1. 16 5月, 2017 1 次提交
    • O
      staging: speakup: add tty-based comms functions · 1ab92da3
      Okash Khawaja 提交于
      This adds spk_ttyio.c file. It contains a set of functions which implement
      those methods in spk_synth struct which relate to sending bytes out using
      serial comms. Implementations in this file perform the same function but
      using TTY subsystem instead. Currently synths access serial ports, directly
      poking standard ISA ports by trying to steal them from serial driver. Some ISA
      cards actually need this way of doing it, but most other synthesizers don't,
      and can actually work by using the proper TTY subsystem through a new N_SPEAKUP
      line discipline. So this adds the methods for drivers to switch to accessing
      serial ports through the TTY subsystem, whenever appropriate.
      Signed-off-by: NOkash Khawaja <okash.khawaja@gmail.com>
      Reviewed-by: NSamuel Thibault <samuel.thibault@ens-lyon.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1ab92da3
  2. 14 4月, 2017 1 次提交
    • G
      Revert "tty: don't panic on OOM in tty_set_ldisc()" · a8983d01
      Greg Kroah-Hartman 提交于
      This reverts commit 5362544b as it is
      reported to cause a reproducable crash.
      
      Fixes: 5362544b ("tty: don't panic on OOM in tty_set_ldisc()")
      Reported-by: NVegard Nossum <vegard.nossum@gmail.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: <syzkaller@googlegroups.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Jiri Slaby <jslaby@suse.com>
      Cc: Peter Hurley <peter@hurleysoftware.com>
      Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
      a8983d01
  3. 29 3月, 2017 1 次提交
  4. 17 3月, 2017 3 次提交
    • P
      tty: Fix ldisc crash on reopened tty · 71472fa9
      Peter Hurley 提交于
      If the tty has been hungup, the ldisc instance may have been destroyed.
      Continued input to the tty will be ignored as long as the ldisc instance
      is not visible to the flush_to_ldisc kworker. However, when the tty
      is reopened and a new ldisc instance is created, the flush_to_ldisc
      kworker can obtain an ldisc reference before the new ldisc is
      completely initialized. This will likely crash:
      
       BUG: unable to handle kernel paging request at 0000000000002260
       IP: [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80
       PGD 2ab581067 PUD 290c11067 PMD 0
       Oops: 0000 [#1] PREEMPT SMP
       Modules linked in: nls_iso8859_1 ip6table_filter [.....]
       CPU: 2 PID: 103 Comm: kworker/u16:1 Not tainted 4.6.0-rc7+wip-xeon+debug #rc7+wip
       Hardware name: Dell Inc. Precision WorkStation T5400  /0RW203, BIOS A11 04/30/2012
       Workqueue: events_unbound flush_to_ldisc
       task: ffff8802ad16d100 ti: ffff8802ad31c000 task.ti: ffff8802ad31c000
       RIP: 0010:[<ffffffff8152dc5d>]  [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80
       RSP: 0018:ffff8802ad31fc70  EFLAGS: 00010296
       RAX: 0000000000000000 RBX: ffff8802aaddd800 RCX: 0000000000000001
       RDX: 00000000ffffffff RSI: ffffffff810db48f RDI: 0000000000000246
       RBP: ffff8802ad31fd08 R08: 0000000000000000 R09: 0000000000000001
       R10: ffff8802aadddb28 R11: 0000000000000001 R12: ffff8800ba6da808
       R13: ffff8802ad18be80 R14: ffff8800ba6da858 R15: ffff8800ba6da800
       FS:  0000000000000000(0000) GS:ffff8802b0a00000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       CR2: 0000000000002260 CR3: 000000028ee5d000 CR4: 00000000000006e0
       Stack:
        ffffffff81531219 ffff8802aadddab8 ffff8802aadddde0 ffff8802aadddd78
        ffffffff00000001 ffff8800ba6da858 ffff8800ba6da860 ffff8802ad31fd30
        ffffffff81885f78 ffffffff81531219 0000000000000000 0000000200000000
       Call Trace:
        [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0
        [<ffffffff81885f78>] ? mutex_lock_nested+0x2c8/0x430
        [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0
        [<ffffffff8152e784>] n_tty_receive_buf2+0x14/0x20
        [<ffffffff81530cb2>] tty_ldisc_receive_buf+0x22/0x50
        [<ffffffff8153128e>] flush_to_ldisc+0xbe/0xd0
        [<ffffffff810a0ebd>] process_one_work+0x1ed/0x6e0
        [<ffffffff810a0e3f>] ? process_one_work+0x16f/0x6e0
        [<ffffffff810a13fe>] worker_thread+0x4e/0x490
        [<ffffffff810a13b0>] ? process_one_work+0x6e0/0x6e0
        [<ffffffff810a7ef2>] kthread+0xf2/0x110
        [<ffffffff810ae68c>] ? preempt_count_sub+0x4c/0x80
        [<ffffffff8188ab52>] ret_from_fork+0x22/0x50
        [<ffffffff810a7e00>] ? kthread_create_on_node+0x220/0x220
       Code: ff ff e8 27 a0 35 00 48 8d 83 78 05 00 00 c7 45 c0 00 00 00 00 48 89 45 80 48
             8d 83 e0 05 00 00 48 89 85 78 ff ff ff 48 8b 45 b8 <48> 8b b8 60 22 00 00 48
             8b 30 89 f8 8b 8b 88 04 00 00 29 f0 8d
       RIP  [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80
        RSP <ffff8802ad31fc70>
       CR2: 0000000000002260
      
      Ensure the kworker cannot obtain the ldisc reference until the new ldisc
      is completely initialized.
      
      Fixes: 892d1fa7 ("tty: Destroy ldisc instance on hangup")
      Reported-by: NMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: NPeter Hurley <peter@hurleysoftware.com>
      Signed-off-by: NMichael Neuling <mikey@neuling.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      71472fa9
    • D
      tty: fix data race in tty_ldisc_ref_wait() · a4a3e061
      Dmitry Vyukov 提交于
      tty_ldisc_ref_wait() checks tty->ldisc under tty->ldisc_sem.
      But if ldisc==NULL it releases them sem and reloads
      tty->ldisc without holding the sem. This is wrong and
      can lead to returning non-NULL ldisc without protection.
      
      Don't reload tty->ldisc second time.
      Signed-off-by: NDmitry Vyukov <dvyukov@google.com>
      Cc: syzkaller@googlegroups.com
      Cc: linux-kernel@vger.kernel.org
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Jiri Slaby <jslaby@suse.com>
      Cc: Peter Hurley <peter@hurleysoftware.com>
      Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a4a3e061
    • D
      tty: don't panic on OOM in tty_set_ldisc() · 5362544b
      Dmitry Vyukov 提交于
      If tty_ldisc_open() fails in tty_set_ldisc(), it tries to go back
      to the old discipline or N_TTY. But that can fail as well, in such
      case it panics. This is not a graceful way to handle OOM.
      
      Leave ldisc==NULL if all attempts fail instead.
      Also use existing tty_ldisc_reinit() helper function instead of
      tty_ldisc_restore(). Also don't WARN/BUG in tty_ldisc_reinit()
      if N_TTY fails, which would have the same net effect of bringing
      kernel down on OOM. Instead print a single line message about
      what has happened.
      Signed-off-by: NDmitry Vyukov <dvyukov@google.com>
      Cc: syzkaller@googlegroups.com
      Cc: linux-kernel@vger.kernel.org
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Jiri Slaby <jslaby@suse.com>
      Cc: Peter Hurley <peter@hurleysoftware.com>
      Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5362544b
  5. 28 1月, 2016 13 次提交
  6. 14 12月, 2015 3 次提交
    • P
      tty: Prevent ldisc drivers from re-using stale tty fields · dd42bf11
      Peter Hurley 提交于
      Line discipline drivers may mistakenly misuse ldisc-related fields
      when initializing. For example, a failure to initialize tty->receive_room
      in the N_GIGASET_M101 line discipline was recently found and fixed [1].
      Now, the N_X25 line discipline has been discovered accessing the previous
      line discipline's already-freed private data [2].
      
      Harden the ldisc interface against misuse by initializing revelant
      tty fields before instancing the new line discipline.
      
      [1]
          commit fd98e941
          Author: Tilman Schmidt <tilman@imap.cc>
          Date:   Tue Jul 14 00:37:13 2015 +0200
      
          isdn/gigaset: reset tty->receive_room when attaching ser_gigaset
      
      [2] Report from Sasha Levin <sasha.levin@oracle.com>
          [  634.336761] ==================================================================
          [  634.338226] BUG: KASAN: use-after-free in x25_asy_open_tty+0x13d/0x490 at addr ffff8800a743efd0
          [  634.339558] Read of size 4 by task syzkaller_execu/8981
          [  634.340359] =============================================================================
          [  634.341598] BUG kmalloc-512 (Not tainted): kasan: bad access detected
          ...
          [  634.405018] Call Trace:
          [  634.405277] dump_stack (lib/dump_stack.c:52)
          [  634.405775] print_trailer (mm/slub.c:655)
          [  634.406361] object_err (mm/slub.c:662)
          [  634.406824] kasan_report_error (mm/kasan/report.c:138 mm/kasan/report.c:236)
          [  634.409581] __asan_report_load4_noabort (mm/kasan/report.c:279)
          [  634.411355] x25_asy_open_tty (drivers/net/wan/x25_asy.c:559 (discriminator 1))
          [  634.413997] tty_ldisc_open.isra.2 (drivers/tty/tty_ldisc.c:447)
          [  634.414549] tty_set_ldisc (drivers/tty/tty_ldisc.c:567)
          [  634.415057] tty_ioctl (drivers/tty/tty_io.c:2646 drivers/tty/tty_io.c:2879)
          [  634.423524] do_vfs_ioctl (fs/ioctl.c:43 fs/ioctl.c:607)
          [  634.427491] SyS_ioctl (fs/ioctl.c:622 fs/ioctl.c:613)
          [  634.427945] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:188)
      
      Cc: Tilman Schmidt <tilman@imap.cc>
      Cc: Sasha Levin <sasha.levin@oracle.com>
      Signed-off-by: NPeter Hurley <peter@hurleysoftware.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      dd42bf11
    • P
      tty: Simplify tty_set_ldisc() exit handling · 63d8cb3f
      Peter Hurley 提交于
      Perform common exit for both successful and error exit handling
      in tty_set_ldisc(). Fixes unlikely possibility of failing to restart
      input kworker when switching to the same line discipline (noop case).
      Signed-off-by: NPeter Hurley <peter@hurleysoftware.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      63d8cb3f
    • D
      tty/tty_ldisc: Deinline tty_ldisc_put, save 368 bytes · cb128f69
      Denys Vlasenko 提交于
      This function compiles to 72 bytes of machine code.
      Signed-off-by: NDenys Vlasenko <dvlasenk@redhat.com>
      CC: Jiri Slaby <jslaby@suse.com>
      CC: linux-serial@vger.kernel.org
      Reviewed-by: NPeter Hurley <peter@hurleysoftware.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      cb128f69
  7. 21 11月, 2015 1 次提交
  8. 18 10月, 2015 1 次提交
  9. 24 7月, 2015 2 次提交
  10. 07 5月, 2015 1 次提交
  11. 07 11月, 2014 1 次提交
  12. 06 11月, 2014 8 次提交
  13. 08 1月, 2014 1 次提交
  14. 24 7月, 2013 3 次提交