From: Peter Hurley <peter@hurleysoftware.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jslaby@suse.cz>,
linux-kernel@vger.kernel.org, linux-serial@vger.kernel.org,
One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
Peter Hurley <peter@hurleysoftware.com>
Subject: [PATCH -next 6/9] pty: Fix packet mode setting race
Date: Thu, 16 Oct 2014 15:33:27 -0400 [thread overview]
Message-ID: <1413488010-16885-7-git-send-email-peter@hurleysoftware.com> (raw)
In-Reply-To: <1413488010-16885-1-git-send-email-peter@hurleysoftware.com>
Because pty_set_pktmode() does not claim the slave's ctrl_lock
to clear ->ctrl_status (to avoid unnecessary lock nesting),
pty_set_pktmode() may accidentally erase new ->ctrl_status updates.
For example,
CPU 0 | CPU 1
pty_set_pktmode() | pty_start()
spin_lock(master's ctrl_lock) |
tty->packet = 1 |
| if (tty->link->packet)
| spin_lock(slave's ctrl_lock)
| tty->ctrl_status = TIOCPKT_START
tty->link->ctrl_status = 0 |
Ensure the clear of ->ctrl_status occurs before packet mode is set
(and observable on another cpu).
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
---
drivers/tty/pty.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
index e554393..bcec4c7 100644
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
@@ -186,8 +186,9 @@ static int pty_set_pktmode(struct tty_struct *tty, int __user *arg)
spin_lock_irq(&tty->ctrl_lock);
if (pktmode) {
if (!tty->packet) {
- tty->packet = 1;
tty->link->ctrl_status = 0;
+ smp_mb();
+ tty->packet = 1;
}
} else
tty->packet = 0;
--
2.1.1
next prev parent reply other threads:[~2014-10-16 19:35 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-16 19:33 [PATCH -next 0/9] pty fixes Peter Hurley
2014-10-16 19:33 ` [PATCH -next 1/9] tty: WARN for attempted set_termios() of pty master Peter Hurley
2014-10-16 19:33 ` [PATCH -next 2/9] tty: Move pty-specific set_termios() handling to pty driver Peter Hurley
2014-10-16 19:33 ` [PATCH -next 3/9] pty: Use spin_lock_irq() for pty_set_termios() Peter Hurley
2014-10-16 19:33 ` [PATCH -next 4/9] tty: Use spin_lock_irq() for ctrl_lock when interrupts enabled Peter Hurley
2014-10-16 19:33 ` [PATCH -next 5/9] pty: Don't claim slave's ctrl_lock for master's packet mode Peter Hurley
2014-10-16 19:33 ` Peter Hurley [this message]
2014-10-16 19:33 ` [PATCH -next 7/9] pty: Hold ctrl_lock for packet mode updates Peter Hurley
2014-10-16 19:33 ` [PATCH -next 8/9] tty: Fix missed wakeup from packet mode status update Peter Hurley
2014-10-16 19:33 ` [PATCH -next 9/9] n_tty: Only process packet mode data in raw mode Peter Hurley
2014-10-22 15:37 ` [PATCH -next 0/9] pty fixes One Thousand Gnomes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1413488010-16885-7-git-send-email-peter@hurleysoftware.com \
--to=peter@hurleysoftware.com \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-serial@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox