lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 11 Aug 2009 12:16:39 -0600
From:	Joe Peterson <joe@...rush.com>
To:	Artur Skawina <art.08.09@...il.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Alan Cox <alan@...rguk.ukuu.org.uk>, gregkh@...e.de
CC:	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Moving tty->stopped logic to ldisc (pty: fix data loss when stopped
 (^S/^Q))

[Please include my email address in replies]

Hi all,

This is in regard to the problem that the recent patch ("pty: fix data
loss when stopped (^S/^Q)") fixes.  The issue is something I've been
looking at recently as well after noticing (I noticed it first as loss
of echoes, since I was re-testing what my echo buffer code originally
fixed).

Like mentioned in the other thread on this topic, the thought also
occurred to me that the "tty stopped" logic should be in the ldisc
rather in the driver code (console, pty, etc.).  Also, upon digging
further into the issue, even though the fix applied does resume previous
behavior, there are some remaining issues that it does not address and
that have existed for a while:

1) If the tty->stopped state changes during a write (either regular or
echo output), the pty can end up throwing character away.  This is a
small window of opportunity, but there nonetheless.

2) Since the N_TTY ldisc relies on a reliable amount of "write room"
during output operations (to both avoid similar loss of chars and to
ensure certain char groupings, like "^C", stay together atomically)
other calls to ttyp->ops->write outside the ldisc (e.g.
tty_write_message in tty_io.c or send_prio_char in tty_ioctl.c) that
happen in the middle of an ldisc write are problematic since they could
cause a reduction of write room without the knowledge of N_TTY.

I have attached a patch for comment which removes the checks for
tty->stopped from pty.c and vt.c (covering the pty and console cases)
and moves these checks to the ldisc (only N_TTY for now).  I also use
the output lock (a finer-grained lock than the write lock that can be
used in both write and receive paths) to protect the write room in the
cases outside the ldisc state above.  Ultimately, we'd want to either
make these locks only happen if ldisc=N_TTY or have all ldiscs use it, I
would think (comments?).

						-Thanks, Joe

View attachment "tty_move_tty_stopped_logic_to_ldisc.patch" of type "text/plain" (3359 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ