lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070609181805.GA2771@atjola.homenet>
Date:	Sat, 9 Jun 2007 20:18:05 +0200
From:	Björn Steinbrink <B.Steinbrink@....de>
To:	Paul Fulghum <paulkf@...rogate.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Arnd Bergmann <arnd@...db.de>,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Nicolas Mailhot <nicolas.mailhot@...oste.net>,
	Randy Dunlap <randy.dunlap@...cle.com>,
	"bugme-daemon@...nel-bugs.osdl.org" 
	<bugme-daemon@...zilla.kernel.org>, linux-kernel@...r.kernel.org,
	Mel Gorman <mel@....ul.ie>,
	Christoph Lameter <clameter@....com>
Subject: Re: [PATCH] tty restore locked ioctl file op

On 2007.06.08 15:34:17 -0500, Paul Fulghum wrote:
> Restore tty locked ioctl handler which was replaced with
> an unlocked ioctl handler in hung_up_tty_fops by the patch:
> 
> commit e10cc1df1d2014f68a4bdcf73f6dd122c4561f94
> Author: Paul Fulghum <paulkf@...rogate.com>
> Date:   Thu May 10 22:22:50 2007 -0700
> 
>     tty: add compat_ioctl
> 
> This was reported in:
> [Bug 8473] New: Oops: 0010 [1] SMP
> 
> The bug is caused by switching to hung_up_tty_fops in do_tty_hangup.
> An ioctl call can be waiting on BLK after testing for existence of
> the locked ioctl handler in the normal tty fops, but before calling
> the locked ioctl handler. If a hangup occurs at that point, the
> locked ioctl fop is NULL and an oops occurs.

Sorry for the delay, your mails didn't make it into my inbox, and I
usually just mark threads on which I'm Cc'ed as read in my lkml mailbox,
thus I didn't notice it earlier. Any traces of the lost mails on your
side?

The patch works as expected, no Oops in sight. Regarding the
reproducability, it might be that it was easier to trigger on rc1. When
I retried today with rc4, I only got 2 Oopses in a minute, while the
first test had spitten out about 20 Oopses in 10 seconds (not sure if I
really had rc1 running back then, though).

Thanks,
Björn

> Signed-off-by: Paul Fulghum <paulkf@...rogate.com>
> 
> --- a/drivers/char/tty_io.c	2007-06-08 14:26:10.000000000 -0500
> +++ b/drivers/char/tty_io.c	2007-06-08 14:28:58.000000000 -0500
> @@ -1173,8 +1173,14 @@ static unsigned int hung_up_tty_poll(str
>  	return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
>  }
>  
> -static long hung_up_tty_ioctl(struct file * file,
> -			      unsigned int cmd, unsigned long arg)
> +static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
> +			     unsigned int cmd, unsigned long arg)
> +{
> +	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
> +}
> +
> +static long hung_up_tty_compat_ioctl(struct file * file,
> +				     unsigned int cmd, unsigned long arg)
>  {
>  	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
>  }
> @@ -1222,8 +1228,8 @@ static const struct file_operations hung
>  	.read		= hung_up_tty_read,
>  	.write		= hung_up_tty_write,
>  	.poll		= hung_up_tty_poll,
> -	.unlocked_ioctl = hung_up_tty_ioctl,
> -	.compat_ioctl	= hung_up_tty_ioctl,
> +	.ioctl		= hung_up_tty_ioctl,
> +	.compat_ioctl	= hung_up_tty_compat_ioctl,
>  	.release	= tty_release,
>  };
>  
> 
> 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ