| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Oct 2008 12:35:17 +0200
From: Adam Tlałka <atlka@...gda.pl>
To: Alan Cox <alan@...rguk.ukuu.org.uk>
Cc: linux-kernel@...r.kernel.org, torvalds@...l.org
Subject: Re: [PATCH 0/1] SIGWINCH problem with terminal apps still alive
Fri, 10 Oct 2008 10:29:06 +0100 - Alan Cox <alan@...rguk.ukuu.org.uk>:
> On Fri, 10 Oct 2008 03:12:34 +0200
> Adam Tlałka <atlka@...gda.pl> wrote:
>
> > Welcome,
> >
> > now we have 2.6.26.6 kernel and still terminal resize leads to
> > undesired effects. It is very inconvenient to wait for 2.6.27 for
> > corrections.
> >
> > As Alan Cox previously said mutexes generally work but as we can
> > observe in case of kill_pgrp() call inside mutex lock we got
> > race because of rescheduling so lock is not working here.
> > Rearanging code so the variable change is placed before kill_pgrp()
> > call removes mentioned race situaction.
> >
> > Signed-off-by: Adam Tla/lka <atlka@...gda.pl>
> >
> > I strongly suggest to patch actual 2.6.26.x kernel to remove this
> > very nasty pts behaviour.
>
> NAK again
>
> Moving the copies around simply moves the race, it might be that it
> fixes your box and unfixes other peoples.
>
I don't think so. Race appears because of kill_pgrp() call which
generates SIGWINCH so it leads to reschedule and ioctl() which reads
termios sizes before they are updated - from time to time. So if we
update variables before signal generation there will be no race.
Moving the point of variables update eliminates
possibility of reading old values. So even if after kill_pgrp() the
other process will not lock here on this mutex values obtained will be
sane.
Whats more we could protect by mutex variable only test and change
operations and it stil will work correctly.
Because now we have 2.6.27 I tested this kind of code in
tty_io.c(tty_do_resize):
struct pid *pgrp, *rpgrp;
unsigned long flags;
/* For a PTY we need to lock the tty side */
mutex_lock(&real_tty->termios_mutex);
if ((flags = memcmp(ws, &tty->winsize, sizeof(*ws)))){
tty->winsize = *ws;
real_tty->winsize = *ws;
}
mutex_unlock(&real_tty->termios_mutex);
if (flags){
/* Get the PID values and reference them so we can
avoid holding the tty ctrl lock while sending signals */
spin_lock_irqsave(&tty->ctrl_lock, flags);
pgrp = get_pid(tty->pgrp);
rpgrp = get_pid(real_tty->pgrp);
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
if (pgrp)
kill_pgrp(pgrp, SIGWINCH, 1);
if (rpgrp != pgrp && rpgrp)
kill_pgrp(rpgrp, SIGWINCH, 1);
put_pid(pgrp);
put_pid(rpgrp);
}
return 0;
So it works, and change of tty->winsize and real_tty->winsize are protected .
Why another process should wait more if winsize is already properly set?
Regards
--
Adam Tlałka mailto:atlka@...gda.pl ^v^ ^v^ ^v^
System & Network Administration Group - - - ~~~~~~
Computer Center, Gdańsk University of Technology, Poland
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists