lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Feb 2017 10:14:56 +0800 From: Wang YanQing <udknight@...il.com> To: gregkh@...uxfoundation.org Cc: jslaby@...e.com, peter@...leysoftware.com, linux-kernel@...r.kernel.org Subject: [PATCH] tty: pty: don't flush line discipline of another side in pty_flush_buffer Don't flush line discipline of another side, because user could already see the data in line discipline through poll, TIOCINQ or FIONREAD. Current behavior break the expection of userspace application in below situations. Example1: Thread A Thread B -------- -------- n_tty_poll return POLLIN CTRL-C trigger pty_flush_buffer tty_buffer_flush n_tty_flush_buffer TIOCINQ or FIONREAD return zero number of bytes Example2: Thread A Thread B -------- -------- TIOCINQ or FIONREAD return valid number of bytes CTRL-C trigger pty_flush_buffer tty_buffer_flush n_tty_flush_buffer n_tty_read still block due to no data I meet this problem(Example1) in konsole, current behavior cause konsole to hangup forever. It has high possibility to trigger the trouble I meet to execute below commands a few times in konsole with kernel has commit 1d1d14da12e79a6c05fbe1a975401f0f56c93316 ("pty: Fix buffer flush deadlock") which bring this behavior: 1:cat BigFile 2:CTRL-C Signed-off-by: Wang YanQing <udknight@...il.com> --- drivers/tty/pty.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c index a23fa5e..2b90738 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c @@ -216,16 +216,11 @@ static int pty_signal(struct tty_struct *tty, int sig) static void pty_flush_buffer(struct tty_struct *tty) { struct tty_struct *to = tty->link; - struct tty_ldisc *ld; if (!to) return; - ld = tty_ldisc_ref(to); - tty_buffer_flush(to, ld); - if (ld) - tty_ldisc_deref(ld); - + tty_buffer_flush(to, NULL); if (to->packet) { spin_lock_irq(&tty->ctrl_lock); tty->ctrl_status |= TIOCPKT_FLUSHWRITE; -- 1.8.5.6.2.g3d8a54e.dirty
Powered by blists - more mailing lists