lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 16 Mar 2012 10:08:26 +0000
From:	"Du, Alek" <alek.du@...el.com>
To:	Jiri Slaby <jslaby@...e.cz>
CC:	"jiris >> Jiri Slaby" <jirislaby@...il.com>,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	"Tu, Xiaobing" <xiaobing.tu@...el.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
	"Zhang, Yanmin" <yanmin.zhang@...el.com>,
	"Zuo, Jiao" <jiao.zuo@...el.com>
Subject: RE: [PATCH] tty: hold lock across tty buffer finding and buffer
 filling

If you really look at the original patch from Xiaobing, the tty_prepare_flip_string is also patched :-)
Actually it fills up all the possible spin_lock gaps in tty_buffer.c


@@ -344,13 +375,20 @@ EXPORT_SYMBOL(tty_schedule_flip);  int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
 								size_t size)
 {
-	int space = tty_buffer_request_room(tty, size);
+	int space;
+	unsigned long flags;
+	struct tty_buffer *tb;
+	
+	spin_lock_irqsave(&tty->buf.lock, flags);
+	space = __tty_buffer_request_room(tty, size);
+
+	tb = tty->buf.tail;
 	if (likely(space)) {
-		struct tty_buffer *tb = tty->buf.tail;
 		*chars = tb->char_buf_ptr + tb->used;
 		memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
 		tb->used += space;
 	}
+	spin_unlock_irqrestore(&tty->buf.lock, flags);
 	return space;
 }

Thanks,
Alek
-----Original Message-----
From: Jiri Slaby [mailto:jirislaby@...il.com] On Behalf Of Jiri Slaby
Sent: Friday, March 16, 2012 6:04 PM
To: Du, Alek
Cc: jiris >> Jiri Slaby; Alan Cox; Tu, Xiaobing; linux-kernel@...r.kernel.org; gregkh@...uxfoundation.org; Zhang, Yanmin; Zuo, Jiao
Subject: Re: [PATCH] tty: hold lock across tty buffer finding and buffer filling

On 03/16/2012 11:01 AM, Du, Alek wrote:
> We prepared the buffer, and use it. And during this, we don't release the spinlock of buf.lock, how the flush could happen?
> 
>                A
> spin_lock
> prepare the buffer
> user the buffer
> spin unlock
> 
> 
>               B
> Spin_lock
> Flush
> Free the buffer
> Put buf.tail = NULL
> Spin unlock

Well, you do. Not all drivers use tty_insert_flip_string. Take a look at tty_prepare_flip_string and its users.

thanks,
--
js
suse labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ