| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z3gTmicJVLA1tFq5@pathway.suse.cz>
Date: Fri, 3 Jan 2025 17:43:06 +0100
From: Petr Mladek <pmladek@...e.com>
To: John Ogness <john.ogness@...utronix.de>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jiri Slaby <jirislaby@...nel.org>,
Sergey Senozhatsky <senozhatsky@...omium.org>,
Steven Rostedt <rostedt@...dmis.org>,
Thomas Gleixner <tglx@...utronix.de>,
Esben Haabendal <esben@...nix.com>, linux-serial@...r.kernel.org,
linux-kernel@...r.kernel.org,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Matt Turner <mattst88@...il.com>, Tony Lindgren <tony@...mide.com>,
Arnd Bergmann <arnd@...db.de>,
Niklas Schnelle <schnelle@...ux.ibm.com>,
Serge Semin <fancer.lancer@...il.com>
Subject: Re: [PATCH tty-next v4 5/6] serial: 8250: Switch to nbcon console
On Fri 2024-12-27 23:51:21, John Ogness wrote:
> Implement the necessary callbacks to switch the 8250 console driver
> to perform as an nbcon console.
>
> Add implementations for the nbcon console callbacks:
>
> ->write_atomic()
> ->write_thread()
> ->device_lock()
> ->device_unlock()
>
> and add CON_NBCON to the initial @flags.
>
> All register access in the callbacks are within unsafe sections.
> The ->write_atomic and ->write_therad() callbacks allow safe
> handover/takeover per byte and add a preceding newline if they
> take over from another context mid-line.
>
> For the ->write_atomic() callback, a new irq_work is used to defer
> modem control since it may be called from a context that does not
> allow waking up tasks.
>
> Note: A new __serial8250_clear_IER() is introduced for direct
> clearing of UART_IER. This will allow to restore the lockdep
> check to serial8250_clear_IER() in a follow-up commit.
>
> --- a/drivers/tty/serial/8250/8250_port.c
> +++ b/drivers/tty/serial/8250/8250_port.c
> @@ -1406,9 +1416,6 @@ void serial8250_em485_stop_tx(struct uart_8250_port *p, bool toggle_ier)
> {
> unsigned char mcr = serial8250_in_MCR(p);
>
> - /* Port locked to synchronize UART_IER access against the console. */
> - lockdep_assert_held_once(&p->port.lock);
We should explain why it is OK to move the assert.
IMHO, most poeple would not understand the port lock is needed only
for UART_IER manipulation and not for UART_MCR manipulation.
We should probably explain that even the UART_MCR manipulation
is synchronized either by the port lock or by nbcon context
ownership. Where the nbcon context owner ship actually provides
synchronization against the port lock in all situations
except for the final unsafe flush in panic().
In the ideal world it would be nice to check the nbcon context
ownership. But it would require passing struct nbcon_write_context
which does not fit well in this low level API.
A comment might be enough.
Or do I miss something?
> -
> if (p->port.rs485.flags & SER_RS485_RTS_AFTER_SEND)
> mcr |= UART_MCR_RTS;
> else
> @@ -3339,14 +3356,21 @@ static void serial8250_console_restore(struct uart_8250_port *up)
> serial8250_out_MCR(up, up->mcr | UART_MCR_DTR | UART_MCR_RTS);
> }
>
> -static void fifo_wait_for_lsr(struct uart_8250_port *up, unsigned int count)
> +static int fifo_wait_for_lsr(struct uart_8250_port *up,
> + struct nbcon_write_context *wctxt,
> + unsigned int count)
> {
> unsigned int i;
>
> for (i = 0; i < count; i++) {
This would deserve a comment. The following comes to my mind:
/*
* Pass the ownership as quickly as possible to a higher
* priority context. Otherwise, its attempt to take
* over the ownership might timeout. The new owner
* will wait for lsr before reusing the fifo.
*/
> + if (!nbcon_can_proceed(wctxt))
> + return -EPERM;
> +
> if (wait_for_lsr(up, UART_LSR_THRE))
> - return;
> + return 0;
> }
> +
> + return -ETIMEDOUT;
> }
>
> /*
> @@ -3356,18 +3380,20 @@ static void fifo_wait_for_lsr(struct uart_8250_port *up, unsigned int count)
> * to get empty.
> */
> static void serial8250_console_fifo_write(struct uart_8250_port *up,
> - const char *s, unsigned int count)
> + struct nbcon_write_context *wctxt)
> {
> - const char *end = s + count;
> unsigned int fifosize = up->tx_loadsz;
> struct uart_port *port = &up->port;
> + const char *s = wctxt->outbuf;
> + const char *end = s + wctxt->len;
> unsigned int tx_count = 0;
> bool cr_sent = false;
> unsigned int i;
>
> while (s != end) {
> /* Allow timeout for each byte of a possibly full FIFO */
> - fifo_wait_for_lsr(up, fifosize);
> + if (fifo_wait_for_lsr(up, wctxt, fifosize) == -EPERM)
> + return;
>
> for (i = 0; i < fifosize && s != end; ++i) {
> if (*s == '\n' && !cr_sent) {
We might want to check nbcon_can_proceed() after each character.
I think that you have already suggested this in the reply to Andy.
But maybe, it is not that important because filling the FIFO buffer is
probably fast.
> --- a/include/linux/serial_8250.h
> +++ b/include/linux/serial_8250.h
> @@ -150,8 +150,12 @@ struct uart_8250_port {
> #define LSR_SAVE_FLAGS UART_LSR_BRK_ERROR_BITS
> u16 lsr_saved_flags;
> u16 lsr_save_mask;
> +
> + bool console_line_ended; /* line fully output */
I agree with Andy that the comment is confusing. I am sorry if it was
my proposal ;-)
I wonder if the following is better:
bool console_line_ended; /* finished writing full line */
> +
> #define MSR_SAVE_FLAGS UART_MSR_ANY_DELTA
> unsigned char msr_saved_flags;
> + struct irq_work modem_status_work;
>
> struct uart_8250_dma *dma;
> const struct uart_8250_ops *ops;
Otherwise, it looks good. Well, I might want to double check it
on Monday morning.
Best Regards,
Petr
Powered by blists - more mailing lists