter after reinit success. Cc: Jiri Slaby <jslaby@suse.com> Link: lkml.kernel.org/r/<20180829022353.23568-2-dima@arista.com> Suggested-by: Jiri Slaby <jslaby@suse.com> Reviewed-by: Jiri Slaby <jslaby@suse.cz> Tested-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Dmitry Safonov <dima@arista.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
83d817f4 |
|
31-Oct-2018 |
Dmitry Safonov <0x7f454c46@gmail.com> |
tty: Hold tty_ldisc_lock() during tty_reopen() tty_ldisc_reinit() doesn't race with neither tty_ldisc_hangup() nor set_ldisc() nor tty_ldisc_release() as they use tty lock. But it races with anyone who expects line discipline to be the same after hoding read semaphore in tty_ldisc_ref(). We've seen the following crash on v4.9.108 stable: BUG: unable to handle kernel paging request at 0000000000002260 IP: [..] n_tty_receive_buf_common+0x5f/0x86d Workqueue: events_unbound flush_to_ldisc Call Trace: [..] n_tty_receive_buf2 [..] tty_ldisc_receive_buf [..] flush_to_ldisc [..] process_one_work [..] worker_thread [..] kthread [..] ret_from_fork tty_ldisc_reinit() should be called with ldisc_sem hold for writing, which will protect any reader against line discipline changes. Cc: Jiri Slaby <jslaby@suse.com> Cc: stable@vger.kernel.org # b027e2298bd5 ("tty: fix data race between tty_init_dev and flush of buf") Reviewed-by: Jiri Slaby <jslaby@suse.cz> Reported-by: syzbot+3aa9784721dfb90e984d@syzkaller.appspotmail.com Tested-by: Mark Rutland <mark.rutland@arm.com> Tested-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Signed-off-by: Dmitry Safonov <dima@arista.com> Tested-by: Tycho Andersen <tycho@tycho.ws> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f51ccf46 |
|
04-Dec-2018 |
Johan Hovold <johan@kernel.org> |
USB: serial: console: fix reported terminal settings The USB-serial console implementation has never reported the actual terminal settings used. Despite storing the corresponding cflags in its struct console, these were never honoured on later tty open() where the tty termios would be left initialised to the driver defaults. Unlike the serial console implementation, the USB-serial code calls subdriver open() already at console setup. While calling set_termios() and write() before open() looks like it could work for some USB-serial drivers, others definitely do not expect this, so modelling this after serial core is going to be intrusive, if at all possible. Instead, use a (renamed) tty helper to save the termios data used at console setup so that the tty termios reflects the actual terminal settings after a subsequent tty open(). Note that the calls to tty_init_termios() (tty_driver_install()) and tty_save_termios() are serialised using the disconnect mutex. This specifically fixes a regression that was triggered by a recent change adding software flow control to the pl2303 driver: a getty trying to disable flow control while leaving the baud rate unchanged would now also set the baud rate to the driver default (prior to the flow-control change this had been a noop). Fixes: 7041d9c3f01b ("USB: serial: pl2303: add support for tx xon/xoff flow control") Cc: stable <stable@vger.kernel.org> # 4.18 Cc: Florian Zumbiehl <florz@florz.de> Reported-by: Jarkko Nikula <jarkko.nikula@linux.intel.com> Tested-by: Jarkko Nikula <jarkko.nikula@linux.intel.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Johan Hovold <johan@kernel.org>
|
#
f0193d3e |
|
13-Sep-2018 |
Al Viro <viro@zeniv.linux.org.uk> |
change semantics of ldisc ->compat_ioctl() First of all, make it return int. Returning long when native method had never allowed that is ridiculous and inconvenient. More importantly, change the caller; if ldisc ->compat_ioctl() is NULL or returns -ENOIOCTLCMD, tty_compat_ioctl() will try to feed cmd and compat_ptr(arg) to ldisc's native ->ioctl(). That simplifies ->compat_ioctl() instances quite a bit - they only need to deal with ioctls that are neither generic tty ones (those would get shunted off to tty_ioctl()) nor simple compat pointer ones. Note that something like TCFLSH won't reach ->compat_ioctl(), even if ldisc ->ioctl() does handle it - it will be recognized earlier and passed to tty_ioctl() (and ultimately - ldisc ->ioctl()). For many ldiscs it means that NULL ->compat_ioctl() does the right thing. Those where it won't serve (see e.g. n_r3964.c) are also easily dealt with - we need to handle the numeric-argument ioctls (calling the native instance) and, if such would exist, the ioctls that need layout conversion, etc. All in-tree ldiscs dealt with. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
a3096199 |
|
12-Sep-2018 |
Al Viro <viro@zeniv.linux.org.uk> |
remove fallback to drivers for TIOCGICOUNT none of them handles it anyway. Reviewed-by: Johan Hovold <johan@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
77654350 |
|
12-Sep-2018 |
Al Viro <viro@zeniv.linux.org.uk> |
take compat TIOC[SG]SERIAL treatment into tty_compat_ioctl() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
930236a3 |
|
12-Sep-2018 |
Al Viro <viro@zeniv.linux.org.uk> |
complete ->[sg]et_serial() switchover Reviewed-by: Johan Hovold <johan@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
33a1a7be |
|
07-Oct-2018 |
Miles Chen <miles.chen@mediatek.com> |
tty: check name length in tty_find_polling_driver() The issue is found by a fuzzing test. If tty_find_polling_driver() recevies an incorrect input such as ',,' or '0b', the len becomes 0 and strncmp() always return 0. In this case, a null p->ops->poll_init() is called and it causes a kernel panic. Fix this by checking name length against zero in tty_find_polling_driver(). $echo ,, > /sys/module/kgdboc/parameters/kgdboc [ 20.804451] WARNING: CPU: 1 PID: 104 at drivers/tty/serial/serial_core.c:457 uart_get_baud_rate+0xe8/0x190 [ 20.804917] Modules linked in: [ 20.805317] CPU: 1 PID: 104 Comm: sh Not tainted 4.19.0-rc7ajb #8 [ 20.805469] Hardware name: linux,dummy-virt (DT) [ 20.805732] pstate: 20000005 (nzCv daif -PAN -UAO) [ 20.805895] pc : uart_get_baud_rate+0xe8/0x190 [ 20.806042] lr : uart_get_baud_rate+0xc0/0x190 [ 20.806476] sp : ffffffc06acff940 [ 20.806676] x29: ffffffc06acff940 x28: 0000000000002580 [ 20.806977] x27: 0000000000009600 x26: 0000000000009600 [ 20.807231] x25: ffffffc06acffad0 x24: 00000000ffffeff0 [ 20.807576] x23: 0000000000000001 x22: 0000000000000000 [ 20.807807] x21: 0000000000000001 x20: 0000000000000000 [ 20.808049] x19: ffffffc06acffac8 x18: 0000000000000000 [ 20.808277] x17: 0000000000000000 x16: 0000000000000000 [ 20.808520] x15: ffffffffffffffff x14: ffffffff00000000 [ 20.808757] x13: ffffffffffffffff x12: 0000000000000001 [ 20.809011] x11: 0101010101010101 x10: ffffff880d59ff5f [ 20.809292] x9 : ffffff880d59ff5e x8 : ffffffc06acffaf3 [ 20.809549] x7 : 0000000000000000 x6 : ffffff880d59ff5f [ 20.809803] x5 : 0000000080008001 x4 : 0000000000000003 [ 20.810056] x3 : ffffff900853e6b4 x2 : dfffff9000000000 [ 20.810693] x1 : ffffffc06acffad0 x0 : 0000000000000cb0 [ 20.811005] Call trace: [ 20.811214] uart_get_baud_rate+0xe8/0x190 [ 20.811479] serial8250_do_set_termios+0xe0/0x6f4 [ 20.811719] serial8250_set_termios+0x48/0x54 [ 20.811928] uart_set_options+0x138/0x1bc [ 20.812129] uart_poll_init+0x114/0x16c [ 20.812330] tty_find_polling_driver+0x158/0x200 [ 20.812545] configure_kgdboc+0xbc/0x1bc [ 20.812745] param_set_kgdboc_var+0xb8/0x150 [ 20.812960] param_attr_store+0xbc/0x150 [ 20.813160] module_attr_store+0x40/0x58 [ 20.813364] sysfs_kf_write+0x8c/0xa8 [ 20.813563] kernfs_fop_write+0x154/0x290 [ 20.813764] vfs_write+0xf0/0x278 [ 20.813951] __arm64_sys_write+0x84/0xf4 [ 20.814400] el0_svc_common+0xf4/0x1dc [ 20.814616] el0_svc_handler+0x98/0xbc [ 20.814804] el0_svc+0x8/0xc [ 20.822005] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 20.826913] Mem abort info: [ 20.827103] ESR = 0x84000006 [ 20.827352] Exception class = IABT (current EL), IL = 16 bits [ 20.827655] SET = 0, FnV = 0 [ 20.827855] EA = 0, S1PTW = 0 [ 20.828135] user pgtable: 4k pages, 39-bit VAs, pgdp = (____ptrval____) [ 20.828484] [0000000000000000] pgd=00000000aadee003, pud=00000000aadee003, pmd=0000000000000000 [ 20.829195] Internal error: Oops: 84000006 [#1] SMP [ 20.829564] Modules linked in: [ 20.829890] CPU: 1 PID: 104 Comm: sh Tainted: G W 4.19.0-rc7ajb #8 [ 20.830545] Hardware name: linux,dummy-virt (DT) [ 20.830829] pstate: 60000085 (nZCv daIf -PAN -UAO) [ 20.831174] pc : (null) [ 20.831457] lr : serial8250_do_set_termios+0x358/0x6f4 [ 20.831727] sp : ffffffc06acff9b0 [ 20.831936] x29: ffffffc06acff9b0 x28: ffffff9008d7c000 [ 20.832267] x27: ffffff900969e16f x26: 0000000000000000 [ 20.832589] x25: ffffff900969dfb0 x24: 0000000000000000 [ 20.832906] x23: ffffffc06acffad0 x22: ffffff900969e160 [ 20.833232] x21: 0000000000000000 x20: ffffffc06acffac8 [ 20.833559] x19: ffffff900969df90 x18: 0000000000000000 [ 20.833878] x17: 0000000000000000 x16: 0000000000000000 [ 20.834491] x15: ffffffffffffffff x14: ffffffff00000000 [ 20.834821] x13: ffffffffffffffff x12: 0000000000000001 [ 20.835143] x11: 0101010101010101 x10: ffffff880d59ff5f [ 20.835467] x9 : ffffff880d59ff5e x8 : ffffffc06acffaf3 [ 20.835790] x7 : 0000000000000000 x6 : ffffff880d59ff5f [ 20.836111] x5 : c06419717c314100 x4 : 0000000000000007 [ 20.836419] x3 : 0000000000000000 x2 : 0000000000000000 [ 20.836732] x1 : 0000000000000001 x0 : ffffff900969df90 [ 20.837100] Process sh (pid: 104, stack limit = 0x(____ptrval____)) [ 20.837396] Call trace: [ 20.837566] (null) [ 20.837816] serial8250_set_termios+0x48/0x54 [ 20.838089] uart_set_options+0x138/0x1bc [ 20.838570] uart_poll_init+0x114/0x16c [ 20.838834] tty_find_polling_driver+0x158/0x200 [ 20.839119] configure_kgdboc+0xbc/0x1bc [ 20.839380] param_set_kgdboc_var+0xb8/0x150 [ 20.839658] param_attr_store+0xbc/0x150 [ 20.839920] module_attr_store+0x40/0x58 [ 20.840183] sysfs_kf_write+0x8c/0xa8 [ 20.840183] sysfs_kf_write+0x8c/0xa8 [ 20.840440] kernfs_fop_write+0x154/0x290 [ 20.840702] vfs_write+0xf0/0x278 [ 20.840942] __arm64_sys_write+0x84/0xf4 [ 20.841209] el0_svc_common+0xf4/0x1dc [ 20.841471] el0_svc_handler+0x98/0xbc [ 20.841713] el0_svc+0x8/0xc [ 20.842057] Code: bad PC value [ 20.842764] ---[ end trace a8835d7de79aaadf ]--- [ 20.843134] Kernel panic - not syncing: Fatal exception [ 20.843515] SMP: stopping secondary CPUs [ 20.844289] Kernel Offset: disabled [ 20.844634] CPU features: 0x0,21806002 [ 20.844857] Memory Limit: none [ 20.845172] ---[ end Kernel panic - not syncing: Fatal exception ]--- Signed-off-by: Miles Chen <miles.chen@mediatek.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fe324167 |
|
17-Sep-2018 |
Dmitry Safonov <0x7f454c46@gmail.com> |
tty: Drop tty->count on tty_reopen() failure In case of tty_ldisc_reinit() failure, tty->count should be decremented back, otherwise we will never release_tty(). Tetsuo reported that it fixes noisy warnings on tty release like: pts pts4033: tty_release: tty->count(10529) != (#fd's(7) + #kopen's(0)) Fixes: commit 892d1fa7eaae ("tty: Destroy ldisc instance on hangup") Cc: stable@vger.kernel.org # v4.6+ Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Jiri Slaby <jslaby@suse.com> Reviewed-by: Jiri Slaby <jslaby@suse.cz> Tested-by: Jiri Slaby <jslaby@suse.com> Tested-by: Mark Rutland <mark.rutland@arm.com> Tested-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Signed-off-by: Dmitry Safonov <dima@arista.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a8ebd171 |
|
20-Jul-2018 |
Eric W. Biederman <ebiederm@xmission.com> |
tty_io: Use group_send_sig_info in __do_SACK to note it is a session being killed Replace send_sig and force_sig in __do_SAK with group_send_sig_info the general helper for sending a signal to a process group. This is wordier but it allows specifying PIDTYPE_SID so that the signal code knows the signal went to a session. Both force_sig() and send_sig(..., 1) specify SEND_SIG_PRIV and the new call of group_send_sig_info does that explicitly. This is enough to ensure even a pid namespace init is killed. The global init remains unkillable. The guarantee that __do_SAK tries to provide is a clean path to login to a machine. As the global init is unkillable, if it chooses to hold open a tty it can violate this guarantee. A technique other than killing processes would be needed to provide this guarantee to userspace. The only difference between force_sig and send_sig when sending SIGKILL is that SIGNAL_UNKILLABLE is cleared. This has no affect on the processing of a signal sent with SEND_SIG_PRIV by any process, making it unnecessary, and not behavior that needs to be preserved. force_sig was used originally because it did not take as many locks as send_sig. Today send_sig, force_sig and group_send_sig_info take the same locks when delivering a signal. group_send_sig_info also contains a permission check that force_sig and send_sig do not. However the presence of SEND_SIG_PRIV makes the permission check a noop. So the permission check does not result in any behavioral differences. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
#
2f46a2c1 |
|
11-Sep-2018 |
Al Viro <viro@zeniv.linux.org.uk> |
tty_ioctl(): start taking TIOC[SG]SERIAL into separate methods ->set_serial() and ->get_serial() resp., both taking tty and a kernel pointer to serial_struct. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
a913bc76 |
|
11-Sep-2018 |
Al Viro <viro@zeniv.linux.org.uk> |
tty_ioctl(): drop FIONBIO handling That code had been live for 11 weeks back in 1992, but it had been 26 years since sys_ioctl() began handling FIONBIO on its own. Time to to bury the body, already... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
e2112038 |
|
11-Sep-2018 |
Al Viro <viro@zeniv.linux.org.uk> |
move compat handling of tty ioctls to tty_compat_ioctl() ioctls that are * callable only via tty_ioctl() * not driver-specific * not demand data structure conversions * either always need passing arg as is or always demand compat_ptr() get intercepted in tty_compat_ioctl() from the very beginning and redirecter to tty_ioctl(). As the result, their entries in fs/compat_ioctl.c (some of those had been missing, BTW) got removed, as well as n_tty_compat_ioctl_helper() (now it's never called with any cmd it would accept). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
01919134 |
|
16-Jul-2017 |
Eric W. Biederman <ebiederm@xmission.com> |
signal: Use PIDTYPE_TGID to clearly store where file signals will be sent When f_setown is called a pid and a pid type are stored. Replace the use of PIDTYPE_PID with PIDTYPE_TGID as PIDTYPE_TGID goes to the entire thread group. Replace the use of PIDTYPE_MAX with PIDTYPE_PID as PIDTYPE_PID now is only for a thread. Update the users of __f_setown to use PIDTYPE_TGID instead of PIDTYPE_PID. For now the code continues to capture task_pid (when task_tgid would really be appropriate), and iterate on PIDTYPE_PID (even when type == PIDTYPE_TGID) out of an abundance of caution to preserve existing behavior. Oleg Nesterov suggested using the test to ensure we use PIDTYPE_PID for tgid lookup also be used to avoid taking the tasklist lock. Suggested-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
#
c884f871 |
|
18-Jun-2018 |
Arnd Bergmann <arnd@arndb.de> |
tty: use 64-bit timstamp The automated VFS conversion to timespec64 has left one caller of the deprecated get_seconds() function in the tty driver, this cleans it up to call ktime_get_real_seconds() instead, fixing the possible overflow. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
95582b00 |
|
08-May-2018 |
Deepa Dinamani <deepa.kernel@gmail.com> |
vfs: change inode times to use struct timespec64 struct timespec is not y2038 safe. Transition vfs to use y2038 safe struct timespec64 instead. The change was made with the help of the following cocinelle script. This catches about 80% of the changes. All the header file and logic changes are included in the first 5 rules. The rest are trivial substitutions. I avoid changing any of the function signatures or any other filesystem specific data structures to keep the patch simple for review. The script can be a little shorter by combining different cases. But, this version was sufficient for my usecase. virtual patch @ depends on patch @ identifier now; @@ - struct timespec + struct timespec64 current_time ( ... ) { - struct timespec now = current_kernel_time(); + struct timespec64 now = current_kernel_time64(); ... - return timespec_trunc( + return timespec64_trunc( ... ); } @ depends on patch @ identifier xtime; @@ struct \( iattr \| inode \| kstat \) { ... - struct timespec xtime; + struct timespec64 xtime; ... } @ depends on patch @ identifier t; @@ struct inode_operations { ... int (*update_time) (..., - struct timespec t, + struct timespec64 t, ...); ... } @ depends on patch @ identifier t; identifier fn_update_time =~ "update_time$"; @@ fn_update_time (..., - struct timespec *t, + struct timespec64 *t, ...) { ... } @ depends on patch @ identifier t; @@ lease_get_mtime( ... , - struct timespec *t + struct timespec64 *t ) { ... } @te depends on patch forall@ identifier ts; local idexpression struct inode *inode_node; identifier i_xtime =~ "^i_[acm]time$"; identifier ia_xtime =~ "^ia_[acm]time$"; identifier fn_update_time =~ "update_time$"; identifier fn; expression e, E3; local idexpression struct inode *node1; local idexpression struct inode *node2; local idexpression struct iattr *attr1; local idexpression struct iattr *attr2; local idexpression struct iattr attr; identifier i_xtime1 =~ "^i_[acm]time$"; identifier i_xtime2 =~ "^i_[acm]time$"; identifier ia_xtime1 =~ "^ia_[acm]time$"; identifier ia_xtime2 =~ "^ia_[acm]time$"; @@ ( ( - struct timespec ts; + struct timespec64 ts; | - struct timespec ts = current_time(inode_node); + struct timespec64 ts = current_time(inode_node); ) <+... when != ts ( - timespec_equal(&inode_node->i_xtime, &ts) + timespec64_equal(&inode_node->i_xtime, &ts) | - timespec_equal(&ts, &inode_node->i_xtime) + timespec64_equal(&ts, &inode_node->i_xtime) | - timespec_compare(&inode_node->i_xtime, &ts) + timespec64_compare(&inode_node->i_xtime, &ts) | - timespec_compare(&ts, &inode_node->i_xtime) + timespec64_compare(&ts, &inode_node->i_xtime) | ts = current_time(e) | fn_update_time(..., &ts,...) | inode_node->i_xtime = ts | node1->i_xtime = ts | ts = inode_node->i_xtime | <+... attr1->ia_xtime ...+> = ts | ts = attr1->ia_xtime | ts.tv_sec | ts.tv_nsec | btrfs_set_stack_timespec_sec(..., ts.tv_sec) | btrfs_set_stack_timespec_nsec(..., ts.tv_nsec) | - ts = timespec64_to_timespec( + ts = ... -) | - ts = ktime_to_timespec( + ts = ktime_to_timespec64( ...) | - ts = E3 + ts = timespec_to_timespec64(E3) | - ktime_get_real_ts(&ts) + ktime_get_real_ts64(&ts) | fn(..., - ts + timespec64_to_timespec(ts) ,...) ) ...+> ( <... when != ts - return ts; + return timespec64_to_timespec(ts); ...> ) | - timespec_equal(&node1->i_xtime1, &node2->i_xtime2) + timespec64_equal(&node1->i_xtime2, &node2->i_xtime2) | - timespec_equal(&node1->i_xtime1, &attr2->ia_xtime2) + timespec64_equal(&node1->i_xtime2, &attr2->ia_xtime2) | - timespec_compare(&node1->i_xtime1, &node2->i_xtime2) + timespec64_compare(&node1->i_xtime1, &node2->i_xtime2) | node1->i_xtime1 = - timespec_trunc(attr1->ia_xtime1, + timespec64_trunc(attr1->ia_xtime1, ...) | - attr1->ia_xtime1 = timespec_trunc(attr2->ia_xtime2, + attr1->ia_xtime1 = timespec64_trunc(attr2->ia_xtime2, ...) | - ktime_get_real_ts(&attr1->ia_xtime1) + ktime_get_real_ts64(&attr1->ia_xtime1) | - ktime_get_real_ts(&attr.ia_xtime1) + ktime_get_real_ts64(&attr.ia_xtime1) ) @ depends on patch @ struct inode *node; struct iattr *attr; identifier fn; identifier i_xtime =~ "^i_[acm]time$"; identifier ia_xtime =~ "^ia_[acm]time$"; expression e; @@ ( - fn(node->i_xtime); + fn(timespec64_to_timespec(node->i_xtime)); | fn(..., - node->i_xtime); + timespec64_to_timespec(node->i_xtime)); | - e = fn(attr->ia_xtime); + e = fn(timespec64_to_timespec(attr->ia_xtime)); ) @ depends on patch forall @ struct inode *node; struct iattr *attr; identifier i_xtime =~ "^i_[acm]time$"; identifier ia_xtime =~ "^ia_[acm]time$"; identifier fn; @@ { + struct timespec ts; <+... ( + ts = timespec64_to_timespec(node->i_xtime); fn (..., - &node->i_xtime, + &ts, ...); | + ts = timespec64_to_timespec(attr->ia_xtime); fn (..., - &attr->ia_xtime, + &ts, ...); ) ...+> } @ depends on patch forall @ struct inode *node; struct iattr *attr; struct kstat *stat; identifier ia_xtime =~ "^ia_[acm]time$"; identifier i_xtime =~ "^i_[acm]time$"; identifier xtime =~ "^[acm]time$"; identifier fn, ret; @@ { + struct timespec ts; <+... ( + ts = timespec64_to_timespec(node->i_xtime); ret = fn (..., - &node->i_xtime, + &ts, ...); | + ts = timespec64_to_timespec(node->i_xtime); ret = fn (..., - &node->i_xtime); + &ts); | + ts = timespec64_to_timespec(attr->ia_xtime); ret = fn (..., - &attr->ia_xtime, + &ts, ...); | + ts = timespec64_to_timespec(attr->ia_xtime); ret = fn (..., - &attr->ia_xtime); + &ts); | + ts = timespec64_to_timespec(stat->xtime); ret = fn (..., - &stat->xtime); + &ts); ) ...+> } @ depends on patch @ struct inode *node; struct inode *node2; identifier i_xtime1 =~ "^i_[acm]time$"; identifier i_xtime2 =~ "^i_[acm]time$"; identifier i_xtime3 =~ "^i_[acm]time$"; struct iattr *attrp; struct iattr *attrp2; struct iattr attr ; identifier ia_xtime1 =~ "^ia_[acm]time$"; identifier ia_xtime2 =~ "^ia_[acm]time$"; struct kstat *stat; struct kstat stat1; struct timespec64 ts; identifier xtime =~ "^[acmb]time$"; expression e; @@ ( ( node->i_xtime2 \| attrp->ia_xtime2 \| attr.ia_xtime2 \) = node->i_xtime1 ; | node->i_xtime2 = \( node2->i_xtime1 \| timespec64_trunc(...) \); | node->i_xtime2 = node->i_xtime1 = node->i_xtime3 = \(ts \| current_time(...) \); | node->i_xtime1 = node->i_xtime3 = \(ts \| current_time(...) \); | stat->xtime = node2->i_xtime1; | stat1.xtime = node2->i_xtime1; | ( node->i_xtime2 \| attrp->ia_xtime2 \) = attrp->ia_xtime1 ; | ( attrp->ia_xtime1 \| attr.ia_xtime1 \) = attrp2->ia_xtime2; | - e = node->i_xtime1; + e = timespec64_to_timespec( node->i_xtime1 ); | - e = attrp->ia_xtime1; + e = timespec64_to_timespec( attrp->ia_xtime1 ); | node->i_xtime1 = current_time(...); | node->i_xtime2 = node->i_xtime1 = node->i_xtime3 = - e; + timespec_to_timespec64(e); | node->i_xtime1 = node->i_xtime3 = - e; + timespec_to_timespec64(e); | - node->i_xtime1 = e; + node->i_xtime1 = timespec_to_timespec64(e); ) Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Cc: <anton@tuxera.com> Cc: <balbi@kernel.org> Cc: <bfields@fieldses.org> Cc: <darrick.wong@oracle.com> Cc: <dhowells@redhat.com> Cc: <dsterba@suse.com> Cc: <dwmw2@infradead.org> Cc: <hch@lst.de> Cc: <hirofumi@mail.parknet.co.jp> Cc: <hubcap@omnibond.com> Cc: <jack@suse.com> Cc: <jaegeuk@kernel.org> Cc: <jaharkes@cs.cmu.edu> Cc: <jslaby@suse.com> Cc: <keescook@chromium.org> Cc: <mark@fasheh.com> Cc: <miklos@szeredi.hu> Cc: <nico@linaro.org> Cc: <reiserfs-devel@vger.kernel.org> Cc: <richard@nod.at> Cc: <sage@redhat.com> Cc: <sfrench@samba.org> Cc: <swhiteho@redhat.com> Cc: <tj@kernel.org> Cc: <trond.myklebust@primarydata.com> Cc: <tytso@mit.edu> Cc: <viro@zeniv.linux.org.uk>
|
#
903f9db1 |
|
05-Apr-2018 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
tty: Don't call panic() at tty_ldisc_init() syzbot is reporting kernel panic [1] triggered by memory allocation failure at tty_ldisc_get() from tty_ldisc_init(). But since both tty_ldisc_get() and caller of tty_ldisc_init() can cleanly handle errors, tty_ldisc_init() does not need to call panic() when tty_ldisc_get() failed. [1] https://syzkaller.appspot.com/bug?id=883431818e036ae6a9981156a64b821110f39187 Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reported-by: syzbot <syzkaller@googlegroups.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Jiri Slaby <jslaby@suse.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
28b0f8a6 |
|
13-Feb-2018 |
Tejun Heo <tj@kernel.org> |
tty: make n_tty_read() always abort if hangup is in progress A tty is hung up by __tty_hangup() setting file->f_op to hung_up_tty_fops, which is skipped on ttys whose write operation isn't tty_write(). This means that, for example, /dev/console whose write op is redirected_tty_write() is never actually marked hung up. Because n_tty_read() uses the hung up status to decide whether to abort the waiting readers, the lack of hung-up marking can lead to the following scenario. 1. A session contains two processes. The leader and its child. The child ignores SIGHUP. 2. The leader exits and starts disassociating from the controlling terminal (/dev/console). 3. __tty_hangup() skips setting f_op to hung_up_tty_fops. 4. SIGHUP is delivered and ignored. 5. tty_ldisc_hangup() is invoked. It wakes up the waits which should clear the read lockers of tty->ldisc_sem. 6. The reader wakes up but because tty_hung_up_p() is false, it doesn't abort and goes back to sleep while read-holding tty->ldisc_sem. 7. The leader progresses to tty_ldisc_lock() in tty_ldisc_hangup() and is now stuck in D sleep indefinitely waiting for tty->ldisc_sem. The following is Alan's explanation on why some ttys aren't hung up. http://lkml.kernel.org/r/20171101170908.6ad08580@alans-desktop 1. It broke the serial consoles because they would hang up and close down the hardware. With tty_port that *should* be fixable properly for any cases remaining. 2. The console layer was (and still is) completely broken and doens't refcount properly. So if you turn on console hangups it breaks (as indeed does freeing consoles and half a dozen other things). As neither can be fixed quickly, this patch works around the problem by introducing a new flag, TTY_HUPPING, which is used solely to tell n_tty_read() that hang-up is in progress for the console and the readers should be aborted regardless of the hung-up status of the device. The following is a sample hung task warning caused by this issue. INFO: task agetty:2662 blocked for more than 120 seconds. Not tainted 4.11.3-dbg-tty-lockup-02478-gfd6c7ee-dirty #28 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. 0 2662 1 0x00000086 Call Trace: __schedule+0x267/0x890 schedule+0x36/0x80 schedule_timeout+0x23c/0x2e0 ldsem_down_write+0xce/0x1f6 tty_ldisc_lock+0x16/0x30 tty_ldisc_hangup+0xb3/0x1b0 __tty_hangup+0x300/0x410 disassociate_ctty+0x6c/0x290 do_exit+0x7ef/0xb00 do_group_exit+0x3f/0xa0 get_signal+0x1b3/0x5d0 do_signal+0x28/0x660 exit_to_usermode_loop+0x46/0x86 do_syscall_64+0x9c/0xb0 entry_SYSCALL64_slow_path+0x25/0x25 The following is the repro. Run "$PROG /dev/console". The parent process hangs in D state. #include <sys/types.h> #include <sys/stat.h> #include <sys/wait.h> #include <sys/ioctl.h> #include <fcntl.h> #include <unistd.h> #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <signal.h> #include <time.h> #include <termios.h> int main(int argc, char **argv) { struct sigaction sact = { .sa_handler = SIG_IGN }; struct timespec ts1s = { .tv_sec = 1 }; pid_t pid; int fd; if (argc < 2) { fprintf(stderr, "test-hung-tty /dev/$TTY\n"); return 1; } /* fork a child to ensure that it isn't already the session leader */ pid = fork(); if (pid < 0) { perror("fork"); return 1; } if (pid > 0) { /* top parent, wait for everyone */ while (waitpid(-1, NULL, 0) >= 0) ; if (errno != ECHILD) perror("waitpid"); return 0; } /* new session, start a new session and set the controlling tty */ if (setsid() < 0) { perror("setsid"); return 1; } fd = open(argv[1], O_RDWR); if (fd < 0) { perror("open"); return 1; } if (ioctl(fd, TIOCSCTTY, 1) < 0) { perror("ioctl"); return 1; } /* fork a child, sleep a bit and exit */ pid = fork(); if (pid < 0) { perror("fork"); return 1; } if (pid > 0) { nanosleep(&ts1s, NULL); printf("Session leader exiting\n"); exit(0); } /* * The child ignores SIGHUP and keeps reading from the controlling * tty. Because SIGHUP is ignored, the child doesn't get killed on * parent exit and the bug in n_tty makes the read(2) block the * parent's control terminal hangup attempt. The parent ends up in * D sleep until the child is explicitly killed. */ sigaction(SIGHUP, &sact, NULL); printf("Child reading tty\n"); while (1) { char buf[1024]; if (read(fd, buf, sizeof(buf)) < 0) { perror("read"); return 1; } } return 0; } Signed-off-by: Tejun Heo <tj@kernel.org> Cc: Alan Cox <alan@llwyncelyn.cymru> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a9a08845 |
|
11-Feb-2018 |
Linus Torvalds <torvalds@linux-foundation.org> |
vfs: do bulk POLL* -> EPOLL* replacement This is the mindless scripted replacement of kernel use of POLL* variables as described by Al, done by this script: for V in IN OUT PRI ERR RDNORM RDBAND WRNORM WRBAND HUP RDHUP NVAL MSG; do L=`git grep -l -w POLL$V | grep -v '^t' | grep -v /um/ | grep -v '^sa' | grep -v '/poll.h$'|grep -v '^D'` for f in $L; do sed -i "-es/^\([^\"]*\)\(\<POLL$V\>\)/\\1E\\2/" $f; done done with de-mangling cleanups yet to come. NOTE! On almost all architectures, the EPOLL* constants have the same values as the POLL* constants do. But they keyword here is "almost". For various bad reasons they aren't the same, and epoll() doesn't actually work quite correctly in some cases due to this on Sparc et al. The next patch from Al will sort out the final differences, and we should be all done. Scripted-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
b027e229 |
|
23-Jan-2018 |
Gaurav Kohli <gkohli@codeaurora.org> |
tty: fix data race between tty_init_dev and flush of buf There can be a race, if receive_buf call comes before tty initialization completes in n_tty_open and tty->disc_data may be NULL. CPU0 CPU1 ---- ---- 000|n_tty_receive_buf_common() n_tty_open() -001|n_tty_receive_buf2() tty_ldisc_open.isra.3() -002|tty_ldisc_receive_buf(inline) tty_ldisc_setup() Using ldisc semaphore lock in tty_init_dev till disc_data initializes completely. Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org> Reviewed-by: Alan Cox <alan@linux.intel.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
2b022ab7 |
|
12-Dec-2017 |
Sahara <keun-o.park@darkmatter.ae> |
pty: cancel pty slave port buf's work in tty_release In case that CONFIG_SLUB_DEBUG is on and pty is used, races between release_one_tty and flush_to_ldisc work threads may happen and lead to use-after-free condition on tty->link->port. Because SLUB_DEBUG is turned on, freed tty->link->port is filled with POISON_FREE value. So far without SLUB_DEBUG, port was filled with zero and flush_to_ldisc could return without a problem by checking if tty is NULL. CPU 0 CPU 1 ----- ----- release_tty pty_write cancel_work_sync(tty) to = tty->link tty_kref_put(tty->link) tty_schedule_flip(to->port) << workqueue >> ... release_one_tty ... pty_cleanup ... kfree(tty->link->port) << workqueue >> flush_to_ldisc tty = READ_ONCE(port->itty) tty is 0x6b6b6b6b6b6b6b6b !!PANIC!! access tty->ldisc Unable to handle kernel paging request at virtual address 6b6b6b6b6b6b6b93 pgd = ffffffc0eb1c3000 [6b6b6b6b6b6b6b93] *pgd=0000000000000000, *pud=0000000000000000 ------------[ cut here ]------------ Kernel BUG at ffffff800851154c [verbose debug info unavailable] Internal error: Oops - BUG: 96000004 [#1] PREEMPT SMP CPU: 3 PID: 265 Comm: kworker/u8:9 Tainted: G W 3.18.31-g0a58eeb #1 Hardware name: Qualcomm Technologies, Inc. MSM 8996pro v1.1 + PMI8996 Carbide (DT) Workqueue: events_unbound flush_to_ldisc task: ffffffc0ed610ec0 ti: ffffffc0ed624000 task.ti: ffffffc0ed624000 PC is at ldsem_down_read_trylock+0x0/0x4c LR is at tty_ldisc_ref+0x24/0x4c pc : [<ffffff800851154c>] lr : [<ffffff800850f6c0>] pstate: 80400145 sp : ffffffc0ed627cd0 x29: ffffffc0ed627cd0 x28: 0000000000000000 x27: ffffff8009e05000 x26: ffffffc0d382cfa0 x25: 0000000000000000 x24: ffffff800a012f08 x23: 0000000000000000 x22: ffffffc0703fbc88 x21: 6b6b6b6b6b6b6b6b x20: 6b6b6b6b6b6b6b93 x19: 0000000000000000 x18: 0000000000000001 x17: 00e80000f80d6f53 x16: 0000000000000001 x15: 0000007f7d826fff x14: 00000000000000a0 x13: 0000000000000000 x12: 0000000000000109 x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffc0ed624000 x8 : ffffffc0ed611580 x7 : 0000000000000000 x6 : ffffff800a42e000 x5 : 00000000000003fc x4 : 0000000003bd1201 x3 : 0000000000000001 x2 : 0000000000000001 x1 : ffffff800851004c x0 : 6b6b6b6b6b6b6b93 Signed-off-by: Sahara <keun-o.park@darkmatter.ae> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
afc9a42b |
|
03-Jul-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
the rest of drivers/*: annotate ->poll() instances Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
e6c8adca |
|
03-Jul-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
anntotate the places where ->poll() return values go Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
e3b3d0f5 |
|
06-Nov-2017 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
tty: add SPDX identifiers to all remaining files in drivers/tty/ It's good to have SPDX identifiers in all files to make it easier to audit the kernel tree for correct licenses. Update the drivers/tty files files with the correct SPDX license identifier based on the license text in the file itself. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. This work is based on a script and data from Thomas Gleixner, Philippe Ombredanne, and Kate Stewart. Cc: Jiri Slaby <jslaby@suse.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Chris Metcalf <cmetcalf@mellanox.com> Cc: Jiri Kosina <jikos@kernel.org> Cc: David Sterba <dsterba@suse.com> Cc: James Hogan <jhogan@kernel.org> Cc: Rob Herring <robh@kernel.org> Cc: Eric Anholt <eric@anholt.net> Cc: Stefan Wahren <stefan.wahren@i2se.com> Cc: Florian Fainelli <f.fainelli@gmail.com> Cc: Ray Jui <rjui@broadcom.com> Cc: Scott Branden <sbranden@broadcom.com> Cc: bcm-kernel-feedback-list@broadcom.com Cc: "James E.J. Bottomley" <jejb@parisc-linux.org> Cc: Helge Deller <deller@gmx.de> Cc: Joachim Eastwood <manabian@gmail.com> Cc: Matthias Brugger <matthias.bgg@gmail.com> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Cc: Tobias Klauser <tklauser@distanz.ch> Cc: Russell King <linux@armlinux.org.uk> Cc: Vineet Gupta <vgupta@synopsys.com> Cc: Richard Genoud <richard.genoud@gmail.com> Cc: Alexander Shiyan <shc_work@mail.ru> Cc: Baruch Siach <baruch@tkos.co.il> Cc: "Maciej W. Rozycki" <macro@linux-mips.org> Cc: "Uwe Kleine-König" <kernel@pengutronix.de> Cc: Pat Gefre <pfg@sgi.com> Cc: "Guilherme G. Piccoli" <gpiccoli@linux.vnet.ibm.com> Cc: Jason Wessel <jason.wessel@windriver.com> Cc: Vladimir Zapolskiy <vz@mleia.com> Cc: Sylvain Lemieux <slemieux.tyco@gmail.com> Cc: Carlo Caione <carlo@caione.org> Cc: Kevin Hilman <khilman@baylibre.com> Cc: Liviu Dudau <liviu.dudau@arm.com> Cc: Sudeep Holla <sudeep.holla@arm.com> Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com> Cc: Andy Gross <andy.gross@linaro.org> Cc: David Brown <david.brown@linaro.org> Cc: "Andreas Färber" <afaerber@suse.de> Cc: Kevin Cernekee <cernekee@gmail.com> Cc: Laxman Dewangan <ldewangan@nvidia.com> Cc: Thierry Reding <thierry.reding@gmail.com> Cc: Jonathan Hunter <jonathanh@nvidia.com> Cc: Barry Song <baohua@kernel.org> Cc: Patrice Chotard <patrice.chotard@st.com> Cc: Maxime Coquelin <mcoquelin.stm32@gmail.com> Cc: Alexandre Torgue <alexandre.torgue@st.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Peter Korsgaard <jacmet@sunsite.dk> Cc: Timur Tabi <timur@tabi.org> Cc: Tony Prisk <linux@prisktech.co.nz> Cc: Michal Simek <michal.simek@xilinx.com> Cc: "Sören Brinkmann" <soren.brinkmann@xilinx.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Kate Stewart <kstewart@linuxfoundation.org> Cc: Philippe Ombredanne <pombredanne@nexb.com> Cc: Jiri Slaby <jslaby@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d01c3289 |
|
17-Jul-2017 |
Masatake YAMATO <yamato@redhat.com> |
pty: show associative slave of ptmx in fdinfo This patch adds "tty-index" field to /proc/PID/fdinfo/N if N specifies /dev/ptmx. The field shows the index of associative slave pts. Though a minor number is given for each pts instance, ptmx is not. It means there is no way in user-space to know the association between file descriptors for pts/n and ptmx. (n = 0, 1, ...) This is different from pipe. About pipe such association can be solved by inode of pipefs. Providing the way to know the association between pts/n and ptmx helps users understand the status of running system. lsof can utilize this field. Signed-off-by: Masatake YAMATO <yamato@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a033c3b1 |
|
20-Jul-2017 |
Okash Khawaja <okash.khawaja@gmail.com> |
tty: undo export of tty_open_by_driver Since we have tty_kopen, we no longer need to export tty_open_by_driver. This patch makes this function static. Signed-off-by: Okash Khawaja <okash.khawaja@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a09ac397 |
|
20-Jul-2017 |
Okash Khawaja <okash.khawaja@gmail.com> |
tty: resolve tty contention between kernel and user space The commit 12e84c71b7d4 ("tty: export tty_open_by_driver") exports tty_open_by_device to allow tty to be opened from inside kernel which works fine except that it doesn't handle contention with user space or another kernel-space open of the same tty. For example, opening a tty from user space while it is kernel opened results in failure and a kernel log message about mismatch between tty->count and tty's file open count. This patch makes kernel access to tty exclusive, so that if a user process or kernel opens a kernel opened tty, it gets -EBUSY. It does this by adding TTY_KOPENED flag to tty->flags. When this flag is set, tty_open_by_driver returns -EBUSY. Instead of overloading tty_open_by_driver for both kernel and user space, this patch creates a separate function tty_kopen which closely follows tty_open_by_driver. tty_kclose closes the tty opened by tty_kopen. To address the mismatch between tty->count and #fd's, this patch adds #kopen's to the count before comparing it with tty->count. That way check_tty_count reflects correct usage count. Returning -EBUSY on tty open is a change in the interface. I have tested this with minicom, picocom and commands like "echo foo > /dev/ttyS0". They all correctly report "Device or resource busy" when the tty is already kernel opened. Signed-off-by: Okash Khawaja <okash.khawaja@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
311fc65c |
|
24-Aug-2017 |
Eric W. Biederman <ebiederm@xmission.com> |
pty: Repair TIOCGPTPEER The implementation of TIOCGPTPEER has two issues. When /dev/ptmx (as opposed to /dev/pts/ptmx) is opened the wrong vfsmount is passed to dentry_open. Which results in the kernel displaying the wrong pathname for the peer. The second is simply by caching the vfsmount and dentry of the peer it leaves them open, in a way they were not previously Which because of the inreased reference counts can cause unnecessary behaviour differences resulting in regressions. To fix these move the ioctl into tty_io.c at a generic level allowing the ioctl to have access to the struct file on which the ioctl is being called. This allows the path of the slave to be derived when opening the slave through TIOCGPTPEER instead of requiring the path to the slave be cached. Thus removing the need for caching the path. A new function devpts_ptmx_path is factored out of devpts_acquire and used to implement a function devpts_mntget. The new function devpts_mntget takes a filp to perform the lookup on and fsi so that it can confirm that the superblock that is found by devpts_ptmx_path is the proper superblock. v2: Lots of fixes to make the code actually work v3: Suggestions by Linus - Removed the unnecessary initialization of filp in ptm_open_peer - Simplified devpts_ptmx_path as gotos are no longer required [ This is the fix for the issue that was reverted in commit 143c97cc6529, but this time without breaking 'pbuilder' due to increased reference counts - Linus ] Fixes: 54ebbfb16034 ("tty: add TIOCGPTPEER ioctl") Reported-by: Christian Brauner <christian.brauner@canonical.com> Reported-and-tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
fc61ed51 |
|
25-Jun-2017 |
Okash Khawaja <okash.khawaja@gmail.com> |
tty: add function to convert device name to number The function converts strings like ttyS0 and ttyUSB0 to dev_t like (4, 64) and (188, 0). It does this by scanning tty_drivers list for corresponding device name and index. If the driver is not registered, this function returns -ENODEV. It also acquires tty_mutex. Signed-off-by: Okash Khawaja <okash.khawaja@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
12e84c71 |
|
15-May-2017 |
Okash Khawaja <okash.khawaja@gmail.com> |
tty: export tty_open_by_driver This exports tty_open_by_driver so that it can be called from other places inside the kernel. The checks for null file pointer are based on Alan Cox's patch here: http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1215095.html. Description below is quoted from it: "[RFC] tty_port: allow a port to be opened with a tty that has no file handle Let us create tty objects entirely in kernel space. Untested proposal to show why all the ideas around rewriting half the uart stack are not needed. With this a kernel created non file backed tty object could be used to handle data, and set terminal modes. Not all ldiscs can cope with this as N_TTY in particular has to work back to the fs/tty layer. The tty_port code is however otherwise clean of file handles as far as I can tell as is the low level tty port write path used by the ldisc, the configuration low level interfaces and most of the ldiscs. Currently you don't have any exposure to see tty hangups because those are built around the file layer. However a) it's a fixed port so you probably don't care about that b) if you do we can add a callback and c) you almost certainly don't want the userspace tear down/rebuild behaviour anyway. This should however be sufficient if we wanted for example to enumerate all the bluetooth bound fixed ports via ACPI and make them directly available. It doesn't deal with the case of a user opening a port that's also kernel opened and that would need some locking out (so it returned EBUSY if bound to a kernel device of some kind). That needs resolving along with how you "up" or "down" your new bluetooth device, or enumerate it while providing the existing tty API to avoid regressions (and to debug)." The exported funtion is used later in this patch set to gain access to tty_struct. [changed export symbol level - gkh] Signed-off-by: Okash Khawaja <okash.khawaja@gmail.com> Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6fbc8798 |
|
04-Apr-2017 |
Thadeu Lima de Souza Cascardo <cascardo@cascardo.eti.br> |
tty: fix comment for __tty_alloc_driver() Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@cascardo.eti.br> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
#
a1235b3e |
|
12-Apr-2017 |
Nicolas Pitre <nico@fluxnic.net> |
tty: split job control support into a file of its own This makes it easier for job control to become optional and/or usable independently from tty_io.c, as well as providing a nice purpose separation. No logical changes from this patch. Signed-off-by: Nicolas Pitre <nico@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0c688614 |
|
12-Apr-2017 |
Nicolas Pitre <nico@fluxnic.net> |
console: move console_init() out of tty_io.c All the console driver handling code lives in printk.c. Move console_init() there as well so console support can still be used when the TTY code is configured out. No logical changes from this patch. Signed-off-by: Nicolas Pitre <nico@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
87838ae3 |
|
04-Apr-2017 |
Thadeu Lima de Souza Cascardo <cascardo@cascardo.eti.br> |
tty: fix comment typo s/repsonsible/responsible/ Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@cascardo.eti.br> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
93857edd |
|
30-Mar-2017 |
Johan Hovold <johan@kernel.org> |
tty: reset termios state on device registration Free any saved termios data when registering a tty device so that the termios state is reset when reusing a minor number. This is useful for hot-pluggable buses such as USB where it does not make much sense to reuse saved termios data from an unrelated device when a new device is later plugged in. This specifically avoids a situation where the new device does not have the carrier-detect signal wired, but the saved termios state has CLOCAL cleared, effectively preventing the port from being opened in blocking mode as noted by Jan Kundrát <jan.kundrat@cesnet.cz>. Note that clearing the saved data at deregistration would not work as the device could still be open. Also note that the termios data is not reset for drivers with TTY_DRIVER_DYNAMIC_ALLOC set (e.g. legacy pty) as their character device is registered at driver registration and could theoretically already have been opened (and pty termios state is never saved anyway). Reported-by: Jan Kundrát <jan.kundrat@cesnet.cz> Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
16b00ae8 |
|
30-Mar-2017 |
Johan Hovold <johan@kernel.org> |
tty: drop obsolete termios_locked comments Drop comments about tty-driver termios_locked structures, which have been outdated since commit fe6e29fdb1a7 ("tty: simplify ktermios allocation"). Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6a7e6f78 |
|
30-Mar-2017 |
Johan Hovold <johan@kernel.org> |
tty: close race between device register and open The tty class device is currently not registered until after the character device has been registered thereby leaving a small window were a racing open could end up with a NULL tty->dev pointer due to the class-device lookup failing in alloc_tty_struct. Close this race by registering the class device before the character device while making sure to defer the user-space uevent notification until after the character device has been registered. Note that some tty drivers expect a valid tty->dev and would misbehave or crash otherwise. Some line disciplines also currently dereference the class device unconditionally despite the fact that not every tty is guaranteed to have one (Unix98 pty), but this is being fixed separately. Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d437fa91 |
|
17-Feb-2017 |
Joe Perches <joe@perches.com> |
drivers/tty: Convert remaining uses of pr_warning to pr_warn To enable eventual removal of pr_warning This makes pr_warn use consistent for drivers/tty Prior to this patch, there were 2 uses of pr_warning and 23 uses of pr_warn in drivers/tty Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
29930025 |
|
08-Feb-2017 |
Ingo Molnar <mingo@kernel.org> |
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h> We are going to split <linux/sched/task.h> out of <linux/sched.h>, which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder <linux/sched/task.h> file that just maps to <linux/sched.h> to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
3f07c014 |
|
08-Feb-2017 |
Ingo Molnar <mingo@kernel.org> |
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> We are going to split <linux/sched/signal.h> out of <linux/sched.h>, which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder <linux/sched/signal.h> file that just maps to <linux/sched.h> to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
ed3f0af8 |
|
16-Jan-2017 |
Alan Cox <alan@linux.intel.com> |
tty_port: allow a port to be opened with a tty that has no file handle Let us create tty objects entirely in kernel space. Untested proposal to show why all the ideas around rewriting half the uart stack are not needed. With this a kernel created non file backed tty object could be used to handle data, and set terminal modes. Not all ldiscs can cope with this as N_TTY in particular has to work back to the fs/tty layer. The tty_port code is however otherwise clean of file handles as far as I can tell as is the low level tty port write path used by the ldisc, the configuration low level interfaces and most of the ldiscs. Currently you don't have any exposure to see tty hangups because those are built around the file layer. However a) it's a fixed port so you probably don't care about that b) if you do we can add a callback and c) you almost certainly don't want the userspace tear down/rebuild behaviour anyway. This should however be sufficient if we wanted for example to enumerate all the bluetooth bound fixed ports via ACPI and make them directly available. It doesn't deal with the case of a user opening a port that's also kernel opened and that would need some locking out (so it returned EBUSY if bound to a kernel device of some kind). That needs resolving along with how you "up" or "down" your new bluetooth device, or enumerate it while providing the existing tty API to avoid regressions (and to debug). Signed-off-by: Alan Cox <alan@linux.intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-By: Sebastian Reichel <sre@kernel.org> Signed-off-by: Rob Herring <robh@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
9ed90d20 |
|
16-Jan-2017 |
Rob Herring <robh@kernel.org> |
tty: move the non-file related parts of tty_release to new tty_release_struct For in-kernel tty users, we need to be able to create and destroy 'struct tty' that are not associated with a file. The creation side is fine, but tty_release() needs to be split into the file handle portion and the struct tty portion. Introduce a new function, tty_release_struct, to handle just the destroying of a struct tty. Signed-off-by: Rob Herring <robh@kernel.org> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-By: Sebastian Reichel <sre@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
25f3ecc2 |
|
09-Apr-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Remove stale parameter comment noctty was removed as a parameter by commit 11e1d4aa4da ("tty: Consolidate noctty check in tty_open()"). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0f0380b6 |
|
09-Apr-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Remove unused TTY_NUMBER() macro TTY_NUMBER() has been unused since v2.5.71; removed by "[PATCH] callout removal: callout is gone". Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
18900ca6 |
|
09-Apr-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Replace TTY_IO_ERROR bit tests with tty_io_error() Abstract TTY_IO_ERROR status test treewide with tty_io_error(). NB: tty->flags uses atomic bit ops; replace non-atomic bit test with test_bit(). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
8ead9dd5 |
|
25-Apr-2016 |
Linus Torvalds <torvalds@linux-foundation.org> |
devpts: more pty driver interface cleanups This is more prep-work for the upcoming pty changes. Still just code cleanup with no actual semantic changes. This removes a bunch pointless complexity by just having the slave pty side remember the dentry associated with the devpts slave rather than the inode. That allows us to remove all the "look up the dentry" code for when we want to remove it again. Together with moving the tty pointer from "inode->i_private" to "dentry->d_fsdata" and getting rid of pointless inode locking, this removes about 30 lines of code. Not only is the end result smaller, it's simpler and easier to understand. The old code, for example, depended on the d_find_alias() to not just find the dentry, but also to check that it is still hashed, which in turn validated the tty pointer in the inode. That is a _very_ roundabout way to say "invalidate the cached tty pointer when the dentry is removed". The new code just does dentry->d_fsdata = NULL; in devpts_pty_kill() instead, invalidating the tty pointer rather more directly and obviously. Don't do something complex and subtle when the obvious straightforward approach will do. The rest of the patch (ie apart from code deletion and the above tty pointer clearing) is just switching the calling convention to pass the dentry or file pointer around instead of the inode. Cc: Eric Biederman <ebiederm@xmission.com> Cc: Peter Anvin <hpa@zytor.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Peter Hurley <peter@hurleysoftware.com> Cc: Serge Hallyn <serge.hallyn@ubuntu.com> Cc: Willy Tarreau <w@1wt.eu> Cc: Aurelien Jarno <aurelien@aurel32.net> Cc: Alan Cox <gnomes@lxorguk.ukuu.org.uk> Cc: Jann Horn <jann@thejh.net> Cc: Greg KH <greg@kroah.com> Cc: Jiri Slaby <jslaby@suse.com> Cc: Florian Weimer <fw@deneb.enyo.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
5e00bbfb |
|
31-Mar-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix merge of "tty: Refactor tty_open()" Commit e9036d066236 ("tty: Drop krefs for interrupted tty lock") fixed a tty reference counting problem introduced in commit 0bfd464d3fdd ("tty: Wait interruptibly for tty lock on reopen"), so v4.5.0 is correct. However, commit d6203d0c7b73 ("tty: Refactor tty_open()") moved the relevant code for 4.6-rc1; correct the merge. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
da5a0fc6 |
|
31-Mar-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix UML console breakage User-Mode Linux supplies an alternate TTY_MAJOR driver for stdio console, so the noctty check in tty_open() must apply only to VT driver tty0 devnode and not the UML console driver tty0 devnode. Fixes: 11e1d4aa4da1 ("tty: Consolidate noctty checks in tty_open()") Reported-by: Richard Weinberger <richard.weinberger@gmail.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e9036d06 |
|
05-Feb-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Drop krefs for interrupted tty lock When the tty lock is interrupted on attempted re-open, 2 tty krefs are still held. Drop extra kref before returning failure from tty_lock_interruptible(), and drop lookup kref before returning failure from tty_open(). Fixes: 0bfd464d3fdd ("tty: Wait interruptibly for tty lock on reopen") Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a8f3a297 |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix ioctl(FIOASYNC) on hungup file A small race window exists which allows signal-driven async i/o to be enabled for the tty when the file ptr has already been hungup and signal-driven i/o has been disabled: CPU 0 CPU 1 ----- ------ ioctl_fioasync(on) filp->f_op->fasync(on) __tty_hangup() tty_fasync(on) tty_lock() tty_lock() ... . filp->f_op = &hung_up_tty_fops; (waiting) __tty_fasync(off) . tty_unlock() /* gets tty lock */ /* enables FASYNC */ Check the tty has not been hungup while holding tty_lock. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f557474c |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Add fasync() hung up file operation VFS uses a two-stage check-and-call method for invoking file_operations methods, without explicitly snapshotting either the file_operations ptr or the function ptr. Since the tty core is one of the few VFS users that changes the f_op file_operations ptr of the file descriptor (when the tty has been hung up), and since the likelihood of the compiler generating a reload of either f_op or the function ptr is basically nil, just define a hung up fasync() file operation that returns an error. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
bee6741c |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty, n_tty: Remove fasync() ldisc notification Only the N_TTY line discipline implements the signal-driven i/o notification enabled/disabled by fcntl(F_SETFL, O_ASYNC). The ldisc fasync() notification is sent to the ldisc when the enable state has changed (the tty core is notified via the fasync() VFS file operation). The N_TTY line discipline used the enable state to change the wakeup condition (minimum_to_wake = 1) for notifying the signal handler i/o is available. However, just the presence of data is sufficient and necessary to signal i/o is available, so changing minimum_to_wake is unnecessary (and creates a race condition with read() and poll() which may be concurrently updating minimum_to_wake). Furthermore, since the kill_fasync() VFS helper performs no action if the fasync list is empty, calling unconditionally is preferred; if signal driven i/o just has been disabled, no signal will be sent by kill_fasync() anyway so notification of the change via the ldisc fasync() method is superfluous. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4a510969 |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Make tty_files_lock per-tty Access to tty->tty_files list is always per-tty, never for all ttys simultaneously. Replace global tty_files_lock spinlock with per-tty ->files_lock. Initialize when the ->tty_files list is inited, in alloc_tty_struct(). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e802ca0e |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Move tty_check_change() helper Move is_ignored() to drivers/tty/tty_io.c and re-declare in file scope. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
27228732 |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Eliminate global symbol tty_ldisc_N_TTY Reduce global tty symbols; move and rename tty_ldisc_begin() as n_tty_init() and redefine the N_TTY ldisc ops as file scope. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d1d027ef |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Unexport system-wide tty_mutex tty_mutex is a core, system-wide lock; there is no reason for any code outside the tty core to have direct access. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
133b1306 |
|
10-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Document c_line == N_TTY initial condition The line discipline id is stored in the tty's termios; document the implicit initial value of N_TTY. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
892d1fa7 |
|
10-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Destroy ldisc instance on hangup Currently, when the tty is hungup, the ldisc is re-instanced; ie., the current instance is destroyed and a new instance is created. The purpose of this design was to guarantee a valid, open ldisc for the lifetime of the tty. However, now that tty buffers are owned by and have lifetime equivalent to the tty_port (since v3.10), any data received immediately after the ldisc is re-instanced may cause continued driver i/o operations concurrently with the driver's hangup() operation. For drivers that shutdown h/w on hangup, this is unexpected and usually bad. For example, the serial core may free the xmit buffer page concurrently with an in-progress write() operation (triggered by echo). With the existing stable and robust ldisc reference handling, the cleaned-up tty_reopen(), the straggling unsafe ldisc use cleaned up, and the preparation to properly handle a NULL tty->ldisc, the ldisc instance can be destroyed and only re-instanced when the tty is re-opened. If the tty was opened as /dev/console or /dev/tty0, the original behavior of re-instancing the ldisc is retained (the 'reinit' parameter to tty_ldisc_hangup() is true). This is required since those file descriptors are never hungup. This patch has neglible impact on userspace; the tty file_operations ptr is changed to point to the hungup file operations _before_ the ldisc instance is destroyed, so only racing file operations might now retrieve a NULL ldisc reference (which is simply handled as if the hungup file operation had been called instead -- see "tty: Prepare for destroying line discipline on hangup"). This resolves a long-standing FIXME and several crash reports. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c12da96f |
|
10-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Use 'disc' for line discipline index name tty->ldisc is a ptr to struct tty_ldisc, but unfortunately 'ldisc' is also used as a parameter or local name to refer to the line discipline index value (ie, N_TTY, N_GSM, etc.); instead prefer the name used by the line discipline registration/ref counting functions. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e55afd11 |
|
10-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Prepare for destroying line discipline on hangup tty file_operations (read/write/ioctl) wait for the ldisc reference indefinitely (until ldisc lifetime events, such as hangup or TIOCSETD, finish). Since hangup now destroys the ldisc and does not instance another copy, file_operations must now be prepared to receive a NULL ldisc reference from tty_ldisc_ref_wait(): CPU 0 CPU 1 ----- ----- (*f_op->read)() => tty_read() __tty_hangup() ... f_op = &hung_up_tty_fops; ... tty_ldisc_hangup() tty_ldisc_lock() tty_ldisc_kill() tty->ldisc = NULL tty_ldisc_unlock() ld = tty_ldisc_ref_wait() /* ld == NULL */ Instead, the action taken now is to return the same value as if the tty had been hungup a moment earlier: CPU 0 CPU 1 ----- ----- __tty_hangup() ... f_op = &hung_up_tty_fops; (*f_op->read)() => hung_up_tty_read() return 0; ... tty_ldisc_hangup() tty_ldisc_lock() tty_ldisc_kill() tty->ldisc = NULL tty_ldisc_unlock() Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ece53405 |
|
10-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Reset c_line from driver's init_termios After the ldisc is released, but before the tty is destroyed, the termios is saved (in tty_free_termios()); this termios is restored if a new tty is created on next open(). However, the line discipline is always reset, which is not obvious in the current method. Instead, reset as part of the restore. Restore the original line discipline, which may not have been N_TTY. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d6203d0c |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Refactor tty_open() Extract the driver lookup and reopen-or-initialize logic into helper function tty_open_by_driver(). No functional change. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
11e1d4aa |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Consolidate noctty checks in tty_open() Evaluate the conditions which prevent this tty being the controlling terminal in one place, just before setting the controlling terminal. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
05de87ed |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Re-declare tty_driver_remove_tty() file scope tty_driver_remove_tty() is only local-scope; declare as static. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a3123fd0 |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix tty_init_termios() declaration tty_init_termios() never returns an error; re-declare as void. Remove unnecessary error handling from callers. Remove extern declarations of tty_free_termios() and free_tty_struct() and re-declare in file scope. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Johan Hovold <johan@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a99cc5d9 |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Remove !tty check from free_tty_struct() free_tty_struct() is never called with NULL tty; the two call sites would already have faulted on earlier access. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c8b710b3 |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix ldisc leak in failed tty_init_dev() release_tty() leaks the ldisc instance when called directly (rather than when releasing the file descriptor from tty_release()). Since tty_ldisc_release() clears tty->ldisc, releasing the ldisc instance at tty teardown if tty->ldisc is non-null is not in danger of double-releasing the ldisc. Remove deinitialize_tty_struct() now that free_tty_struct() always performs the tty_ldisc_deinit(). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5c17c861 |
|
10-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) ioctl(TIOCGETD) retrieves the line discipline id directly from the ldisc because the line discipline id (c_line) in termios is untrustworthy; userspace may have set termios via ioctl(TCSETS*) without actually changing the line discipline via ioctl(TIOCSETD). However, directly accessing the current ldisc via tty->ldisc is unsafe; the ldisc ptr dereferenced may be stale if the line discipline is changing via ioctl(TIOCSETD) or hangup. Wait for the line discipline reference (just like read() or write()) to retrieve the "current" line discipline id. Cc: <stable@vger.kernel.org> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
7f22f6c9 |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Retry failed reopen if tty teardown in-progress A small window exists where a tty reopen will observe the tty just prior to imminent teardown (tty->count == 0); in this case, open() returns EIO to userspace. Instead, retry the open after checking for signals and yielding; this interruptible retry loop allows teardown to commence and initialize a new tty on retry. Never retry the BSD master pty reopen; there is no guarantee the pty pair teardown is imminent since the slave file descriptors may remain open indefinitely. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Cc: stable <stable@vger.kernel.org> # 4.4 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0bfd464d |
|
09-Jan-2016 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Wait interruptibly for tty lock on reopen Allow a signal to interrupt the wait for a tty reopen; eg., if the tty has starting final close and is waiting for the device to drain. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Cc: stable <stable@vger.kernel.org> # 4.4 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d1d3a0f7 |
|
08-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Only allow slave pty as controlling tty A master pty should never be a controlling tty in Linux; if the master pty is specified to ioctl(TIOCSCTTY), silently substitute the slave pty as the controlling tty. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
83db1df4 |
|
08-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: core: Prefer dev_dbg() over pr_debug() Where possible, use dev_dbg() instead of pr_debug() Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d435cefe |
|
08-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Remove __func__ from tty_debug() macro Now that tty_debug() macro uses pr_debug(), the function name can be printed when using dynamic debug; printing the function name within the format string is redundant. Remove the __func__ parameter and print specifier from the format string. Add context to messages for when the function name is not printed by dynamic debug, or when dynamic debug is not enabled. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
89222e62 |
|
08-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: core: Prefer pr_* to printk(*) Convert remaining printk() use to pr_*() when tty is unknown or unsafe to use. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
656fb867 |
|
08-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: core: Add driver name to invalid device registration message Include the driver name in the tty_register_device_attr() error message for invalid index. Note that tty_err() cannot be used here because there is no tty; use pr_err(). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
9b42bb75 |
|
08-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Convert SAK messages to tty_notice() Use tty_notice() for unified message format from the tty core. Fix each message to accurately reflect the cause of each termination. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
339f36ba |
|
08-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Define tty_*() printk macros Since not all ttys are devices (eg., SysV ptys), dev_*() printk macros cannot be used. Define tty_*() printk macros that output in similar format to dev_*() macros (ie., <driver> <tty>: .....). Transform the most-trivial printk( LEVEL ...) usage to tty_*() usage. NB: The function name has been eliminated from messages with unique context, or prefixed to the format when given. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0a083edd |
|
08-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: core: Add helper fn to deref tty driver name Similar to tty_name(), add tty_driver_name() helper to safely dereference tty->driver->name (otherwise return empty string). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
25080652 |
|
08-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: core: Remove redundant oom message kmalloc() already emits a diagnostic for failed allocations; remove tty-specific message. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
82b8f888 |
|
08-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Make tty_paranoia_check() file scope tty_paranoia_check() is only used within drivers/tty/tty_io.c; remove extern declaration in header and limit symbol to file scope. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ee0c1a65 |
|
11-Nov-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix tty_send_xchar() lock order inversion The correct lock order is atomic_write_lock => termios_rwsem, as established by tty_write() => n_tty_write(). Fixes: c274f6ef1c666 ("tty: Hold termios_rwsem for tcflow(TCIxxx)") Reported-and-Tested-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> # v3.18+ Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e176058f |
|
17-Oct-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Abstract tty buffer work Introduce API functions to restart and cancel tty buffer work, rather than manipulate buffer work directly. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4b41b953 |
|
10-Oct-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Prevent tty teardown during tty_write_message() tty_write_message() allows the caller to directly write to a specific tty. Since the line discipline is bypassed for the direct write, nothing prevents the tty from being torn down after the tty count is checked. Hold the tty lock for the duration of the direct write. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
1e86b5bf |
|
10-Oct-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: core: Use correct spinlock flavor in tiocspgrp() tiocspgrp() is the ioctl handler for TIOCSPGRP, which runs in non-atomic context; use spin_lock/unlock_irq (since interrupt state is on). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
2812d9e9 |
|
10-Oct-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Combine SIGTTOU/SIGTTIN handling The job_control() check in n_tty_read() has nearly identical purpose and results as tty_check_change(). Both functions' purpose is to determine if the current task's pgrp is the foreground pgrp for the tty, and if not, to signal the current pgrp. Introduce __tty_check_change() which takes the signal to send and performs the shared operations for job control() and tty_check_change(). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0c556271 |
|
04-Oct-2015 |
Jann Horn <jann@thejh.net> |
drivers/tty: require read access for controlling terminal This is mostly a hardening fix, given that write-only access to other users' ttys is usually only given through setgid tty executables. Signed-off-by: Jann Horn <jann@thejh.net> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c1a752ba |
|
07-Sep-2015 |
Leon Yu <chianglungyu@gmail.com> |
tty: don't leak cdev in tty_cdev_add() Commit a3a10ce3429e ("Avoid usb reset crashes by making tty_io cdevs truly dynamic") which mixes using cdev_alloc() and cdev_init() is problematic. Subsequent call to cdev_init() after cdev_alloc() sets kobj release method from cdev_dynamic_release() to cdev_default_release() and thus makes it impossible to free allocated cdev. This patch also consolidates error path of cdev_add() as cdev can also leak here if things went wrong. Signed-off-by: Leon Yu <chianglungyu@gmail.com> Fixes: a3a10ce3429e ("Avoid usb reset crashes by making tty_io cdevs truly dynamic") Acked-by: Richard Watts <rrw@kynesim.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a3a10ce3 |
|
19-May-2015 |
Richard Watts <rrw@kynesim.co.uk> |
Avoid usb reset crashes by making tty_io cdevs truly dynamic Avoid usb reset crashes by making tty_io cdevs truly dynamic Signed-off-by: Richard Watts <rrw@kynesim.co.uk> Reported-by: Duncan Mackintosh <DMackintosh@cbnl.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
accff793 |
|
12-Jul-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Replace #ifdef TTY_DEBUG_HANGUP with tty_debug_hangup() Add tty_debug_hangup() macro which uses tty_debug to print the debug message; remove inlined #ifdefs. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e2dfa3d3 |
|
12-Jul-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: core: Add tty_debug() for printk(KERN_DEBUG) messages Introduce tty_debug() macro to output uniform debug information for tty core debug messages (function name and tty name). Note: printk(KERN_DEBUG) is retained here over pr_debug() since messages can be enabled in non-DEBUG builds. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
3a6b02dc |
|
12-Jul-2015 |
Peter Hurley <peter@hurleysoftware.com> |
tty: core: Improve debug message content Output the function name, tty name, and invariant failure (if applicable). Add the tty count to the tty_open() message. Fix the disassociate_ctty() message, which printed the NULL pointer and the wrong message. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6719693c |
|
12-Jul-2015 |
Patrick Donnelly <batrick@batbytes.com> |
tty: add missing rcu_read_lock for task_pgrp task_pgrp requires an rcu or tasklist lock to be obtained if the returned pid is to be dereferenced, which kill_pgrp does. Obtain an RCU lock for the duration of use. Signed-off-by: Patrick Donnelly <batrick@batbytes.com> Reviewed-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
429b4749 |
|
31-Mar-2015 |
Rasmus Villemoes <linux@rasmusvillemoes.dk> |
tty: remove buf parameter from tty_name() tty_name no longer uses the buf parameter, so remove it along with all the 64 byte stack buffers that used to be passed in. Mostly generated by the coccinelle script @depends on patch@ identifier buf; constant C; expression tty; @@ - char buf[C]; <+... - tty_name(tty, buf) + tty_name(tty) ...+> allmodconfig compiles, so I'm fairly confident the stack buffers weren't used for other purposes as well. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Reviewed-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Jesper Nilsson <jesper.nilsson@axis.com> Acked-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
917162c9 |
|
31-Mar-2015 |
Rasmus Villemoes <linux@rasmusvillemoes.dk> |
tty: return tty->name directly from tty_name All users of tty_name pass the return value (the provided buffer) to some printf-like function. We can thus avoid the strcpy and, more importantly, later remove the buf parameter completely, eliminating the need for some 64 byte stack buffers. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Reviewed-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
1d6b9877 |
|
31-Mar-2015 |
Rasmus Villemoes <linux@rasmusvillemoes.dk> |
tty: constify return type of tty_name All users of tty_name pass the result directly to a printf-like function. This means we can actually let tty_name return the literal "NULL tty" or tty->name directly, avoiding the strcpy and a lot of medium-sized stack buffers. In preparation for that, make the return type const char*. While at it, we can also constify the tty parameter. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Reviewed-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fbf47635 |
|
26-Mar-2015 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
tty: clean up the tty time logic a bit We only care if anything other than the lower 3 bits of the tty has changed, so just check that way, which makes it a bit faster, and more obvious what is going on. Also, document this for future developers to understand why we did this. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
|
#
1083a7be |
|
05-Feb-2015 |
Takashi Iwai <tiwai@suse.de> |
tty: Use static attribute groups for sysfs entries Instead of manual calls of device_create_file() and device_remove_file(), pass the static attribute groups using device_create_with_groups(). Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f0bf0bd0 |
|
27-Feb-2015 |
Jiri Slaby <jirislaby@kernel.org> |
tty: fix up atime/mtime mess, take four This problem was taken care of three times already in * b0de59b5733d18b0d1974a060860a8b5c1b36a2e (TTY: do not update atime/mtime on read/write), * 37b7f3c76595e23257f61bd80b223de8658617ee (TTY: fix atime/mtime regression), and * b0b885657b6c8ef63a46bc9299b2a7715d19acde (tty: fix up atime/mtime mess, take three) But it still misses one point. As John Paul correctly points out, we do not care about setting date. If somebody ever changes wall time backwards (by mistake for example), tty timestamps are never updated until the original wall time passes. So check the absolute difference of times and if it large than "8 seconds or so", always update the time. That means we will update immediatelly when changing time. Ergo, CAP_SYS_TIME can foul the check, but it was always that way. Thanks John for serving me this so nicely debugged. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Reported-by: John Paul Perry <john_paul.perry@alcatel-lucent.com> Cc: <stable@vger.kernel.org> # all, as b0b885657 was backported Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
86f2c00f |
|
30-Dec-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Prevent hw state corruption in exclusive mode reopen Exclusive mode ttys (TTY_EXCLUSIVE) do not allow further reopens; fail the condition before associating the file pointer and calling the driver open() method. Prevents DTR programming when the tty is already in exclusive mode. Reported-by: Shreyas Bethur <shreyas.bethur@ni.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Shreyas Bethur <shreyas.bethur@ni.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a211b1af |
|
21-Nov-2014 |
Markus Elfring <elfring@users.sourceforge.net> |
tty: Deletion of unnecessary checks before two function calls The functions put_device() and tty_kref_put() test whether their argument is NULL and then return immediately. Thus the test around the call is not needed. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
8a8ae62f |
|
06-Nov-2014 |
Jiri Slaby <jirislaby@kernel.org> |
tty: warn on deprecated serial flags When somebody calls TIOCSSERIAL ioctl with serial flags to set one of * ASYNC_SESSION_LOCKOUT * ASYNC_PGRP_LOCKOUT * ASYNC_CALLOUT_NOHUP * ASYNC_AUTOPROBE nothing happens. We actually ignore the flags for over a decade at least (I checked 2.6.0). So start yelling at users who use those flags, that they shouldn't. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Peter Hurley <peter@hurleysoftware.com> Cc: Alan Cox <gnomes@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c961bfb1 |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Call methods in modern style The use of older function ptr calling style, (*fn)(), makes static analysis more error-prone; replace with modern fn() style. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
1256937f |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Replace open-coded test with tty_hung_up_p() tty_hung_up_p() is equivalent to the open-coded test in tty_open(). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
86c80a8e |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Flush ldisc buffer atomically with tty flip buffers tty_ldisc_flush() first clears the line discipline input buffer, then clears the tty flip buffers. However, this allows for existing data in the tty flip buffers to be added after the ldisc input buffer has been cleared, but before the flip buffers have been cleared. Add an optional ldisc parameter to tty_buffer_flush() to allow tty_ldisc_flush() to pass the ldisc to clear. NB: Initially, the plan was to do this automatically in tty_buffer_flush(). However, an audit of the behavior of existing line disciplines showed that performing a ldisc buffer flush on ioctl(TCFLSH) was not always the outcome. For example, some line disciplines have flush_buffer() methods but not ioctl() methods, so a ->flush_buffer() command would be unexpected. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
2aff5e2b |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Change tty lock order to master->slave When releasing the master pty, the slave pty also needs to be locked to prevent concurrent tty count changes for the slave pty and to ensure that only one parallel master and slave release observe the final close, and proceed to destruct the pty pair. Conversely, when releasing the slave pty, locking the master pty is not necessary (since the master's state can be inferred by the slave tty count). Introduce tty_lock_slave()/tty_unlock_slave() which acquires/releases the tty lock of the slave pty. Remove tty_lock_pair()/tty_unlock_pair(). Dropping the tty_lock is no longer required to re-establish a stable lock order. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
7ffb6da9 |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Simplify tty_release() state checks The local o_tty variable in tty_release() is now accessed only when closing the pty master. Set o_tty to slave pty when closing pty master, otherwise NULL; use o_tty != NULL as replacement for pty_master. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
359b9fb5 |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Simplify tty_release_checks() interface Passing the 'other' tty to tty_release_checks() only makes sense for a pty pair; make o_tty scope local instead. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
62462aef |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Simplify tty_ldisc_release() interface Passing the 'other' tty to tty_ldisc_release() only makes sense for a pty pair; make o_tty function local instead. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
949aa64f |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fold pty pair handling into tty_flush_works() Perform work flush for both ends of a pty pair within tty_flush_works(), rather than calling twice. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
324c1650 |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Simplify pty pair teardown logic When the slave side closes and its tty count is 0, the pty pair can be destroyed; the master side must have already closed for the slave side tty count to be 0. Thus, only the pty master close must check if the slave side has closed by checking the slave tty count. Remove the pre-computed closing flags and check the actual count(s). Regular ttys are unaffected by this change. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
deb287e7 |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Document check_tty_count() requires tty_lock held Holding the tty_lock() is necessary to prevent concurrent changes to the tty count that may cause it to differ from the open file list count. The tty_lock() is already held at all call sites. NB: Note that the check for the pty master tty count is safe because the slave's tty_lock() is held while decrementing the pty master tty count. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d5e370a4 |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Don't release tty locks for wait queue sanity check Releasing the tty locks while waiting for the tty wait queues to be empty is no longer necessary nor desirable. Prior to "tty: Don't take tty_mutex for tty count changes", dropping the tty locks was necessary to reestablish the correct lock order between tty_mutex and the tty locks. Dropping the global tty_mutex was necessary; otherwise new ttys could not have been opened while waiting. However, without needing the global tty_mutex held, the tty locks for the releasing tty can now be held through the sleep. The sanity check is for abnormal conditions caused by kernel bugs, not for recoverable errors caused by misbehaving userspace; dropping the tty locks only allows the tty state to get more sideways. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0911261d |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Don't take tty_mutex for tty count changes Holding tty_mutex is no longer required to serialize changes to the tty_count or to prevent concurrent opens of closing ttys; tty_lock() is sufficient. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
04980706 |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Remove TTY_CLOSING Now that re-open is not permitted for a legacy BSD pty master, using TTY_CLOSING to indicate when a tty can be torn-down is no longer necessary. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
aa3cb814 |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Drop tty_mutex before tty reopen Holding tty_mutex for a tty re-open is no longer necessary since "tty: Clarify re-open behavior of master ptys". Because the slave tty count is no longer accessed by tty_reopen(), holding tty_mutex to prevent concurrent final tty_release() of the slave pty is not required. As with "tty: Re-open /dev/tty without tty_mutex", holding a tty kref until the tty_lock is acquired is sufficient to ensure the tty has not been freed, which, in turn, is sufficient to ensure the tty_lock can be safely acquired and the tty count can be safely retrieved. A non-zero tty count with the tty lock held guarantees that release_tty() has not run and cannot run concurrently with tty_reopen(). Change tty_driver_lookup_tty() to acquire the tty kref, which allows the tty_mutex to be dropped before acquiring the tty lock. Dropping the tty_mutex before attempting the tty_lock allows other ttys to be opened and released, without needing this tty_reopen() to complete. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
52494eeb |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Re-open /dev/tty without tty_mutex Opening /dev/tty (ie., the controlling tty for the current task) is always a re-open of the underlying tty. Because holding the tty_lock is sufficient for safely re-opening a tty, and because having a tty kref is sufficient for safely acquiring the tty_lock [1], tty_open_current_tty() does not require holding tty_mutex. Repurpose tty_open_current_tty() to perform the re-open itself and refactor tty_open(). [1] Analysis of safely re-opening the current tty w/o tty_mutex get_current_tty() gets a tty kref from the already kref'ed tty value of current->signal->tty while holding the sighand lock for the current task. This guarantees that the tty pointer returned from get_current_tty() points to a tty which remains referenceable while holding the kref. Although release_tty() may run concurrently, and thus the driver reference may be removed, release_one_tty() cannot have run, and won't while holding the tty kref. This, in turn, guarantees the tty_lock() can safely be acquired (since tty->magic and tty->legacy_mutex are still a valid dereferences). The tty_lock() also gets a tty kref to prevent the tty_unlock() from dereferencing a released tty. Thus, the kref returned from get_current_tty() can be released. Lastly, the first operation of tty_reopen() is to check the tty count. If non-zero, this ensures release_tty() is not running concurrently, and the driver references have not been removed. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
216030ec |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Check tty->count instead of TTY_CLOSING in tty_reopen() Although perhaps not obvious, the TTY_CLOSING bit is set when the tty count has been decremented to 0 (which occurs while holding tty_lock). The only other case when tty count is 0 during a re-open is when a legacy BSD pty master has been opened in parallel but after the pty slave, which is unsupported and returns an error. Thus !tty->count contains the complete set of degenerate conditions under which a tty open fails. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5d93e748 |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Clarify re-open behavior of master ptys Re-opening master ptys is not allowed. Once opened and for the remaining lifetime of the master pty, its tty count is 1. If its tty count has dropped to 0, then the master pty was closed and TTY_CLOSING was set, and destruction may begin imminently. Besides the normal case of a legacy BSD pty master being re-opened (which always returns -EIO), this code is only reachable in 2 degenerate cases: 1. The pty master is the controlling terminal (this is possible through the TIOCSCTTY ioctl). pty masters are not designed to be controlling terminals and it's an oversight that tiocsctty() ever let that happen. The attempted open of /dev/tty will always fail. No known program does this. 2. The legacy BSD pty slave was opened first. The slave open will fail in pty_open() and tty_release() will commence. But before tty_release() claims the tty_mutex, there is a very small window where a parallel master open might succeed. In a test of racing legacy BSD slave and master parallel opens, where: slave open attempts: 10000 success:4527 failure:5473 master open attempts: 11728 success:5789 failure:5939 only 8 master open attempts would have succeeded reaching this code and successfully opened the master pty. This case is not possible with SysV ptys. Always return -EIO if a master pty is re-opened or the slave is opened first and the master opened in parallel (for legacy BSD ptys). Furthermore, now that changing the slave's count is not required, the tty_lock is sufficient for preventing concurrent changes to the tty being re-opened (or failing re-opening). Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
3ff51a19 |
|
04-Nov-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Remove TTY_HUPPING Now that tty_ldisc_hangup() does not drop the tty lock, it is no longer possible to observe TTY_HUPPING while holding the tty lock on another cpu. Remove TTY_HUPPING bit definition. Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a361858d |
|
16-Oct-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Update code comment in __proc_set_tty() The session and foreground process group pid references will be non-NULL if tiocsctty() is stealing the controlling tty from another session (ie., arg == 1 in tiocsctty()). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e218eb32 |
|
16-Oct-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Serialize proc_set_tty() with tty_lock Setting the controlling terminal for a session occurs with either the first open of a non-pty master tty or with ioctl(TIOCSCTTY). Since only the session leader can set the controlling terminal for a session (and the session leader cannot change), it is not necessary to prevent a process from attempting to set different ttys as the controlling terminal concurrently. So it's only necessary to prevent the same tty from becoming the controlling terminal for different session leaders. The tty_lock() is sufficient to prevent concurrent proc_set_tty() for the same tty. Remove the tty_mutex lock region; add tty_lock() to tiocsctty(). While this may appear to allow a race condition between opening the controlling tty via tty_open_current_tty() and stealing the controlling tty via ioctl(TIOCSCTTY, 1), that race condition already existed. Even if the tty_mutex prevented stealing the controlling tty while tty_open_current_tty() returned the original controlling tty, it cannot prevent stealing the controlling tty before tty_open() returns. Thus, tty_open() could already return a no-longer-controlling tty when opening /dev/tty. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e1c2296c |
|
16-Oct-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Move session_of_pgrp() and make static tiocspgrp() is the lone caller of session_of_pgrp(); relocate and limit to file scope. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
2c411c11 |
|
16-Oct-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix multiple races when setting the controlling terminal Claim a read lock on the tasklist_lock while setting the controlling terminal for the session leader. This fixes multiple races: 1. task_pgrp() and task_session() cannot be safely dereferenced, such as passing to get_pid(), without holding either rcu_read_lock() or tasklist_lock 2. setsid() unwisely allows any thread in the thread group to make the thread group leader the session leader; this makes the unlocked reads of ->signal->leader and signal->tty potentially unordered, stale or even have spurious values. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ae28fa72 |
|
16-Oct-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Remove !tty condition from __proc_set_tty() The tty parameter to __proc_set_tty() cannot be NULL; all call sites have already dereferenced tty. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5b239542 |
|
16-Oct-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Replace open-coded tty_get_pgrp() Replace open-coded instances of tty_get_pgrp(). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
bce65f18 |
|
16-Oct-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Remove tsk parameter from proc_set_tty() Only the current task itself can set its controlling tty (other than before the task has been forked). Equivalent to existing usage. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
11d9befd |
|
16-Oct-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Reorder proc_set_tty() and related fns Move the controlling tty-related functions and remove forward declarations for __proc_set_tty() and proc_set_tty(). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
8f166e00 |
|
16-Oct-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Remove tty_pair_get_tty()/tty_pair_get_pty() api tty_pair_get_pty() has no in-tree users and tty_pair_get_tty() has only one file-local user. Remove the external declarations, the export declarations, and declare tty_pair_get_tty() static. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Reviewed-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
369e2b84 |
|
16-Oct-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Remove sparse lock annotations from tty_write_lock()/_unlock() sparse lock annotations cannot represent conditional acquire, such as mutex_lock_interruptible() or mutex_trylock(), and produce sparse warnings at _every_ correct call site. Remove lock annotations from tty_write_lock() and tty_write_unlock(). Fixes sparse warnings: drivers/tty/tty_io.c:1083:13: warning: context imbalance in 'tty_write_unlock' - wrong count at exit drivers/tty/tty_io.c:1090:12: warning: context imbalance in 'tty_write_lock' - wrong count at exit drivers/tty/tty_io.c:1211:17: warning: context imbalance in 'tty_write_message' - unexpected unlock drivers/tty/tty_io.c:1233:16: warning: context imbalance in 'tty_write' - different lock contexts for basic block drivers/tty/tty_io.c:1285:5: warning: context imbalance in 'tty_send_xchar' - different lock contexts for basic block drivers/tty/tty_io.c:2653:12: warning: context imbalance in 'send_break' - different lock contexts for basic block Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
494c1eac |
|
16-Oct-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Prevent "read/write wait queue active!" log flooding Only print one warning when a task is on the read_wait or write_wait wait queue at final tty release. Cc: <stable@vger.kernel.org> # 3.4.x+ Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
37b16457 |
|
16-Oct-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix high cpu load if tty is unreleaseable Kernel oops can cause the tty to be unreleaseable (for example, if n_tty_read() crashes while on the read_wait queue). This will cause tty_release() to endlessly loop without sleeping. Use a killable sleep timeout which grows by 2n+1 jiffies over the interval [0, 120 secs.) and then jumps to forever (but still killable). NB: killable just allows for the task to be rewoken manually, not to be terminated. Cc: <stable@vger.kernel.org> # since before 2.6.32 Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
136d5258 |
|
10-Sep-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Move and rename send_prio_char() as tty_send_xchar() Relocate the file-scope function, send_prio_char(), as a global helper tty_send_xchar(). Remove the global declarations for tty_write_lock()/tty_write_unlock(), as these are file-scope only now. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
01adc807 |
|
10-Sep-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Move packet mode flow control notifications to pty driver When a master pty is set to packet mode, flow control changes to the slave pty cause notifications to the master pty via reads and polls. However, these tests are occurring for all ttys, not just ptys. Implement flow control packet mode notifications in the pty driver. Only the slave side implements the flow control handlers since packet mode is asymmetric; the master pty receives notifications for slave-side changes, but not vice versa. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f9e053dc |
|
10-Sep-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Serialize tty flow control changes with flow_lock Without serialization, the flow control state can become inverted wrt. the actual hardware state. For example, CPU 0 | CPU 1 stop_tty() | lock ctrl_lock | tty->stopped = 1 | unlock ctrl_lock | | start_tty() | lock ctrl_lock | tty->stopped = 0 | unlock ctrl_lock | driver->start() driver->stop() | In this case, the flow control state now indicates the tty has been started, but the actual hardware state has actually been stopped. Introduce tty->flow_lock spinlock to serialize tty flow control changes. Split out unlocked __start_tty()/__stop_tty() flavors for use by ioctl(TCXONC) in follow-on patch. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e0b93edd |
|
22-Aug-2014 |
Jeff Layton <jlayton@kernel.org> |
security: make security_file_set_fowner, f_setown and __f_setown void return security_file_set_fowner always returns 0, so make it f_setown and __f_setown void return functions and fix up the error handling in the callers. Cc: linux-security-module@vger.kernel.org Signed-off-by: Jeff Layton <jlayton@primarydata.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
|
#
b216df53 |
|
07-Aug-2014 |
Cyrill Gorcunov <gorcunov@gmail.com> |
tty: Fix potential use after free in release_one_tty In case if we're releasing the last tty reference the following call sequence is possible tty_driver_kref_put destruct_tty_driver kfree(driver); where @driver is used in next module_put call, which leads to | [ 285.964007] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 | [ 285.964007] Workqueue: events release_one_tty | [ 285.964007] task: ffff8800cc7ea5f0 ti: ffff8800cb800000 task.ti: ffff8800cb800000 | [ 285.964007] RIP: 0010:[<ffffffff810aeaf5>] [<ffffffff810aeaf5>] module_put+0x24/0xf4 | [ 285.964007] RSP: 0018:ffff8800cb801d48 EFLAGS: 00010213 | [ 285.964007] RAX: ffff8800cb801fd8 RBX: ffff8800ca3429d0 RCX: ffff8800cb1db400 | [ 285.964007] RDX: 0000000000000000 RSI: ffffffff817349c1 RDI: 0000000000000001 | [ 285.964007] RBP: ffff8800cb801d60 R08: ffff8800cd632b40 R09: 0000000000000000 | [ 285.964007] R10: 00000000ffffffff R11: ffff88011f40a000 R12: 6b6b6b6b6b6b6b6b | [ 285.964007] R13: ffff8800ca342520 R14: 0000000000000000 R15: ffff88011f5d8200 | [ 285.964007] FS: 0000000000000000(0000) GS:ffff88011f400000(0000) knlGS:0000000000000000 | [ 285.964007] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b | [ 285.964007] CR2: 00007faf5229d090 CR3: 0000000001c0b000 CR4: 00000000000006f0 | [ 285.964007] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 | [ 285.964007] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 | [ 285.964007] Stack: | [ 285.964007] ffff8800ca3429d0 ffff8800ca342a30 ffff8800ca342520 ffff8800cb801d88 | [ 285.964007] ffffffff8146554a ffff8800cc77cc78 ffff8800ca3429d0 ffff88011f5d3800 | [ 285.964007] ffff8800cb801e08 ffffffff810683c1 ffffffff810682ff 0000000000000046 | [ 285.964007] Call Trace: | [ 285.964007] [<ffffffff8146554a>] release_one_tty+0x54/0xa3 | [ 285.964007] [<ffffffff810683c1>] process_one_work+0x223/0x404 | [ 285.964007] [<ffffffff810682ff>] ? process_one_work+0x161/0x404 | [ 285.964007] [<ffffffff81068971>] worker_thread+0x136/0x205 | [ 285.964007] [<ffffffff8106883b>] ? rescuer_thread+0x26a/0x26a | [ 285.964007] [<ffffffff8106e5bf>] kthread+0xa2/0xaa | [ 285.964007] [<ffffffff810a4586>] ? trace_hardirqs_on_caller+0x16/0x1eb | [ 285.964007] [<ffffffff8106e51d>] ? __kthread_parkme+0x65/0x65 | [ 285.964007] [<ffffffff8173f59c>] ret_from_fork+0x7c/0xb0 | [ 285.964007] [<ffffffff8106e51d>] ? __kthread_parkme+0x65/0x65 | [ 285.964007] Code: 09 00 5b 41 5c 5d c3 0f 1f 44 00 00 55 48 85 ff 48 89 e5 41 55 41 54 49 89 fc 53 0f 84 d3 00 | 00 00 bf 01 00 00 00 e8 d0 a1 fc ff <49> 8b 84 24 50 02 00 00 65 48 ff 40 08 4c 8b 6d 08 0f 1f 44 00 so simply keep a local reference to the module owner and use it later. CC: Pavel Emelyanov <xemul@parallels.com> CC: Jiri Slaby <jslaby@suse.cz> CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
2c964a2f |
|
10-Jul-2014 |
Rasmus Villemoes <linux@rasmusvillemoes.dk> |
drivers: tty: Merge alloc_tty_struct and initialize_tty_struct The two functions alloc_tty_struct and initialize_tty_struct are always called together. Merge them into alloc_tty_struct, updating its prototype and the only two callers of these functions. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
7c6d340f |
|
16-Jun-2014 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Call hangup method in modern style Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c70dbb1e |
|
14-Apr-2014 |
Chen Tingjie <tingjie.chen@intel.com> |
tty: fix memleak in alloc_pid There is memleak in alloc_pid: ------------------------------ unreferenced object 0xd3453a80 (size 64): comm "adbd", pid 1730, jiffies 66363 (age 6586.950s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 40 c2 f6 d5 00 d3 25 c1 59 28 00 00 ....@.....%.Y(.. backtrace: [<c1a6f15c>] kmemleak_alloc+0x3c/0xa0 [<c1320546>] kmem_cache_alloc+0xc6/0x190 [<c125d51e>] alloc_pid+0x1e/0x400 [<c123d344>] copy_process.part.39+0xad4/0x1120 [<c123da59>] do_fork+0x99/0x330 [<c123dd58>] sys_fork+0x28/0x30 [<c1a89a08>] syscall_call+0x7/0xb [<ffffffff>] 0xffffffff the leak is due to unreleased pid->count, which execute in function: get_pid()(pid->count++) and put_pid()(pid->count--). The race condition as following: task[dumpsys] task[adbd] in disassociate_ctty() in tty_signal_session_leader() ----------------------- ------------------------- tty = get_current_tty(); // tty is not NULL ... spin_lock_irq(¤t->sighand->siglock); put_pid(current->signal->tty_old_pgrp); current->signal->tty_old_pgrp = NULL; spin_unlock_irq(¤t->sighand->siglock); spin_lock_irq(&p->sighand->siglock); ... p->signal->tty = NULL; ... spin_unlock_irq(&p->sighand->siglock); tty = get_current_tty(); // tty NULL, goto else branch by accident. if (tty) { ... put_pid(tty_session); put_pid(tty_pgrp); ... } else { print msg } in task[dumpsys], in disassociate_ctty(), tty is set NULL by task[adbd], tty_signal_session_leader(), then it goto else branch and lack of put_pid(), cause memleak. move spin_unlock(sighand->siglock) after get_current_tty() can avoid the race and fix the memleak. Signed-off-by: Zhang Jun <jun.zhang@intel.com> Signed-off-by: Chen Tingjie <tingjie.chen@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
723abd87 |
|
26-Feb-2014 |
Hannes Reinecke <hare@suse.de> |
tty: Set correct tty name in 'active' sysfs attribute The 'active' sysfs attribute should refer to the currently active tty devices the console is running on, not the currently active console. The console structure doesn't refer to any device in sysfs, only the tty the console is running on has. So we need to print out the tty names in 'active', not the console names. There is one special-case, which is tty0. If the console is directed to it, we want 'tty0' to show up in the file, so user-space knows that the messages get forwarded to the active VT. The ->device() callback would resolve tty0, though. Hence, treat it special and don't call into the VT layer to resolve it (plymouth is known to depend on it). Cc: Lennart Poettering <lennart@poettering.net> Cc: Kay Sievers <kay@vrfy.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Jiri Slaby <jslaby@suse.cz> Cc: stable <stable@vger.kernel.org> Signed-off-by: Werner Fink <werner@suse.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: David Herrmann <dh.herrmann@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5c0a2450 |
|
22-Feb-2014 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
Revert "tty: Set correct tty name in 'active' sysfs attribute" This reverts commit d8a5dc3033af2fd6d16030d2ee4fbd073460fe54. This breaks plymouth installs, either because plymouth is using the file "incorrectly" or because the patch is incorrect. Either way, this needs to be reverted until it is all figured out. Reported-by: Josh Boyer <jwboyer@fedoraproject.org> Reported-by: Ray Strode <halfline@gmail.com> Cc: Lennart Poettering <lennart@poettering.net> Cc: Kay Sievers <kay@vrfy.org> Cc: Jiri Slaby <jslaby@suse.cz> Cc: David Herrmann <dh.herrmann@gmail.com> Cc: Werner Fink <werner@suse.de> Cc: Hannes Reinecke <hare@suse.de> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d8a5dc30 |
|
07-Feb-2014 |
Hannes Reinecke <hare@suse.de> |
tty: Set correct tty name in 'active' sysfs attribute The 'active' sysfs attribute should refer to the currently active tty devices the console is running on, not the currently active console. The console structure doesn't refer to any device in sysfs, only the tty the console is running on has. So we need to print out the tty names in 'active', not the console names. This resolves an issue on s390 platforms in determining the correct console device to use. Cc: Lennart Poettering <lennart@poettering.net> Cc: Kay Sievers <kay@vrfy.org> Cc: Jiri Slaby <jslaby@suse.cz> Cc: David Herrmann <dh.herrmann@gmail.com> Signed-off-by: Werner Fink <werner@suse.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d4855e1f |
|
19-Nov-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Reset hupped state on open A common security idiom is to hangup the current tty (via vhangup()) after forking but before execing a root shell. This hangs up any existing opens which other processes may have and ensures subsequent opens have the necessary permissions to open the root shell tty/pty. Reset the TTY_HUPPED state after the driver has successfully returned the opened tty (perform the reset while the tty is locked to avoid racing with concurrent hangups). Reported-by: Heorhi Valakhanovich <valahanovich@tut.by> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Cc: stable <stable@vger.kernel.org> # 3.12 Tested-by: Heorhi Valakhanovich <valahanovich@tut.by> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
03e12617 |
|
15-Sep-2013 |
Oleg Nesterov <oleg@redhat.com> |
tty: disassociate_ctty() sends the extra SIGCONT Starting from v3.10 (probably commit f91e2590410b: "tty: Signal foreground group processes in hangup") disassociate_ctty() sends SIGCONT if tty && on_exit. This breaks LSB test-suite, in particular test8 in _exit.c and test40 in sigcon5.c. Put the "!on_exit" check back to restore the old behaviour. Review by Peter Hurley: "Yes, this regression was introduced by me in that commit. The effect of the regression is that ptys will receive a SIGCONT when, in similar circumstances, ttys would not. The fact that two test vectors accidentally tripped over this regression suggests that some other apps may as well. Thanks for catching this" Cc: stable@vger.kernel.org # v3.10+ Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reported-by: Karel Srot <ksrot@redhat.com> Reviewed-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
cb50e523 |
|
31-Jul-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Only hangup once Instrumented testing shows a tty can be hungup multiple times [1]. Although concurrent hangups are properly serialized, multiple hangups for the same tty should be prevented. If tty has already been HUPPED, abort hangup. Note it is not necessary to cleanup file *redirect on subsequent hangups, as only TIOCCONS can set that value and ioctls are disabled after hangup. [1] Test performed by simulating a concurrent async hangup via tty_hangup() with a sync hangup via tty_vhangup(), while __tty_hangup() was instrumented with: diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c index 26bb78c..fe8b061 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c @@ -629,6 +629,8 @@ static void __tty_hangup(struct tty_struct *tty, int exit_session) tty_lock(tty); + WARN_ON(test_bit(TTY_HUPPED, &tty->flags)); + /* some functions below drop BTM, so we need this bit */ set_bit(TTY_HUPPING, &tty->flags); Test result: WARNING: at /home/peter/src/kernels/mainline/drivers/tty/tty_io.c:632 __tty_hangup+0x459/0x460() Modules linked in: ip6table_filter ip6_tables ebtable_nat <...snip...> CPU: 6 PID: 1197 Comm: kworker/6:2 Not tainted 3.10.0-0+rfcomm-xeon #0+rfcomm Hardware name: Dell Inc. Precision WorkStation T5400 /0RW203, BIOS A11 04/30/2012 Workqueue: events do_tty_hangup 0000000000000009 ffff8802b16d7d18 ffffffff816b553e ffff8802b16d7d58 ffffffff810407e0 ffff880254f95c00 ffff880254f95c00 ffff8802bfd92b00 ffff8802bfd96b00 ffff880254f95e40 0000000000000180 ffff8802b16d7d68 Call Trace: [<ffffffff816b553e>] dump_stack+0x19/0x1b [<ffffffff810407e0>] warn_slowpath_common+0x70/0xa0 [<ffffffff8104082a>] warn_slowpath_null+0x1a/0x20 [<ffffffff813fb279>] __tty_hangup+0x459/0x460 [<ffffffff8107409c>] ? finish_task_switch+0xbc/0xe0 [<ffffffff813fb297>] do_tty_hangup+0x17/0x20 [<ffffffff8105fd6f>] process_one_work+0x16f/0x450 [<ffffffff8106007c>] process_scheduled_works+0x2c/0x40 [<ffffffff8106060a>] worker_thread+0x26a/0x380 [<ffffffff810603a0>] ? rescuer_thread+0x310/0x310 [<ffffffff810698a0>] kthread+0xc0/0xd0 [<ffffffff816b0000>] ? destroy_compound_page+0x65/0x92 [<ffffffff810697e0>] ? kthread_create_on_node+0x130/0x130 [<ffffffff816c495c>] ret_from_fork+0x7c/0xb0 [<ffffffff810697e0>] ? kthread_create_on_node+0x130/0x130 ---[ end trace 98d9f01536cf411e ]--- Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
dee4a0be |
|
24-Jul-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix lock order in tty_do_resize() Commits 6a1c0680cf3ba94356ecd58833e1540c93472a57 and 9356b535fcb71db494fc434acceb79f56d15bda2, respectively 'tty: Convert termios_mutex to termios_rwsem' and 'n_tty: Access termios values safely' introduced a circular lock dependency with console_lock and termios_rwsem. The lockdep report [1] shows that n_tty_write() will attempt to claim console_lock while holding the termios_rwsem, whereas tty_do_resize() may already hold the console_lock while claiming the termios_rwsem. Since n_tty_write() and tty_do_resize() do not contend over the same data -- the tty->winsize structure -- correct the lock dependency by introducing a new lock which specifically serializes access to tty->winsize only. [1] Lockdep report ====================================================== [ INFO: possible circular locking dependency detected ] 3.10.0-0+tip-xeon+lockdep #0+tip Not tainted ------------------------------------------------------- modprobe/277 is trying to acquire lock: (&tty->termios_rwsem){++++..}, at: [<ffffffff81452656>] tty_do_resize+0x36/0xe0 but task is already holding lock: ((fb_notifier_list).rwsem){.+.+.+}, at: [<ffffffff8107aac6>] __blocking_notifier_call_chain+0x56/0xc0 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 ((fb_notifier_list).rwsem){.+.+.+}: [<ffffffff810b6d62>] lock_acquire+0x92/0x1f0 [<ffffffff8175b797>] down_read+0x47/0x5c [<ffffffff8107aac6>] __blocking_notifier_call_chain+0x56/0xc0 [<ffffffff8107ab46>] blocking_notifier_call_chain+0x16/0x20 [<ffffffff813d7c0b>] fb_notifier_call_chain+0x1b/0x20 [<ffffffff813d95b2>] register_framebuffer+0x1e2/0x320 [<ffffffffa01043e1>] drm_fb_helper_initial_config+0x371/0x540 [drm_kms_helper] [<ffffffffa01bcb05>] nouveau_fbcon_init+0x105/0x140 [nouveau] [<ffffffffa01ad0af>] nouveau_drm_load+0x43f/0x610 [nouveau] [<ffffffffa008a79e>] drm_get_pci_dev+0x17e/0x2a0 [drm] [<ffffffffa01ad4da>] nouveau_drm_probe+0x25a/0x2a0 [nouveau] [<ffffffff813b13db>] local_pci_probe+0x4b/0x80 [<ffffffff813b1701>] pci_device_probe+0x111/0x120 [<ffffffff814977eb>] driver_probe_device+0x8b/0x3a0 [<ffffffff81497bab>] __driver_attach+0xab/0xb0 [<ffffffff814956ad>] bus_for_each_dev+0x5d/0xa0 [<ffffffff814971fe>] driver_attach+0x1e/0x20 [<ffffffff81496cc1>] bus_add_driver+0x111/0x290 [<ffffffff814982b7>] driver_register+0x77/0x170 [<ffffffff813b0454>] __pci_register_driver+0x64/0x70 [<ffffffffa008a9da>] drm_pci_init+0x11a/0x130 [drm] [<ffffffffa022a04d>] nouveau_drm_init+0x4d/0x1000 [nouveau] [<ffffffff810002ea>] do_one_initcall+0xea/0x1a0 [<ffffffff810c54cb>] load_module+0x123b/0x1bf0 [<ffffffff810c5f57>] SyS_init_module+0xd7/0x120 [<ffffffff817677c2>] system_call_fastpath+0x16/0x1b -> #1 (console_lock){+.+.+.}: [<ffffffff810b6d62>] lock_acquire+0x92/0x1f0 [<ffffffff810430a7>] console_lock+0x77/0x80 [<ffffffff8146b2a1>] con_flush_chars+0x31/0x50 [<ffffffff8145780c>] n_tty_write+0x1ec/0x4d0 [<ffffffff814541b9>] tty_write+0x159/0x2e0 [<ffffffff814543f5>] redirected_tty_write+0xb5/0xc0 [<ffffffff811ab9d5>] vfs_write+0xc5/0x1f0 [<ffffffff811abec5>] SyS_write+0x55/0xa0 [<ffffffff817677c2>] system_call_fastpath+0x16/0x1b -> #0 (&tty->termios_rwsem){++++..}: [<ffffffff810b65c3>] __lock_acquire+0x1c43/0x1d30 [<ffffffff810b6d62>] lock_acquire+0x92/0x1f0 [<ffffffff8175b724>] down_write+0x44/0x70 [<ffffffff81452656>] tty_do_resize+0x36/0xe0 [<ffffffff8146c841>] vc_do_resize+0x3e1/0x4c0 [<ffffffff8146c99f>] vc_resize+0x1f/0x30 [<ffffffff813e4535>] fbcon_init+0x385/0x5a0 [<ffffffff8146a4bc>] visual_init+0xbc/0x120 [<ffffffff8146cd13>] do_bind_con_driver+0x163/0x320 [<ffffffff8146cfa1>] do_take_over_console+0x61/0x70 [<ffffffff813e2b93>] do_fbcon_takeover+0x63/0xc0 [<ffffffff813e67a5>] fbcon_event_notify+0x715/0x820 [<ffffffff81762f9d>] notifier_call_chain+0x5d/0x110 [<ffffffff8107aadc>] __blocking_notifier_call_chain+0x6c/0xc0 [<ffffffff8107ab46>] blocking_notifier_call_chain+0x16/0x20 [<ffffffff813d7c0b>] fb_notifier_call_chain+0x1b/0x20 [<ffffffff813d95b2>] register_framebuffer+0x1e2/0x320 [<ffffffffa01043e1>] drm_fb_helper_initial_config+0x371/0x540 [drm_kms_helper] [<ffffffffa01bcb05>] nouveau_fbcon_init+0x105/0x140 [nouveau] [<ffffffffa01ad0af>] nouveau_drm_load+0x43f/0x610 [nouveau] [<ffffffffa008a79e>] drm_get_pci_dev+0x17e/0x2a0 [drm] [<ffffffffa01ad4da>] nouveau_drm_probe+0x25a/0x2a0 [nouveau] [<ffffffff813b13db>] local_pci_probe+0x4b/0x80 [<ffffffff813b1701>] pci_device_probe+0x111/0x120 [<ffffffff814977eb>] driver_probe_device+0x8b/0x3a0 [<ffffffff81497bab>] __driver_attach+0xab/0xb0 [<ffffffff814956ad>] bus_for_each_dev+0x5d/0xa0 [<ffffffff814971fe>] driver_attach+0x1e/0x20 [<ffffffff81496cc1>] bus_add_driver+0x111/0x290 [<ffffffff814982b7>] driver_register+0x77/0x170 [<ffffffff813b0454>] __pci_register_driver+0x64/0x70 [<ffffffffa008a9da>] drm_pci_init+0x11a/0x130 [drm] [<ffffffffa022a04d>] nouveau_drm_init+0x4d/0x1000 [nouveau] [<ffffffff810002ea>] do_one_initcall+0xea/0x1a0 [<ffffffff810c54cb>] load_module+0x123b/0x1bf0 [<ffffffff810c5f57>] SyS_init_module+0xd7/0x120 [<ffffffff817677c2>] system_call_fastpath+0x16/0x1b other info that might help us debug this: Chain exists of: &tty->termios_rwsem --> console_lock --> (fb_notifier_list).rwsem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock((fb_notifier_list).rwsem); lock(console_lock); lock((fb_notifier_list).rwsem); lock(&tty->termios_rwsem); *** DEADLOCK *** 7 locks held by modprobe/277: #0: (&__lockdep_no_validate__){......}, at: [<ffffffff81497b5b>] __driver_attach+0x5b/0xb0 #1: (&__lockdep_no_validate__){......}, at: [<ffffffff81497b69>] __driver_attach+0x69/0xb0 #2: (drm_global_mutex){+.+.+.}, at: [<ffffffffa008a6dd>] drm_get_pci_dev+0xbd/0x2a0 [drm] #3: (registration_lock){+.+.+.}, at: [<ffffffff813d93f5>] register_framebuffer+0x25/0x320 #4: (&fb_info->lock){+.+.+.}, at: [<ffffffff813d8116>] lock_fb_info+0x26/0x60 #5: (console_lock){+.+.+.}, at: [<ffffffff813d95a4>] register_framebuffer+0x1d4/0x320 #6: ((fb_notifier_list).rwsem){.+.+.+}, at: [<ffffffff8107aac6>] __blocking_notifier_call_chain+0x56/0xc0 stack backtrace: CPU: 0 PID: 277 Comm: modprobe Not tainted 3.10.0-0+tip-xeon+lockdep #0+tip Hardware name: Dell Inc. Precision WorkStation T5400 /0RW203, BIOS A11 04/30/2012 ffffffff8213e5e0 ffff8802aa2fb298 ffffffff81755f19 ffff8802aa2fb2e8 ffffffff8174f506 ffff8802aa2fa000 ffff8802aa2fb378 ffff8802aa2ea8e8 ffff8802aa2ea910 ffff8802aa2ea8e8 0000000000000006 0000000000000007 Call Trace: [<ffffffff81755f19>] dump_stack+0x19/0x1b [<ffffffff8174f506>] print_circular_bug+0x1fb/0x20c [<ffffffff810b65c3>] __lock_acquire+0x1c43/0x1d30 [<ffffffff810b775e>] ? mark_held_locks+0xae/0x120 [<ffffffff810b78d5>] ? trace_hardirqs_on_caller+0x105/0x1d0 [<ffffffff810b6d62>] lock_acquire+0x92/0x1f0 [<ffffffff81452656>] ? tty_do_resize+0x36/0xe0 [<ffffffff8175b724>] down_write+0x44/0x70 [<ffffffff81452656>] ? tty_do_resize+0x36/0xe0 [<ffffffff81452656>] tty_do_resize+0x36/0xe0 [<ffffffff8146c841>] vc_do_resize+0x3e1/0x4c0 [<ffffffff8146c99f>] vc_resize+0x1f/0x30 [<ffffffff813e4535>] fbcon_init+0x385/0x5a0 [<ffffffff8146a4bc>] visual_init+0xbc/0x120 [<ffffffff8146cd13>] do_bind_con_driver+0x163/0x320 [<ffffffff8146cfa1>] do_take_over_console+0x61/0x70 [<ffffffff813e2b93>] do_fbcon_takeover+0x63/0xc0 [<ffffffff813e67a5>] fbcon_event_notify+0x715/0x820 [<ffffffff81762f9d>] notifier_call_chain+0x5d/0x110 [<ffffffff8107aadc>] __blocking_notifier_call_chain+0x6c/0xc0 [<ffffffff8107ab46>] blocking_notifier_call_chain+0x16/0x20 [<ffffffff813d7c0b>] fb_notifier_call_chain+0x1b/0x20 [<ffffffff813d95b2>] register_framebuffer+0x1e2/0x320 [<ffffffffa01043e1>] drm_fb_helper_initial_config+0x371/0x540 [drm_kms_helper] [<ffffffff8173cbcb>] ? kmemleak_alloc+0x5b/0xc0 [<ffffffff81198874>] ? kmem_cache_alloc_trace+0x104/0x290 [<ffffffffa01035e1>] ? drm_fb_helper_single_add_all_connectors+0x81/0xf0 [drm_kms_helper] [<ffffffffa01bcb05>] nouveau_fbcon_init+0x105/0x140 [nouveau] [<ffffffffa01ad0af>] nouveau_drm_load+0x43f/0x610 [nouveau] [<ffffffffa008a79e>] drm_get_pci_dev+0x17e/0x2a0 [drm] [<ffffffffa01ad4da>] nouveau_drm_probe+0x25a/0x2a0 [nouveau] [<ffffffff8175f162>] ? _raw_spin_unlock_irqrestore+0x42/0x80 [<ffffffff813b13db>] local_pci_probe+0x4b/0x80 [<ffffffff813b1701>] pci_device_probe+0x111/0x120 [<ffffffff814977eb>] driver_probe_device+0x8b/0x3a0 [<ffffffff81497bab>] __driver_attach+0xab/0xb0 [<ffffffff81497b00>] ? driver_probe_device+0x3a0/0x3a0 [<ffffffff814956ad>] bus_for_each_dev+0x5d/0xa0 [<ffffffff814971fe>] driver_attach+0x1e/0x20 [<ffffffff81496cc1>] bus_add_driver+0x111/0x290 [<ffffffffa022a000>] ? 0xffffffffa0229fff [<ffffffff814982b7>] driver_register+0x77/0x170 [<ffffffffa022a000>] ? 0xffffffffa0229fff [<ffffffff813b0454>] __pci_register_driver+0x64/0x70 [<ffffffffa008a9da>] drm_pci_init+0x11a/0x130 [drm] [<ffffffffa022a000>] ? 0xffffffffa0229fff [<ffffffffa022a000>] ? 0xffffffffa0229fff [<ffffffffa022a04d>] nouveau_drm_init+0x4d/0x1000 [nouveau] [<ffffffff810002ea>] do_one_initcall+0xea/0x1a0 [<ffffffff810c54cb>] load_module+0x123b/0x1bf0 [<ffffffff81399a50>] ? ddebug_proc_open+0xb0/0xb0 [<ffffffff813855ae>] ? trace_hardirqs_on_thunk+0x3a/0x3f [<ffffffff810c5f57>] SyS_init_module+0xd7/0x120 [<ffffffff817677c2>] system_call_fastpath+0x16/0x1b Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
40d5e090 |
|
15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
n_tty: Fix EOF push handling In canonical mode, an EOF which is not the first character of the line causes read() to complete and return the number of characters read so far (commonly referred to as EOF push). However, if the previous read() returned because the user buffer was full _and_ the next character is an EOF not at the beginning of the line, read() must not return 0, thus mistakenly indicating the end-of-file condition. The TTY_PUSH flag is used to indicate an EOF was received which is not at the beginning of the line. Because the EOF push condition is evaluated by a thread other than the read(), multiple EOF pushes can cause a premature end-of-file to be indicated. Instead, discover the 'EOF push as first read character' condition from the read() thread itself, and restart the i/o loop if detected. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d8c1f929 |
|
15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Only guarantee termios read safety for throttle/unthrottle No tty driver modifies termios during throttle() or unthrottle(). Therefore, only read safety is required. However, tty_throttle_safe and tty_unthrottle_safe must still be mutually exclusive; introduce throttle_mutex for that purpose. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6a1c0680 |
|
15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Convert termios_mutex to termios_rwsem termios is commonly accessed unsafely (especially by N_TTY) because the existing mutex forces exclusive access. Convert existing usage. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
36697529 |
|
15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Replace ldisc locking with ldisc_sem Line discipline locking was performed with a combination of a mutex, a status bit, a count, and a waitqueue -- basically, a rw semaphore. Replace the existing combination with an ld_semaphore. Fixes: 1) the 'reference acquire after ldisc locked' bug 2) the over-complicated halt mechanism 3) lock order wrt. tty_lock() 4) dropping locks while changing ldisc 5) previously unidentified deadlock while locking ldisc from both linked ttys concurrently 6) previously unidentified recursive deadlocks Adds much-needed lockdep diagnostics. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
137084bb |
|
15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix tty_ldisc_lock name collision The file scope spinlock identifier, tty_ldisc_lock, will collide with the file scope lock function tty_ldisc_lock() so rename it. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
64e377dc |
|
15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Reset itty for other pty Commit 19ffd68f816878aed456d5e87697f43bd9e3bd2b ('pty: Remove redundant itty reset') introduced a regression whereby the other pty's linkage is not cleared on teardown. This triggers a false positive diagnostic in testing. Properly reset the itty linkage. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Cc: stable <stable@vger.kernel.org> # 3.10 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f6c8dbe6 |
|
15-Jun-2013 |
Peter Hurley <peter@hurleysoftware.com> |
n_tty: Encapsulate minimum_to_wake within N_TTY minimum_to_wake is unique to N_TTY processing, and belongs in per-ldisc data. Add the ldisc method, ldisc_ops::fasync(), to notify line disciplines when signal-driven I/O is enabled or disabled. When enabled for N_TTY (by fcntl(F_SETFL, O_ASYNC)), blocking reader/polls will be woken for any readable input. When disabled, blocking reader/polls are not woken until the read buffer is full. Canonical mode (L_ICANON(tty), n_tty_data::icanon) is not affected by the minimum_to_wake setting. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
b0b88565 |
|
01-May-2013 |
Linus Torvalds <torvalds@linux-foundation.org> |
tty: fix up atime/mtime mess, take three We first tried to avoid updating atime/mtime entirely (commit b0de59b5733d: "TTY: do not update atime/mtime on read/write"), and then limited it to only update it occasionally (commit 37b7f3c76595: "TTY: fix atime/mtime regression"), but it turns out that this was both insufficient and overkill. It was insufficient because we let people attach to the shared ptmx node to see activity without even reading atime/mtime, and it was overkill because the "only once a minute" means that you can't really tell an idle person from an active one with 'w'. So this tries to fix the problem properly. It marks the shared ptmx node as un-notifiable, and it lowers the "only once a minute" to a few seconds instead - still long enough that you can't time individual keystrokes, but short enough that you can tell whether somebody is active or not. Reported-by: Simon Kirby <sim@hostway.ca> Acked-by: Jiri Slaby <jslaby@suse.cz> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
37b7f3c7 |
|
26-Apr-2013 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: fix atime/mtime regression In commit b0de59b5733d ("TTY: do not update atime/mtime on read/write") we removed timestamps from tty inodes to fix a security issue and waited if something breaks. Well, 'w', the utility to find out logged users and their inactivity time broke. It shows that users are inactive since the time they logged in. To revert to the old behaviour while still preventing attackers to guess the password length, we update the timestamps in one-minute intervals by this patch. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
44a459fd |
|
19-Mar-2013 |
Changlong Xie <changlongx.xie@intel.com> |
tty: tty_vhangup_session can be static Reported-by: Fengguang Wu <fengguang.wu@intel.com> Acked-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
8842dda2 |
|
11-Mar-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Don't protect atomic operation with mutex test_bit() is already atomic; drop mutex lock/unlock. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
96433d10 |
|
11-Mar-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Bracket ldisc release with TTY_DEBUG_HANGUP messages Expected typical log output: [ 2.437211] tty_open: opening pts1... [ 2.443376] tty_open: opening pts5... [ 2.447830] tty_release: ptm0 (tty count=1)... [ 2.447849] pts0 vhangup... [ 2.447865] tty_release: ptm0: final close [ 2.447876] tty_release: ptm0: freeing structure... [ 2.451634] tty_release: tty1 (tty count=1)... [ 2.451638] tty_release: tty1: final close [ 2.451654] tty_release: tty1: freeing structure... [ 2.452505] tty_release: pts5 (tty count=2)... [ 2.453029] tty_open: opening pts0... Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a2965b7b |
|
11-Mar-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Make core responsible for synchronizing its work The tty core relies on the ldisc layer for synchronizing destruction of the tty. Instead, the final tty release must wait for any pending tty work to complete prior to tty destruction. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4f98d467 |
|
11-Mar-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Complete ownership transfer of flip buffers Waiting for buffer work to complete is not required for safely performing changes to the line discipline, once the line discipline is halted. The buffer work routine, flush_to_ldisc(), will be unable to acquire an ldisc ref and all existing references were waited until released (so it can't already have one). Ensure running buffer work which may reference the soon-to-be-gone tty completes and any buffer work running after this point retrieves a NULL tty. Also, ensure all buffer work is cancelled on port destruction. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d9121566 |
|
11-Mar-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Don't reenable already enabled ldisc tty_ldisc_hangup() guarantees the ldisc is enabled (or that there is no ldisc). Since __tty_hangup() was the only user, re-define tty_ldisc_enable() in file-scope. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
25fdf243 |
|
06-Mar-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Signal SIGHUP before hanging up ldisc An exiting session leader can hang if a foreground process is blocking for line discipline i/o, eg. in n_tty_read(). This happens because the blocking reader is holding an ldisc reference (indicating the line discipline is in-use) which prevents __tty_hangup() from recycling the line discipline. Although waiters are woken before attempting to gain exclusive access for changing the ldisc, the blocking reader in this case will not exit the i/o loop since it has not yet received SIGHUP (because it has not been sent). Instead, perform signalling first, then recycle the line discipline. Fixes: INFO: task init:1 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D 00000000001d7180 2688 1 0 0x00000002 ffff8800b9acfba8 0000000000000002 00000000001d7180 ffff8800b9b10048 ffff8800b94cb000 ffff8800b9b10000 00000000001d7180 00000000001d7180 ffff8800b9b10000 ffff8800b9acffd8 00000000001d7180 00000000001d7180 Call Trace: [<ffffffff83db9909>] __schedule+0x2e9/0x3b0 [<ffffffff83db9b35>] schedule+0x55/0x60 [<ffffffff83db74ba>] schedule_timeout+0x3a/0x370 [<ffffffff81182349>] ? mark_held_locks+0xf9/0x130 [<ffffffff83dbab38>] ? down_failed+0x108/0x200 [<ffffffff83dbb7ab>] ? _raw_spin_unlock_irq+0x2b/0x80 [<ffffffff81182608>] ? trace_hardirqs_on_caller+0x128/0x160 [<ffffffff83dbab61>] down_failed+0x131/0x200 [<ffffffff83dbbfad>] ? tty_ldisc_lock_pair_timeout+0xcd/0x120 [<ffffffff83dbae03>] ldsem_down_write+0xd3/0x113 [<ffffffff83dbbfad>] ? tty_ldisc_lock_pair_timeout+0xcd/0x120 [<ffffffff8118264d>] ? trace_hardirqs_on+0xd/0x10 [<ffffffff83dbbfad>] tty_ldisc_lock_pair_timeout+0xcd/0x120 [<ffffffff81c3df60>] tty_ldisc_hangup+0xd0/0x220 [<ffffffff81c35bd7>] __tty_hangup+0x137/0x4f0 [<ffffffff81c37c7c>] disassociate_ctty+0x6c/0x230 [<ffffffff8111290c>] do_exit+0x41c/0x590 [<ffffffff8107ad34>] ? syscall_trace_enter+0x24/0x2e0 [<ffffffff81112b4a>] do_group_exit+0x8a/0xc0 [<ffffffff81112b92>] sys_exit_group+0x12/0x20 [<ffffffff83dc49d8>] tracesys+0xe1/0xe6 1 lock held by init/1: #0: (&tty->ldisc_sem){++++++}, at: [<ffffffff83dbbfad>] tty_ldisc_lock_pair_timeout+0xcd/0x120 Reported-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f91e2590 |
|
06-Mar-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Signal foreground group processes in hangup When the session leader is exiting, signal the foreground group processes as part of the hangup sequence, instead of after the hangup is complete. This prepares for hanging up the line discipline _after_ signalling processes which may be blocking on ldisc i/o. Parameterize __tty_hangup() to distinguish between when the session leader is exiting and all other hangups; signal the foreground group after signalling the session leader and its process group, which preserves the original signal order. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
bc30c3b2 |
|
06-Mar-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Use spin_lock() inside existing critical region The interrupt state does not need to be saved, disabled and restored here; interrupts are already off because this lock is bracketed by spin_lock_irq/spin_unlock_irq. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
20cc225b |
|
06-Mar-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Fix spinlock flavor in non-atomic __tty_hangup() __tty_hangup() and tty_vhangup() cannot be called from atomic context, so locks do not need to preserve the interrupt state (although, still disable interrupts). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ea648a47 |
|
06-Mar-2013 |
Peter Hurley <peter@hurleysoftware.com> |
tty: Refactor session leader SIGHUP from __tty_hangup() Reduce complexity of __tty_hangup(); separate SIGHUP signalling into tty_signal_session_leader(). Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6131ffaa |
|
27-Feb-2013 |
Al Viro <viro@zeniv.linux.org.uk> |
more file_inode() open-coded instances Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
b0de59b5 |
|
15-Feb-2013 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: do not update atime/mtime on read/write On http://vladz.devzero.fr/013_ptmx-timing.php, we can see how to find out length of a password using timestamps of /dev/ptmx. It is documented in "Timing Analysis of Keystrokes and Timing Attacks on SSH". To avoid that problem, do not update time when reading from/writing to a TTY. I am afraid of regressions as this is a behavior we have since 0.97 and apps may expect the time to be current, e.g. for monitoring whether there was a change on the TTY. Now, there is no change. So this would better have a lot of testing before it goes upstream. References: CVE-2013-0160 Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: stable <stable@vger.kernel.org> # after 3.9 is out Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4d334fd1 |
|
04-Jan-2013 |
Martin Schwidefsky <schwidefsky@de.ibm.com> |
s390/3270: asynchronous size sensing Convert the synchronous size sense code to an interrupt driven approach. This allows to set the device online even if the terminal is not connected. With the new code views can be registered without a connected terminal, the tty can be opened as soon as the device is online. After the terminal has been connected and the size has been determined the tty is resized to match the device characteristics.. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
#
6e9430ac |
|
06-Feb-2013 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
TTY: mark tty_get_device call with the proper const values Michał's previous patch missed this tty check to fix up the class_find_device() arguments. Reported-by: kbuild test robot <fengguang.wu@intel.com> Cc: Michał Mirosław <mirq-linux@rere.qmqm.pl> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ef4f527c |
|
26-Dec-2012 |
Kevin Cernekee <cernekee@gmail.com> |
tty: Fix comments that reference BKL, eventd, old paths Signed-off-by: Kevin Cernekee <cernekee@gmail.com> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
2520e274 |
|
18-Nov-2012 |
Josh Triplett <josh@joshtriplett.org> |
tty: Mark tty_del_file and __tty_hangup static Nothing outside of drivers/tty/tty_io.c references these functions, so mark them static. Signed-off-by: Josh Triplett <josh@joshtriplett.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
84fd7bdf |
|
24-Oct-2012 |
Cyrill Gorcunov <gorcunov@openvz.org> |
tty: Add get- ioctls to fetch tty status v3 For checkpoint/restore we need to know if tty has exclusive or packet mode set, as well as if pty is currently locked. Just to be able to restore this characteristics. For this sake the following ioctl codes are introduced - TIOCGPKT to get packet mode state - TIOCGPTLCK to get Pty locked state - TIOCGEXCL to get Exclusive mode state Note this ioctls are a bit unsafe in terms of data obtained consistency. The tty characteristics might be changed right after ioctl complete. Keep it in mind and use this ioctl carefully. v2: - Use TIOC prefix for ioctl codes (by jslaby@) Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> CC: Alan Cox <alan@lxorguk.ukuu.org.uk> CC: "H. Peter Anvin" <hpa@zytor.com> CC: Pavel Emelyanov <xemul@parallels.com> CC: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ecbbfd44 |
|
18-Oct-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: move tty buffers to tty_port So this is it. The big step why we did all the work over the past kernel releases. Now everything is prepared, so nothing protects us from doing that big step. | | \ \ nnnn/^l | | | | \ / / | | | '-,.__ => \/ ,-` => | '-,.__ | O __.´´) ( .` | O __.´´) ~~~ ~~ `` ~~~ ~~ The buffers are now in the tty_port structure and we can start teaching the buffer helpers (insert char/string, flip etc.) to use tty_port instead of tty_struct all around. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
967fab69 |
|
18-Oct-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: add port -> tty link For that purpose we have to temporarily introduce a second tty back pointer into tty_port. It is because serial layer, and maybe others, still do not use tty_port_tty_set/get. So that we cannot set the tty_port->tty to NULL at will now. Yes, the fix would be to convert whole serial layer and all its users to tty_port_tty_set/get. However we are in the process of removing the need of tty in most of the call sites, so this would lead to a duplicated work. Instead we have now tty_port->itty (internal tty) which will be used only in flush_to_ldisc. For that one it is ensured that itty is valid wherever the work is run. IOW, the work is synchronously cancelled before we set itty to NULL and also before hangup is processed. After we need only tty_port and not tty_struct in most code, this shall be changed to tty_port_tty_set/get and itty removed completely. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
bddc7152 |
|
18-Oct-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: move ldisc data from tty_struct: locks atomic_write_lock is not n_tty specific, so move it up in the tty_struct. And since these are the last ones to move, remove also the comment saying there are some ldisc' members. There are none now. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
53c5ee2c |
|
18-Oct-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: move ldisc data from tty_struct: simple members Here we start moving all the n_tty related bits from tty_struct to the newly defined n_tty_data struct in n_tty proper. In this patch primitive members and bits are moved. The rest will be done per-partes in the next patches. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fa2ecfc5a |
|
18-Oct-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: move devpts kill to pty Now that we have control over tty->driver_data in pty, we can just kill the /dev/pts/ in pty code too. Namely, in ->shutdown hook of tty. For pty, this is called only once, for whichever end is closed last. But we don't care, both driver_data are the inode as it used to be till now. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
cb0942b8 |
|
27-Aug-2012 |
Al Viro <viro@zeniv.linux.org.uk> |
make get_file() return its argument simplifies a bunch of callers... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
c3c073f8 |
|
21-Aug-2012 |
Al Viro <viro@zeniv.linux.org.uk> |
new helper: iterate_fd() iterates through the opened files in given descriptor table, calling a supplied function; we stop once non-zero is returned. Callback gets struct file *, descriptor number and const void * argument passed to iterator. It is called with files->file_lock held, so it is not allowed to block. tty_io, netprio_cgroup and selinux flush_unauthorized_files() converted to its use. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
b1b79916 |
|
06-Sep-2012 |
Tomas Hlavacek <tmshlvck@gmail.com> |
tty_register_device_attr updated for tty-next Added tty_device_create_release() and bound to dev->release in tty_register_device_attr(). Added tty_port_register_device_attr() and used in uart_add_one_port() instead of tty_register_device_attr(). Signed-off-by: Tomas Hlavacek <tmshlvck@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6915c0e4 |
|
05-Sep-2012 |
Tomas Hlavacek <tmshlvck@gmail.com> |
tty: uartclk value from serial_core exposed to sysfs Added file /sys/devices/.../tty/ttySX/uartclk to allow reading uartclk value in struct uart_port in serial_core via sysfs. tty_register_device() has been generalized and refactored in order to add support for setting drvdata and attribute_group to the device. Signed-off-by: Tomas Hlavacek <tmshlvck@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
bbb63c51 |
|
27-Aug-2012 |
Wanlong Gao <gaowanlong@cn.fujitsu.com> |
drivers:tty:fix up ENOIOCTLCMD error handling At commit 07d106d0, Linus pointed out that ENOIOCTLCMD should be translated as ENOTTY to user mode. For example: fd = open("/dev/tty", O_RDWR); ioctl(fd, -1, &argp); then the errno should be ENOTTY but not EINVAL. Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5d4121c0 |
|
17-Aug-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: check if tty->port is assigned And if not, complain loudly. None in-kernel module should trigger that, but let us find out for sure. On the other hand, all the out-of-tree modules will hit that. Give them some time (maybe one release) to catch up. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
7e73eca6 |
|
08-Aug-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: move cdev_add to tty_register_device We need the /dev/ node not to be available before we call tty_register_device. Otherwise we might race with open and tty_struct->port might not be available at that time. This is not an issue now, but would be a problem after "TTY: use tty_port_register_device" is applied. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0019b408 |
|
08-Aug-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: add support for unnumbered device nodes This allows drivers like ttyprintk to avoid hacks to create an unnumbered node in /dev. It used to set TTY_DRIVER_DYNAMIC_DEV in flags and call device_create on its own. That is incorrect, because TTY_DRIVER_DYNAMIC_DEV may be set only if tty_register_device is called explicitly. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
16a02081 |
|
08-Aug-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: move allocations to tty_alloc_driver So now, that we have flags and know everything needed, keep a promise and move all the tables and ports allocation from tty_register_driver to tty_alloc_driver. Not only that it makes sense, but we need this for tty_port_link_device which needs tty_driver->ports but is to be called before tty_register_driver. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
7f0bc6a6 |
|
07-Aug-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: pass flags to alloc_tty_driver We need to allow drivers that use neither tty_port_install nor tty_port_register_device to link a tty_port to a tty somehow. To avoid a race with open, this has to be performed before tty_register_device. But currently tty_driver->ports is allocated even in tty_register_device because we do not know whether this is the PTY driver. The PTY driver is special here due to an excessive count of lines it declares to handle. We cannot handle tty_ports there this way. To circumvent this, we start passing tty_driver flags to alloc_tty_driver already and we create tty_alloc_driver for this purpose. There we can allocate tty_driver->ports and do all the magic between tty_alloc_driver and tty_register_device. Later we will introduce tty_port_link_device function for that purpose. All drivers should eventually switch to this new tty driver allocation interface. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
89c8d91e |
|
08-Aug-2012 |
Alan Cox <alan@linux.intel.com> |
tty: localise the lock The termios and other changes mean the other protections needed on the driver tty arrays should be adequate. Turn it all back on. This contains pieces folded in from the fixes made to the original patches | From: Geert Uytterhoeven <geert@linux-m68k.org> (fix m68k) | From: Paul Gortmaker <paul.gortmaker@windriver.com> (fix cris) | From: Jiri Kosina <jkosina@suze.cz> (lockdep) | From: Eric Dumazet <eric.dumazet@gmail.com> (lockdep) Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
dc6802a7 |
|
23-Jul-2012 |
Dan Carpenter <dan.carpenter@oracle.com> |
tty: handle NULL parameters in free_tty_struct() We sometimes pass NULL pointers to free_tty_struct(). One example where it can happen is in the error handling code in pty_common_install(). Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4ac5d705 |
|
23-Jul-2012 |
Dan Carpenter <dan.carpenter@oracle.com> |
tty: fix missing assignment We're trying to save the termios state and we need to allocate a buffer to do it. Smatch complains that the buffer is leaked at the end of the function. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d155255a |
|
27-Jul-2012 |
Alan Cox <alan@linux.intel.com> |
tty: Fix race in tty release Ian Abbott found that the tty layer would explode with the right set of parallel open and close operations. This is because we race in the handling of tty->drivers->termios[]. Correct this by Making tty_ldisc_release behave like nromal code (takes the lock, does stuff, drops the lock) Drop the tty lock earlier in tty_ldisc_release Taking the tty mutex around the driver->termios update in all cases Adding a WARN_ON to catch future screwups. I also forgot to clean up the pty resources properly. With a pty pair we need to pull both halves out of the tables. Signed-off-by: Alan Cox <alan@linux.intel.com> Tested-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
36b3c070 |
|
17-Jul-2012 |
Alan Cox <alan@linux.intel.com> |
tty: Move the handling of the tty release logic Now that we don't have tty->termios tied to drivers->tty we can untangle the logic here. In addition we can push the removal logic out of the destructor path. At that point we can think about sorting out tty_port and console and all the other ugly hangovers. Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
adc8d746 |
|
14-Jul-2012 |
Alan Cox <alan@linux.intel.com> |
tty: move the termios object into the tty This will let us sort out a whole pile of tty related races. The alternative would be to keep points and refcount the termios objects. However 1. They are tiny anyway 2. Many devices don't use the stored copies 3. We can remove a pty special case Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6d31a88c |
|
14-Jul-2012 |
Alan Cox <alan@linux.intel.com> |
tty: revert incorrectly applied lock patch I sent GregKH this after the pre-requisites. He dropped the pre-requesites for good reason and unfortunately then applied this patch. Without this reverted you get random kernel memory corruption which will make bisecting anything between it and the properly applied patches a complete sod. Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f5e3bcc5 |
|
29-Jun-2012 |
Alan Cox <alan@linux.intel.com> |
tty: localise the lock The termios and other changes mean the other protections needed on the driver tty arrays should be adequate. Turn it all back on. This contains pieces folded in from the fixes made to the original patches | From: Geert Uytterhoeven <geert@linux-m68k.org> (fix m68k) | From: Paul Gortmaker <paul.gortmaker@windriver.com> (fix cris) | From: Jiri Kosina <jkosina@suze.cz> (lockdep) | From: Eric Dumazet <eric.dumazet@gmail.com> (lockdep) Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
04831dc1 |
|
04-Jun-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: add ports array to tty_driver It will hold tty_port structures for all drivers which do not want to define tty->ops->install hook. We ignore PTY here because it wants 1 million lines and it installs tty_port in ->install anyway. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
9bb8a3d4 |
|
04-Jun-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: centralize fail paths in tty_register_driver Currently, some failures are handled in if's false branches, some at the end of tty_register_driver via goto-labels. Let us handle the failures at the end of the functions to have the failure handling at a single place. The only thing needed is to label the lines properly and jump there. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f309532b |
|
02-Jun-2012 |
Linus Torvalds <torvalds@linux-foundation.org> |
tty: Revert the tty locking series, it needs more work This reverts the tty layer change to use per-tty locking, because it's not correct yet, and fixing it will require some more deep surgery. The main revert is d29f3ef39be4 ("tty_lock: Localise the lock"), but there are several smaller commits that built upon it, they also get reverted here. The list of reverted commits is: fde86d310886 - tty: add lockdep annotations 8f6576ad476b - tty: fix ldisc lock inversion trace d3ca8b64b97e - pty: Fix lock inversion b1d679afd766 - tty: drop the pty lock during hangup abcefe5fc357 - tty/amiserial: Add missing argument for tty_unlock() fd11b42e3598 - cris: fix missing tty arg in wait_event_interruptible_tty call d29f3ef39be4 - tty_lock: Localise the lock The revert had a trivial conflict in the 68360serial.c staging driver that got removed in the meantime. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
d29f3ef3 |
|
03-May-2012 |
Alan Cox <alan@linux.intel.com> |
tty_lock: Localise the lock In each remaining case the tty_lock is associated with a specific tty. This means we can now lock on a per tty basis. We do need tty_lock_pair() for the pty case. Uglier but still a step in the right direction. [fixed up calls in 3 missing drivers - gregkh] Signed-off-by: Alan Cox <alan@linux.intel.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
3af502b9 |
|
03-May-2012 |
Alan Cox <alan@linux.intel.com> |
tty_lock: undo the old tty_lock use on the ctty get_current_tty has its own consistent locking. That means a pile of the tty lock cases are not needed. As get_current_tty also keeps a reference the tty object lifetime means we can propogate the lock removal out. Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
9ffc93f2 |
|
28-Mar-2012 |
David Howells <dhowells@redhat.com> |
Remove all #inclusions of asm/system.h Remove all #inclusions of asm/system.h preparatory to splitting and killing it. Performed with the following command: perl -p -i -e 's!^#\s*include\s*<asm/system[.]h>.*\n!!' `grep -Irl '^#\s*include\s*<asm/system[.]h>' *` Signed-off-by: David Howells <dhowells@redhat.com>
|
#
ecd16650 |
|
05-Mar-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: remove tty driver re-set from tty_reopen This is from tty_reopen: struct tty_driver *driver = tty->driver; ... tty->driver = driver; and it doesn't make sense at all. The driver is intended to be set in initialize_tty_struct from tty_init_dev (initial open). So this set in tty_reopen is not needed. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d4834267 |
|
05-Mar-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: simplify tty_driver_lookup_tty a bit Remove the useless local variable and return the value itself. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
1a54a76d |
|
05-Mar-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: let alloc_tty_driver deduce the owner automatically Like the rest of the kernel, make a stub from alloc_tty_driver which calls __alloc_tty_driver with proper owner. This will save us one more assignment on the driver side. Also this fixes some drivers which didn't set the owner. This allowed user to remove the module from the system even though a tty from the driver is still open. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a8fbc974 |
|
05-Mar-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: tty_io, remove buffer re-assignments TTY buffer head and tail are initialized in tty_buffer_init. No need to do it once again in initialize_tty_struct where tty_buffer_init is called. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0ef1698e |
|
24-Feb-2012 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
Revert "TTY: get rid of BTM around devpts_*" This reverts commit d3bda5298aad98c7a27678bdd0dd9d008ab9e685. Sasha reported that this causes problems, so revert it. Cc: Sasha Levin <levinsasha928@gmail.com> Cc: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d3bda529 |
|
30-Jan-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: get rid of BTM around devpts_* devpts operations are protected by inode mutexes and dentry refcounting. There is no need to hold BTM. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
66d450e8 |
|
30-Jan-2012 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: provide tty_standard_install helper There are currently many cut&paste copies of what tty_driver_install_tty does when custom ->install method is not provided. Let's get rid of the copies and create a helper with this setup code. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Havard Skinnemoen <hskinnemoen@google.com> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
593a27c4 |
|
05-Jan-2012 |
Konstantin Khlebnikov <khlebnikov@openvz.org> |
tty: cleanup prohibition of direct opening for unix98 pty master cleanup hack added in v2.6.27-3203-g15582d3 comment from that patch: : pty: If the administrator creates a device for a ptmx slave we should not error : : The open path for ptmx slaves is via the ptmx device. Opening them any : other way is not allowed. Vegard Nossum found that previously this was not : the case and mknod foo c 128 42; cat foo would produce nasty diagnostics : : Signed-off-by: Alan Cox <alan@redhat.com> : Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> devpts_get_tty() returns non-null only for inodes on devpts, but there is no inodes for master-devices, /dev/ptmx (/dev/pts/ptmx) is the only way to open them. Thus we can completely forbid lookup for master-devices and eliminate that hack in tty_init_dev() because tty_open() will get EIO from tty_driver_lookup_tty(). Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
2c9ede55 |
|
23-Jul-2011 |
Al Viro <viro@zeniv.linux.org.uk> |
switch device_get_devnode() and ->devnode() to umode_t * both callers of device_get_devnode() are only interested in lower 16bits and nobody tries to return anything wider than 16bit anyway. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
9de44bd6 |
|
09-Nov-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: open/release, cleanup printks * use __func__ instead of hardcoded names (tty_release_dev is a non-existant function) * add missing \n's * unwrap for better grepping Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
955787ca |
|
11-Nov-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: move debug checking out of tty_release There is no need to taint the tty_release code with paranoia checking. So move it out of line to a separate function. Making thus tty_release more readable. [v2] don't introduce a hard to reproduce use after free (scheduled work would need to preempt the current thread) Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
2cd0050c |
|
09-Nov-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: move tty_lookup_driver to switch-cases The labels express more the nature of the decision tree. We returned from each if with a driver. Now we do this at the end of the function and the code flow is clear. While at it, remove an obsolete comment (we already take the reference). Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
ba5db448 |
|
09-Nov-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: coalesce fail paths in tty_open Move them to the end of the function and use gotos as usual. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
5b5e7040 |
|
09-Nov-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: extract driver lookup from tty_open The error handling in tty_open became unbearable. There were many errors fixed recently. Extract the tty driver lookup from tty_open to a separate function. This reduces the fail paths significantly and makes tty_open more readable. In the next patch we will move the fail path handling to the end of the function. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
b82154ac |
|
09-Nov-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: extract /dev/tty handling from tty_open This one is special to others (done in the next patch). We have the tty directly, not its driver and index. So this will reside in a separation function. In the next patch, the rest will be moved to another function. So now we set neither driver nor index. Hence we need to init driver and check whether we are supposed to put a ref of that. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
1411dc4a |
|
09-Nov-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: move pgrp killing Move it to the only branch where tty_pgrp may be set. This is only a cleanup which allows having tty_pgrp defined at that place. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
a0340703 |
|
19-Oct-2011 |
Greg Kroah-Hartman <gregkh@suse.de> |
Revert "TTY: call tty_driver_lookup_tty unconditionally" This reverts commit 631180aca723cb92e128fdac5fd144e913ca84e5. It caused problems when /dev/tty is a pty: https://lkml.org/lkml/2011/10/12/401 Cc: Jiri Slaby <jslaby@suse.cz> Cc: stable <stable@vger.kernel.org> Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com> Cc: Alan Cox <alan@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
631180ac |
|
12-Oct-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: call tty_driver_lookup_tty unconditionally Commit 4a2b5fddd5 (Move tty lookup/reopen to caller) made the call to tty_driver_lookup_tty conditional in tty_open. It doesn't look like it was an intention. Or if it was, it was not documented in the changelog and the code now looks weird. For example there would be no need to remember the tty driver and tty index. Further the condition depends on a tty which we drop a reference of already. If I'm looking correctly, this should not matter thanks to the locking currently done there. Thus, tty_driver->ttys[idx] cannot change under our hands. But anyway, it makes sense to change that to the old behaviour. Introduced-in: v2.6.28-rc2 Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: stable <stable@vger.kernel.org> Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com> Cc: Alan Cox <alan@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
fa90e1c9 |
|
12-Oct-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: make tty_add_file non-failing If tty_add_file fails at the point it is now, we have to revert all the changes we did to the tty. It means either decrease all refcounts if this was a tty reopen or delete the tty if it was newly allocated. There was a try to fix this in v3.0-rc2 using tty_release in 0259894c7 (TTY: fix fail path in tty_open). But instead it introduced a NULL dereference. It's because tty_release dereferences filp->private_data, but that one is set even in our tty_add_file. And when tty_add_file fails, it's still NULL/garbage. Hence tty_release cannot be called there. To circumvent the original leak (and the current NULL deref) we split tty_add_file into two functions, making the latter non-failing. In that case we may do the former early in open, where handling failures is easy. The latter stays as it is now. So there is no change in functionality. The original bug (leak) was introduced by f573bd176 (tty: Remove __GFP_NOFAIL from tty_add_file()). Thanks Dan for reporting this. Later, we may split tty_release into more functions and call only some of them in this fail path instead. (If at all possible.) Introduced-in: v2.6.37-rc2 Signed-off-by: Jiri Slaby <jslaby@suse.cz> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: stable <stable@vger.kernel.org> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Pekka Enberg <penberg@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
c290f835 |
|
12-Oct-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: drop driver reference in tty_open fail path When tty_driver_lookup_tty fails in tty_open, we forget to drop a reference to the tty driver. This was added by commit 4a2b5fddd5 (Move tty lookup/reopen to caller). Fix that by adding tty_driver_kref_put to the fail path. I will refactor the code later. This is for the ease of backporting to stable. Introduced-in: v2.6.28-rc2 Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: stable <stable@vger.kernel.org> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Acked-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
8193c429 |
|
05-Oct-2011 |
Thomas Meyer <thomas@m3y3r.de> |
tty: Support compat_ioctl get/set termios_locked When running a Fedora 15 (x86) on an x86_64 kernel, in the boot process plymouthd complains about those two missing ioctls: [ 2.581783] ioctl32(plymouthd:186): Unknown cmd fd(10) cmd(00005457){t:'T';sz:0} arg(ffb6a5d0) on /dev/tty1 [ 2.581803] ioctl32(plymouthd:186): Unknown cmd fd(10) cmd(00005456){t:'T';sz:0} arg(ffb6a680) on /dev/tty1 both ioctl functions work on the 'struct termios' resp. 'struct termios2', which has the same size (36 bytes resp. 44 bytes) on x86 and x86_64, so it's just a matter of converting the pointer from userland. Signed-off-by: Thomas Meyer <thomas@m3y3r.de> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
24d406a6 |
|
10-Aug-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: pty, fix pty counting tty_operations->remove is normally called like: queue_release_one_tty ->tty_shutdown ->tty_driver_remove_tty ->tty_operations->remove However tty_shutdown() is called from queue_release_one_tty() only if tty_operations->shutdown is NULL. But for pty, it is not. pty_unix98_shutdown() is used there as ->shutdown. So tty_operations->remove of pty (i.e. pty_unix98_remove()) is never called. This results in invalid pty_count. I.e. what can be seen in /proc/sys/kernel/pty/nr. I see this was already reported at: https://lkml.org/lkml/2009/11/5/370 But it was not fixed since then. This patch is kind of a hackish way. The problem lies in ->install. We allocate there another tty (so-called tty->link). So ->install is called once, but ->remove twice, for both tty and tty->link. The fix here is to count both tty and tty->link and divide the count by 2 for user. And to have ->remove called, let's make tty_driver_remove_tty() global and call that from pty_unix98_shutdown() (tty_operations->shutdown). While at it, let's document that when ->shutdown is defined, tty_shutdown() is not called. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@linux.intel.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
5a3c6b251 |
|
16-Jun-2011 |
Manuel Zerpies <manuel.f.zerpies@ww.stud.uni-erlangen.de> |
drivers/tty: use printk_ratelimited() instead of printk_ratelimit() Since the printk_ratelimit() shouldn't be used anymore (see comment in include/linux/printk.h), replace it with printk_ratelimited(). Signed-off-by: Manuel Zerpies <manuel.f.zerpies@ww.stud.uni-erlangen.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
83c67571 |
|
20-Apr-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: tty_io, annotate locking functions tty_write_lock and tty_write_unlock contain imbalanced locking. But this is intentional, so mark them appropriately by __acquires/__releases. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
99edb3d1 |
|
30-Mar-2011 |
Jovi Zhang <bookjovi@gmail.com> |
tty: remove invalid location line in file header remove invalid location line in each file header after location moved from driver/char to driver/tty Signed-off-by: Jovi Zhang <bookjovi@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
0259894c |
|
23-Mar-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: fix fail path in tty_open When tty_add_file fails we omit to clean up. Fix that by calling tty_release appropriatelly. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
a9dccddb |
|
23-Mar-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: plug in deinitialize_tty_struct Used the newly introduced deinitialize_tty_struct to properly shut down ldisc. It is intended to fix the Julian's reported problem. He reports that kmemleak checker warns about memory leak: unreferenced object 0xc0e19860 (size 8): comm cat, pid 1226, jiffies 4294919464 (age 287.476s) hex dump (first 8 bytes): 44 de 2d c1 01 00 00 00 D.-..... backtrace: [<c1065a74>] create_object+0x109/0x1ad [<c1063d2b>] kmem_cache_alloc+0x60/0x68 [<c113505c>] tty_ldisc_get+0x54/0x76 [<c11358c9>] tty_ldisc_init+0xa/0x20 [<c1130ab4>] initialize_tty_struct+0x2d/0x1ac [<c1130c8c>] tty_init_dev+0x59/0x10d [<c113136d>] tty_open+0x24a/0x3a2 ... Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Reported-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
6716671d |
|
23-Mar-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: introduce deinit helpers for proper ldisc shutdown Introduce deinitialize_tty_struct which should be called after initialize_tty_struct and before successfull tty_ldisc_setup. It calls tty_ldisc_deinit which is opposite of tty_ldisc_init. It only puts a reference to ldisc and assigns NULL to tty->ldisc. It will be used to shut down ldisc when tty_release cannot be called yet. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Julian Anastasov <ja@ssi.bg> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
d5543503 |
|
23-Mar-2011 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: unify tty_init_dev fail path handling Change it so that we call the deinit functions at one place at the end of the function (by gotos). And while at it use some sane label names. This is a preparation for the deinitialization of tty in the next patch. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Julian Anastasov <ja@ssi.bg> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
909bc774 |
|
31-Mar-2011 |
Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com> |
vt: remove uneeded retval check before tty->ops->open inside tty_open The current check is uneeded, since !retval will always returns true, as retval returned from tty_add_file is checked earlier and tty_open exits if it's not zero. Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
25985edc |
|
30-Mar-2011 |
Lucas De Marchi <lucas.demarchi@profusion.mobi> |
Fix common misspellings Fixes generated by 'codespell' and manually reviewed. Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
|
#
5edc3413 |
|
25-Jan-2011 |
Arnd Bergmann <arnd@arndb.de> |
drivers: remove extraneous includes of smp_lock.h These were missed the last time I cleaned this up globally, because of code moving around or new code getting merged. Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
#
3c95c985 |
|
17-Feb-2011 |
Kay Sievers <kay.sievers@vrfy.org> |
tty: add TIOCVHANGUP to allow clean tty shutdown of all ttys This is useful for system management software so that it can kick off things like gettys and everything that's started from a tty, before we reuse it from/for something else or shut it down. Without this ioctl it would have to temporarily become the owner of the tty, then call vhangup() and then give it up again. Cc: Lennart Poettering <lennart@poettering.net> Signed-off-by: Kay Sievers <kay.sievers@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
6caa76b7 |
|
14-Feb-2011 |
Alan Cox <alan@linux.intel.com> |
tty: now phase out the ioctl file pointer for good Only oddities here are a couple of drivers that bogusly called the ldisc helpers instead of returning -ENOIOCTLCMD. Fix the bug and the rest goes away. Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
20b9d177 |
|
14-Feb-2011 |
Alan Cox <alan@linux.intel.com> |
tiocmset: kill the file pointer argument Doing tiocmget was such fun we should do tiocmset as well for the same reasons Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
60b33c13 |
|
14-Feb-2011 |
Alan Cox <alan@linux.intel.com> |
tiocmget: kill off the passing of the struct file We don't actually need this and it causes problems for internal use of this functionality. Currently there is a single use of the FILE * pointer. That is the serial core which uses it to check tty_hung_up_p. However if that is true then IO_ERROR is also already set so the check may be removed. Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
ac751efa |
|
25-Jan-2011 |
Torben Hohn <torbenh@gmx.de> |
console: rename acquire/release_console_sem() to console_lock/unlock() The -rt patches change the console_semaphore to console_mutex. As a result, a quite large chunk of the patches changes all acquire/release_console_sem() to acquire/release_console_mutex() This commit makes things use more neutral function names which dont make implications about the underlying lock. The only real change is the return value of console_trylock which is inverted from try_acquire_console_sem() This patch also paves the way to switching console_sem from a semaphore to a mutex. [akpm@linux-foundation.org: coding-style fixes] [akpm@linux-foundation.org: make console_trylock return 1 on success, per Geert] Signed-off-by: Torben Hohn <torbenh@gmx.de> Cc: Thomas Gleixner <tglx@tglx.de> Cc: Greg KH <gregkh@suse.de> Cc: Ingo Molnar <mingo@elte.hu> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
a2a6a822 |
|
09-Jan-2011 |
Kay Sievers <kay.sievers@vrfy.org> |
tty: use for_each_console() and WARN() on sysfs failures This fixes the build warnings in the tty code, and uses the proper function for iterating over the console devices. Signed-off-by: Kay Sievers <kay.sievers@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
b7b8de08 |
|
02-Dec-2010 |
Werner Fink <werner@suse.de> |
TTY: Add tty ioctl to figure device node of the system console. This has been in the SuSE kernels for a very long time. Signed-off-by: Werner Fink <werner@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
fbc92a34 |
|
01-Dec-2010 |
Kay Sievers <kay.sievers@vrfy.org> |
tty: add 'active' sysfs attribute to tty0 and console device tty: add 'active' sysfs attribute to tty0 and console device Userspace can query the actual virtual console, and the configured console devices behind /dev/tt0 and /dev/console. The last entry in the list of devices is the active device, analog to the console= kernel command line option. The attribute supports poll(), which is raised when the virtual console is changed or /dev/console is reconfigured. Signed-off-by: Kay Sievers <kay.sievers@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> index 0000000..b138b66
|
#
acfa747b |
|
29-Nov-2010 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: open/hangup race fixup Like in the "TTY: don't allow reopen when ldisc is changing" patch, this one fixes a TTY WARNING as described in the option 1) there: 1) __tty_hangup from tty_ldisc_hangup to tty_ldisc_enable. During this section tty_lock is held. However tty_lock is temporarily dropped in the middle of the function by tty_ldisc_hangup. The fix is to introduce a new flag which we set during the unlocked window and check it in tty_reopen too. The flag is TTY_HUPPING and is cleared after TTY_HUPPED is set. While at it, remove duplicate TTY_HUPPED set_bit. The one after calling ops->hangup seems to be more correct. But anyway, we hold tty_lock, so there should be no difference. Also document the function it does that kind of crap. Nicely reproducible with two forked children: static void do_work(const char *tty) { if (signal(SIGHUP, SIG_IGN) == SIG_ERR) exit(1); setsid(); while (1) { int fd = open(tty, O_RDWR|O_NOCTTY); if (fd < 0) continue; if (ioctl(fd, TIOCSCTTY)) continue; if (vhangup()) continue; close(fd); } exit(0); } Signed-off-by: Jiri Slaby <jslaby@suse.cz> Reported-by: <Valdis.Kletnieks@vt.edu> Reported-by: Kyle McMartin <kyle@mcmartin.ca> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
e2efafbf |
|
29-Nov-2010 |
Jiri Slaby <jirislaby@kernel.org> |
TTY: don't allow reopen when ldisc is changing There are many WARNINGs like the following reported nowadays: WARNING: at drivers/tty/tty_io.c:1331 tty_open+0x2a2/0x49a() Hardware name: Latitude E6500 Modules linked in: Pid: 1207, comm: plymouthd Not tainted 2.6.37-rc3-mmotm1123 #3 Call Trace: [<ffffffff8103b189>] warn_slowpath_common+0x80/0x98 [<ffffffff8103b1b6>] warn_slowpath_null+0x15/0x17 [<ffffffff8128a3ab>] tty_open+0x2a2/0x49a [<ffffffff810fd53f>] chrdev_open+0x11d/0x146 ... This means tty_reopen is called without TTY_LDISC set. For further considerations, note tty_lock is held in tty_open. TTY_LDISC is cleared in: 1) __tty_hangup from tty_ldisc_hangup to tty_ldisc_enable. During this section tty_lock is held. However tty_lock is temporarily dropped in the middle of the function by tty_ldisc_hangup. 2) tty_release via tty_ldisc_release till the end of tty existence. If tty->count <= 1, tty_lock is taken, TTY_CLOSING bit set and then tty_ldisc_release called. tty_reopen checks TTY_CLOSING before checking TTY_LDISC. 3) tty_set_ldisc from tty_ldisc_halt to tty_ldisc_enable. We: * take tty_lock, set TTY_LDISC_CHANGING, put tty_lock * call tty_ldisc_halt (clear TTY_LDISC), tty_lock is _not_ held * do some other work * take tty_lock, call tty_ldisc_enable (set TTY_LDISC), put tty_lock I cannot see how 2) can be a problem, as there I see no race. OTOH, 1) and 3) can happen without problems. This patch the case 3) by checking TTY_LDISC_CHANGING along with TTY_CLOSING in tty_reopen. 1) will be fixed in the following patch. Nicely reproducible with two processes: while (1) { fd = open("/dev/ttyS1", O_RDWR); if (fd < 0) { warn("open"); continue; } close(fd); } -------- while (1) { fd = open("/dev/ttyS1", O_RDWR); ld1 = 0; ld2 = 2; while (1) { ioctl(fd, TIOCSETD, &ld1); ioctl(fd, TIOCSETD, &ld2); } close(fd); } Signed-off-by: Jiri Slaby <jslaby@suse.cz> Reported-by: <Valdis.Kletnieks@vt.edu> Cc: Kyle McMartin <kyle@mcmartin.ca> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
96fd7ce5 |
|
04-Nov-2010 |
Greg Kroah-Hartman <gregkh@suse.de> |
TTY: create drivers/tty and move the tty core files there The tty code should be in its own subdirectory and not in the char driver with all of the cruft that is currently there. Based on work done by Arnd Bergmann <arnd@arndb.de> Acked-by: Arnd Bergmann <arnd@arndb.de> Cc: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|