lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Mon, 6 Feb 2017 10:14:56 +0800
From:   Wang YanQing <udknight@...il.com>
To:     gregkh@...uxfoundation.org
Cc:     jslaby@...e.com, peter@...leysoftware.com,
        linux-kernel@...r.kernel.org
Subject: [PATCH] tty: pty: don't flush line discipline of another side in
 pty_flush_buffer

Don't flush line discipline of another side, because user could already see
the data in line discipline through poll, TIOCINQ or FIONREAD. Current behavior
break the expection of userspace application in below situations.

Example1:
Thread A                                 Thread B
--------                                 --------
n_tty_poll return POLLIN
                                         CTRL-C trigger pty_flush_buffer
                                           tty_buffer_flush
                                             n_tty_flush_buffer
TIOCINQ or FIONREAD
  return zero number of bytes

Example2:
Thread A                                 Thread B
--------                                 --------
TIOCINQ or FIONREAD
  return valid number of bytes

                                         CTRL-C trigger pty_flush_buffer
                                           tty_buffer_flush
                                             n_tty_flush_buffer
n_tty_read still block due to no data

I meet this problem(Example1) in konsole, current behavior cause konsole to hangup
forever.

It has high possibility to trigger the trouble I meet to execute below commands a
few times in konsole with kernel has commit 1d1d14da12e79a6c05fbe1a975401f0f56c93316
("pty: Fix buffer flush deadlock") which bring this behavior:
1:cat BigFile
2:CTRL-C

Signed-off-by: Wang YanQing <udknight@...il.com>
---
 drivers/tty/pty.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
index a23fa5e..2b90738 100644
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
@@ -216,16 +216,11 @@ static int pty_signal(struct tty_struct *tty, int sig)
 static void pty_flush_buffer(struct tty_struct *tty)
 {
 	struct tty_struct *to = tty->link;
-	struct tty_ldisc *ld;
 
 	if (!to)
 		return;
 
-	ld = tty_ldisc_ref(to);
-	tty_buffer_flush(to, ld);
-	if (ld)
-		tty_ldisc_deref(ld);
-
+	tty_buffer_flush(to, NULL);
 	if (to->packet) {
 		spin_lock_irq(&tty->ctrl_lock);
 		tty->ctrl_status |= TIOCPKT_FLUSHWRITE;
-- 
1.8.5.6.2.g3d8a54e.dirty

Powered by blists - more mailing lists