lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <476DD1D6.50500@videon-central.com>
Date:	Sat, 22 Dec 2007 22:11:18 -0500
From:	"Cory T. Tusar" <ctusar@...eon-central.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	linux-kernel@...r.kernel.org, jirislaby@...il.com,
	alan@...rguk.ukuu.org.uk, torvalds@...ux-foundation.org
Subject: Re: [PATCH] tty: Fix logic change introduced by
 wait_event_interruptible_timeout()

Andrew Morton wrote:
> On Thu, 20 Dec 2007 16:39:21 -0500 "Cory T. Tusar" <ctusar@...eon-central.com> wrote:
> 
>> tty: Fix logic change introduced by wait_event_interruptible_timeout()
>>
>> Commit 5a52bd4a2dcb570333ce6fe2e16cd311650dbdc8 introduced a subtle logic
>> change in tty_wait_until_sent().  The original version would only error
>> out of the 'do { ... } while (timeout)' loop if signal_pending() evaluated
>> to true; a timeout or break due to an empty buffer would fall out of the
>> loop and into the tty->driver->wait_until_sent handling.  The current
>> implementation will error out on either a pending signal or an empty
>> buffer, falling through to the tty->driver->wait_until_sent handling
>> only on a timeout.
>>
>> This change reverts the logic flow in tty_wait_until_sent() to match that
>> prior to the aforementioned commit.
>>
>> Signed-off-by: Cory T. Tusar <ctusar@...eon-central.com>
>>
>> ---
>> Please CC me on any replies; I'm not subscribed to lkml.  Thanks.
>>
>>  drivers/char/tty_ioctl.c |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/drivers/char/tty_ioctl.c b/drivers/char/tty_ioctl.c
>> index 1bdd2bf..e02d592 100644
>> --- a/drivers/char/tty_ioctl.c
>> +++ b/drivers/char/tty_ioctl.c
>> @@ -62,7 +62,7 @@ void tty_wait_until_sent(struct tty_struct * tty, long timeout)
>>  	if (!timeout)
>>  		timeout = MAX_SCHEDULE_TIMEOUT;
>>  	if (wait_event_interruptible_timeout(tty->write_wait,
>> -			!tty->driver->chars_in_buffer(tty), timeout))
>> +			!tty->driver->chars_in_buffer(tty), timeout) < 0)
>>  		return;
>>  	if (tty->driver->wait_until_sent)
>>  		tty->driver->wait_until_sent(tty, timeout);
> 
> OK...  So what are the user-visible effects of this regression?  The caller
> will run ->wait_until_sent() even after being signalled?  So the signal is
> not promptly responded to?

No, the ->wait_until_sent() will not be reached if the buffer empties
before timeout jiffies have elapsed.  This behavior differs from that
prior to commit 5a52bd4a2dcb570333ce6fe2e16cd311650dbdc8.

I turned this up while using a little serial download utility to
bootstrap an ARM-based eval board.  The util worked fine on 2.6.22.x,
but consistently failed on 2.6.23.x.  Once I'd determined that, I
narrowed things down with git bisect, and found the above difference
in logic in tty_wait_until_sent() by inspection.

If you'd like a more in-depth analysis of what's breaking on the
user-space side, I can certainly investigate further and (hopefully) come
up with a simple test case that tickles this issue.


-- 
Cory T. Tusar
Embedded Systems Engineer
Videon Central, Inc.
2171 Sandy Drive
State College, PA 16803
(814) 235-1111 x316
(814) 235-1118 fax


"There are two ways of constructing a software design.  One way is to
 make it so simple that there are obviously no deficiencies, and the
 other way is to make it so complicated that there are no obvious
 deficiencies."  --Sir Charles Anthony Richard Hoare

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ