lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 12 Oct 2011 12:57:17 +0100
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	Doug Anderson <dianders@...omium.org>
Cc:	Jiri Slaby <jirislaby@...il.com>,
	Stephen Warren <swarren@...dia.com>,
	Olof Johansson <olof@...om.net>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	Alan Cox <alan@...ux.intel.com>,
	Allen Martin <AMartin@...dia.com>,
	Tom Warren <twarren@...dia.com>, linux-serial@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] TTY: serial_core: Fix crash if DCD drop during
 suspend

On Tue, 11 Oct 2011 17:25:44 -0700
Doug Anderson <dianders@...omium.org> wrote:

> This crash was showing up 100% of the time on Tegra CPUs when an
> agetty was running on the serial port and the console was not running
> on the serial port.  The reason the Tegra saw it so reliably is that
> the Tegra CPU internally ties DTR to DCD/DSR.  That means when we
> dropped DTR during suspend we would get always get an immediate DCD
> drop.
> 
> The specific order of operations that were running:
> * uart_suspend_port() would be called to put the uart in suspend mode
> * we'd drop DTR (ops->set_mctrl(uport, 0)).
> * the DTR drop would be looped back in the CPU to be a DCD drop.
> * the DCD drop would look to the serial driver as a hangup
> * the hangup would call uart_shutdown()
> * ... suspend / resume happens ...
> * uart_resume_port() would be called and run the code in the
>   (port->flags & ASYNC_SUSPENDED) block, which would startup the port
>   (and enable tx again).
> * Since the UART would be available for tx, we'd immediately get
>   an interrupt, eventually calling transmit_chars()
> * The transmit_chars() function would crash.  The first crash would
>   be a dereference of a NULL tty member, but since the port has been
>   shutdown that was just a symptom.
> 
> I have proposed a patch that would fix the Tegra CPUs here (see
> https://lkml.org/lkml/2011/10/11/444 - tty/serial: Prevent drop of DCD
> on suspend for Tegra UARTs).  However, even with that fix it is still
> possible for systems that have an externally visible DCD line to see a
> crash if the DCD drops at just the right time during suspend: thus
> this patch is still useful.
> 
> Signed-off-by: Doug Anderson <dianders@...omium.org>

Acked-by: Alan Cox <alan@...ux.intel.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ