| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Aug 2015 02:45:29 +0000
From: Taichi Kageyama <t-kageyama@...jp.nec.com>
To: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"peter@...leysoftware.com" <peter@...leysoftware.com>
CC: Taichi Kageyama <t-kageyama@...jp.nec.com>,
"linux-serial@...r.kernel.org" <linux-serial@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"jslaby@...e.cz" <jslaby@...e.cz>,
"prarit@...hat.com" <prarit@...hat.com>,
Naoya Horiguchi <n-horiguchi@...jp.nec.com>,
"jiang.liu@...ux.intel.com" <jiang.liu@...ux.intel.com>
Subject: [PATCH v4] serial: 8250: Fix autoconfig_irq() to avoid race
conditions
The following race conditions can happen when a serial port is used
as console.
Case1: CPU_B is used to detect an interrupt from a serial port,
but it can have interrupts disabled during the waiting time.
Case2: CPU_B clears UART_IER just after CPU_A sets UART_IER and then
a serial port may not make an interrupt.
Case3: CPU_A sets UART_IER just after CPU_B clears UART_IER.
This is an unexpected behavior for serial8250_console_write().
CPU_A [autoconfig_irq] | CPU_B [serial8250_console_write]
----------------------------|---------------------------------------
|
probe_irq_on() | spin_lock_irqsave(&port->lock,)
serial_outp(,UART_IER,0x0f) | serial_out(,UART_IER,0)
udelay(20); | uart_console_write()
probe_irq_off() |
| spin_unlock_irqrestore(&port->lock,)
Case1 and 2 can make autoconfig_irq() failed.
In these cases, the console doesn't work in interrupt mode and
"input overrun" (which can make operation mistakes) can happen
on some systems. Especially in the Case1, It is known that the
problem happens with high rate every boot once it occurs
because the boot sequence is always almost same.
port mutex makes sure that the autoconfig operation is exclusive of
any other concurrent HW access except by the console operation.
console lock is required in autoconfig_irq().
Signed-off-by: Taichi Kageyama <t-kageyama@...jp.nec.com>
Cc: Naoya Horiguchi <n-horiguchi@...jp.nec.com>
Reviewed-by: Peter Hurley <peter@...leysoftware.com>
---
Changes in v4:
- Rebased on the top of tty-next
- The file name was changed from 8250_core.c to 8250_port.c
Changes in v3:
- Removed RFC tag
Changes in v2:
- Updated commit log
- Rebased on v4.2-rc4
drivers/tty/serial/8250/8250_port.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git tty-next.org/drivers/tty/serial/8250/8250_port.c tty-next.work/drivers/tty/serial/8250/8250_port.c
index 54e6c8d..9300b59 100644
--- tty-next.org/drivers/tty/serial/8250/8250_port.c
+++ tty-next.work/drivers/tty/serial/8250/8250_port.c
@@ -1238,6 +1238,9 @@ static void autoconfig_irq(struct uart_8250_port *up)
inb_p(ICP);
}
+ if (uart_console(port))
+ console_lock();
+
/* forget possible initially masked and pending IRQ */
probe_irq_off(probe_irq_on());
save_mcr = serial_in(up, UART_MCR);
@@ -1269,6 +1272,9 @@ static void autoconfig_irq(struct uart_8250_port *up)
if (port->flags & UPF_FOURPORT)
outb_p(save_ICP, ICP);
+ if (uart_console(port))
+ console_unlock();
+
port->irq = (irq > 0) ? irq : 0;
}
--
2.4.6
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists