| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Mar 2021 13:21:57 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [PATCH 5.10 098/102] tty: teach the n_tty ICANON case about the new "cookie continuations" too
From: Linus Torvalds <torvalds@...ux-foundation.org>
commit d7fe75cbc23c7d225eee2ef04def239b6603dce7 upstream.
The ICANON case is a bit messy, since it has to look for the line
ending, and has special code to then suppress line ending characters if
they match the __DISABLED_CHAR. So it actually looks up the line ending
even past the point where it knows it won't copy it to the result
buffer.
That said, apart from all those odd legacy N_TTY ICANON cases, the
actual "should we continue copying" logic isn't really all that
complicated or different from the non-canon case. In fact, the lack of
"wait for at least N characters" arguably makes the repeat case slightly
simpler. It really just boils down to "there's more of the line to be
copied".
So add the necessarily trivial logic, and now the N_TTY case will give
long result lines even when in canon mode.
Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
drivers/tty/n_tty.c | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -2009,21 +2009,22 @@ static bool copy_from_read_buf(struct tt
* read_tail published
*/
-static void canon_copy_from_read_buf(struct tty_struct *tty,
+static bool canon_copy_from_read_buf(struct tty_struct *tty,
unsigned char **kbp,
size_t *nr)
{
struct n_tty_data *ldata = tty->disc_data;
size_t n, size, more, c;
size_t eol;
- size_t tail;
+ size_t tail, canon_head;
int found = 0;
/* N.B. avoid overrun if nr == 0 */
if (!*nr)
- return;
+ return false;
- n = min(*nr + 1, smp_load_acquire(&ldata->canon_head) - ldata->read_tail);
+ canon_head = smp_load_acquire(&ldata->canon_head);
+ n = min(*nr + 1, canon_head - ldata->read_tail);
tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
@@ -2067,7 +2068,11 @@ static void canon_copy_from_read_buf(str
else
ldata->push = 0;
tty_audit_push();
+ return false;
}
+
+ /* No EOL found - do a continuation retry if there is more data */
+ return ldata->read_tail != canon_head;
}
/**
@@ -2138,8 +2143,13 @@ static ssize_t n_tty_read(struct tty_str
* termios_rwsem, and can just continue to copy data.
*/
if (*cookie) {
- if (copy_from_read_buf(tty, &kb, &nr))
- return kb - kbuf;
+ if (ldata->icanon && !L_EXTPROC(tty)) {
+ if (canon_copy_from_read_buf(tty, &kb, &nr))
+ return kb - kbuf;
+ } else {
+ if (copy_from_read_buf(tty, &kb, &nr))
+ return kb - kbuf;
+ }
/* No more data - release locks and stop retries */
n_tty_kick_worker(tty);
@@ -2236,7 +2246,8 @@ static ssize_t n_tty_read(struct tty_str
}
if (ldata->icanon && !L_EXTPROC(tty)) {
- canon_copy_from_read_buf(tty, &kb, &nr);
+ if (canon_copy_from_read_buf(tty, &kb, &nr))
+ goto more_to_be_read;
} else {
/* Deal with packet mode. */
if (packet && kb == kbuf) {
@@ -2254,6 +2265,7 @@ static ssize_t n_tty_read(struct tty_str
* will release them when done.
*/
if (copy_from_read_buf(tty, &kb, &nr) && kb - kbuf >= minimum) {
+more_to_be_read:
remove_wait_queue(&tty->read_wait, &wait);
*cookie = cookie;
return kb - kbuf;
Powered by blists - more mailing lists