lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 20 Mar 2014 12:29:20 -0500
From:	Felipe Balbi <balbi@...com>
To:	Felipe Balbi <balbi@...com>
CC:	Alan Cox <alan@...ux.intel.com>,
	Marcel Holtmann <marcel@...tmann.org>,
	Greg KH <gregkh@...uxfoundation.org>,
	Muralidharan Karicheri <m-karicheri2@...com>,
	<linux-bluetooth@...r.kernel.org>, <linux-serial@...r.kernel.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: hci_ldsic nested locking problem

On Thu, Mar 20, 2014 at 12:16:22PM -0500, Felipe Balbi wrote:
> On Thu, Mar 20, 2014 at 04:42:16PM +0000, Alan Cox wrote:
> > On Thu, 2014-03-20 at 11:34 -0500, Felipe Balbi wrote:
> > > Hi,
> > > 
> > > when 8250 driver calls uart_write_wakeup(), the tty port lock is already
> > > taken. hci_ldisc.c's implementation of ->write_wakeup() calls
> > > tty->ops->write() to actually send the characters, but that call will
> > > try to acquire the same port lock again.
> > > 
> > > Looking at other line disciplines that looks like a bug in hci_ldisc.c.
> > > Am I correct to assume that ->write_wakeup() is supposed to *just*
> > > wakeup the bottom half so we handle ->write() in another context ?
> > > 
> > > Is it legal to call tty->ops->write() from within ->write_wakeup() ?
> > 
> > It isn't because you might send all the bytes and go
> > 
> > 	write
> > 		write_wakeup
> > 			write
> > 				write wakeup
> > 					...
> > 
> > and recurse

then we need updates to Documentation:

Documentation/serial/tty.txt::

|  Driver Side Interfaces:
|  
|  receive_buf()	-	Hand buffers of bytes from the driver to the ldisc
|  			for processing. Semantics currently rather
|  			mysterious 8(
|  
|  write_wakeup()	-	May be called at any point between open and close.
|  			The TTY_DO_WRITE_WAKEUP flag indicates if a call
|  			is needed but always races versus calls. Thus the
|  			ldisc must be careful about setting order and to
|  			handle unexpected calls. Must not sleep.
|  
|  			The driver is forbidden from calling this directly
|  			from the ->write call from the ldisc as the ldisc
|  			is permitted to call the driver write method from
|  			this function. In such a situation defer it.

documentation says ldisc is allowed to call ->write() from
->write_wakeup(). huh ?

-- 
balbi

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists