• Alan Cox's avatar
    n_tty: Fix echo race · 80770884
    Alan Cox authored
    If a tty in N_TTY mode with echo enabled manages to get itself into a state
    where
    	- echo characters are pending
    	- FASYNC is enabled
    	- tty_write_wakeup is called from either
    		- a device write path (pty)
    		- an IRQ (serial)
    
    then it either deadlocks or explodes taking a mutex in the IRQ path.
    
    On the serial side it is almost impossible to reproduce because you have to
    go from a full serial port to a near empty one with echo characters
    pending. The pty case happens to have become possible to trigger using
    emacs and ptys, the pty changes having created a scenario which shows up
    this bug.
    
    The code path is
    
    	n_tty:process_echoes() (takes mutex)
    	tty_io:tty_put_char()
    	pty:pty_write  (or serial paths)
    	tty_wakeup     (from pty_write or serial IRQ)
    	n_tty_write_wakeup()
    	process_echoes()
    	*KABOOM*
    Signed-off-by: default avatarAlan Cox <alan@linux.intel.com>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    80770884
n_tty.c 50.8 KB