lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4CFF9FA6.70708@suse.cz>
Date:	Wed, 08 Dec 2010 16:09:26 +0100
From:	Jiri Slaby <jslaby@...e.cz>
To:	Greg KH <gregkh@...e.de>
CC:	linux-kernel@...r.kernel.org, stable@...nel.org,
	stable-review@...nel.org, torvalds@...ux-foundation.org,
	akpm@...ux-foundation.org, alan@...rguk.ukuu.org.uk,
	Alan Cox <alan@...ux.intel.com>
Subject: Re: [043/127] TTY: ldisc, fix open flag handling

On 12/08/2010 04:02 PM, Greg KH wrote:
> On Wed, Dec 08, 2010 at 07:24:46AM +0100, Jiri Slaby wrote:
>> On 12/08/2010 01:43 AM, Greg KH wrote:
>>> 2.6.32-stable review patch.  If anyone has any objections, please let us know.
>>>
>>> ------------------
>>>
>>> From: Jiri Slaby <jslaby@...e.cz>
>>>
>>> commit 7f90cfc505d613f4faf096e0d84ffe99208057d9 upstream.
>>>
>>> When a concrete ldisc open fails in tty_ldisc_open, we forget to clear
>>> TTY_LDISC_OPEN. This causes a false warning on the next ldisc open:
>>> WARNING: at drivers/char/tty_ldisc.c:445 tty_ldisc_open+0x26/0x38()
>>> Hardware name: System Product Name
>>> Modules linked in: ...
>>> Pid: 5251, comm: a.out Tainted: G        W  2.6.32-5-686 #1
>>> Call Trace:
>>>  [<c1030321>] ? warn_slowpath_common+0x5e/0x8a
>>>  [<c1030357>] ? warn_slowpath_null+0xa/0xc
>>>  [<c119311c>] ? tty_ldisc_open+0x26/0x38
>>>  [<c11936c5>] ? tty_set_ldisc+0x218/0x304
>>> ...
>>>
>>> So clear the bit when failing...
>>>
>>> Introduced in c65c9bc3efa (tty: rewrite the ldisc locking) back in
>>> 2.6.31-rc1.
>>>
>>> Signed-off-by: Jiri Slaby <jslaby@...e.cz>
>>> Cc: Alan Cox <alan@...ux.intel.com>
>>> Reported-by: Sergey Lapin <slapin@...fans.org>
>>> Tested-by: Sergey Lapin <slapin@...fans.org>
>>> Signed-off-by: Greg Kroah-Hartman <gregkh@...e.de>
>>>
>>> ---
>>>  drivers/char/tty_ldisc.c |    9 +++++++--
>>>  1 file changed, 7 insertions(+), 2 deletions(-)
>>>
>>> --- a/drivers/char/tty_ldisc.c
>>> +++ b/drivers/char/tty_ldisc.c
>>> @@ -444,9 +444,14 @@ static void tty_set_termios_ldisc(struct
>>>  
>>>  static int tty_ldisc_open(struct tty_struct *tty, struct tty_ldisc *ld)
>>>  {
>>> +	int ret;
>>> +
>>>  	WARN_ON(test_and_set_bit(TTY_LDISC_OPEN, &tty->flags));
>>> -	if (ld->ops->open)
>>> -		return ld->ops->open(tty);
>>> +	if (ld->ops->open) {
>>> +		ret = ld->ops->open(tty);
>>> +		if (ret)
>>> +			clear_bit(TTY_LDISC_OPEN, &tty->flags);
>>> +	}
>>>  	return 0;
>>
>> Whoops, this should write return ret; (with int ret = 0;)
>>
>> Do you want me to send the patch against rebased on .32?
> 
> No, send it based on Linus's tree as it's wrong there, right?  Then it
> will move through to the stable kernels.

Nope, in 2.6.36 and newer it looks differently, only the .32 backport is
broken.

The .36 backport is OK:
--- a/drivers/char/tty_ldisc.c
+++ b/drivers/char/tty_ldisc.c
@@ -454,6 +454,8 @@ static int tty_ldisc_open(struct tty_str
                 /* BTM here locks versus a hangup event */
 		WARN_ON(!tty_locked());
 		ret = ld->ops->open(tty);
+		if (ret)
+			clear_bit(TTY_LDISC_OPEN, &tty->flags);
 		return ret;
 	}
 	return 0;

thanks,
-- 
js
suse labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ