From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg KH Subject: Re: [GIT PULL] TTY/Serial driver fixes for 4.11-rc4 Date: Wed, 31 May 2017 20:16:12 +0900 Message-ID: <20170531111612.GA6332@kroah.com> References: <20170413183403.GA16022@kroah.com> <20170414123029.GA17217@kroah.com> <20170503120101.GA21119@kroah.com> <20170530130905.382487d5@alans-desktop> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org To: Dmitry Vyukov Cc: Alan Cox , Vegard Nossum , Linus Torvalds , Jiri Slaby , Andrew Morton , LKML , linux-serial List-Id: linux-serial@vger.kernel.org On Wed, May 31, 2017 at 10:39:23AM +0200, Dmitry Vyukov wrote: > On Tue, May 30, 2017 at 2:09 PM, Alan Cox wrote: > >> >> I'll think about possible solutions, but I have no prior experience > >> >> with the tty code. In the meantime syzkaller also hit a couple of > >> >> other fun tty/pty bugs including a write/ioctl race that results in > >> >> buffer overflow :-/ > > > > There are several of those, including some of that have been documented > > for years but nobody ever volunteered to fix - in particular all the > > interfaces that push characters to the tty other than via the normal > > interrupt receive path are dodgy (console selection in particular) > > > > The original tty model btw was that setting the ldisc to n_tty cannot > > fail, and the structure allocated was smaller than a page size so was > > safe. > > > > The simple way to fix it is to restore that behaviour by adding a 'null' > > ldisc that we can fail to instead of N_TTY since the N_TTY failback path > > is long broken. > > Greg, what do you think about this patch? Are you ready to accept > something like this? > Definitely shorter than changing all drivers. Yes, it looks reasonable to me.