- 28 Jan, 2016 6 commits
-
-
Peter Hurley authored
In canonical read mode, each line read and logged is pushed separately with tty_audit_push(). For all single-threaded processes and multi-threaded processes reading from only one tty, this patch has no effect; the last line read will still be the entry pushed to the audit log because the tty association cannot have changed between tty_audit_add_data() and tty_audit_push(). For multi-threaded processes reading from different ttys concurrently, the audit log will have mixed log entries anyway. Consider two ttys audited concurrently: CPU0 CPU1 ---------- ------------ tty_audit_add_data(ttyA) tty_audit_add_data(ttyB) tty_audit_push() tty_audit_add_data(ttyB) tty_audit_push() This patch will now cause the ttyB output to be split into separate audit log entries. However, this possibility is equally likely without this patch: CPU0 CPU1 ---------- ------------ tty_audit_add_data(ttyB) tty_audit_add_data(ttyA) tty_audit_push() tty_audit_add_data(ttyB) tty_audit_push() Mixed canonical and non-canonical reads have similar races. Signed-off-by:Peter Hurley <peter@hurleysoftware.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Peter Hurley authored
lock_task_sighand() is for situations where the struct task_struct* may disappear while trying to deref the sighand; this never applies to 'current'. Signed-off-by:
-
Peter Hurley authored
The tty audit buffer used to audit/record tty input is allocated on the process's first call to tty_audit_add_data(), and not freed until the process exits. On each call to tty_audit_add_data(), the current tty is compared (by major:minor) with the last tty associated with the audit buffer, and if the tty has changed the existing data is logged to the audit log. The audit buffer is then re-associated with the new tty. Currently, the audit buffer is immediately associated with the tty; however, the association must be re-checked when the buffer is locked prior to copying the tty input. This extra step is always necessary, since a concurrent read of a different tty by another thread of the process may have used the buffer in between allocation and buffer lock. Rather than associate the audit buffer with the tty at allocation, leave the buffer initially un-associated (null dev_t); simply let the re-association check also perform the initial association. Signed-off-by:
-
Peter Hurley authored
The tty termios bits cannot change while n_tty_read() is in the i/o loop; the termios_rwsem ensures mutual exclusion with termios changes in n_tty_set_termios(). Check L_ICANON() directly and eliminate icanon parameter. NB: tty_audit_add_data() => tty_audit_buf_get() => tty_audit_buf_alloc() is a single path; ie., tty_audit_buf_get() and tty_audit_buf_alloc() have no other callers. Signed-off-by:
-
Peter Hurley authored
tty audit never logs pty master reads, but packet mode only works for pty masters, so tty_audit_add_data() was never logging packet mode anyway. Don't audit packet mode data. As those are the lone call sites, remove tty_put_user(). Signed-off-by:
-
Peter Hurley authored
Reads from pty masters are not logged; early-out before taking locks. Signed-off-by:
-
- 27 Jan, 2016 34 commits
-
-
Peter Hurley authored
Access to tty->tty_files list is always per-tty, never for all ttys simultaneously. Replace global tty_files_lock spinlock with per-tty ->files_lock. Initialize when the ->tty_files list is inited, in alloc_tty_struct(). Signed-off-by:
-
Peter Hurley authored
The TTY_DEBUG macro is not used; remove. Signed-off-by:
-
Peter Hurley authored
Move is_ignored() to drivers/tty/tty_io.c and re-declare in file scope. Signed-off-by:
-
Peter Hurley authored
tty_read_raw_data() and tty_signal() no longer exist; remove declarations. Signed-off-by:
-
Peter Hurley authored
Reduce global tty symbols; move and rename tty_ldisc_begin() as n_tty_init() and redefine the N_TTY ldisc ops as file scope. Signed-off-by:
-
Peter Hurley authored
tty_mutex is a core, system-wide lock; there is no reason for any code outside the tty core to have direct access. Signed-off-by:
-
Peter Hurley authored
tty_ldisc_setup() is race-free and can reference tty->ldisc without snapshots. Signed-off-by:
-
Peter Hurley authored
The line discipline id is stored in the tty's termios; document the implicit initial value of N_TTY. Signed-off-by:
-
Peter Hurley authored
Currently, when the tty is hungup, the ldisc is re-instanced; ie., the current instance is destroyed and a new instance is created. The purpose of this design was to guarantee a valid, open ldisc for the lifetime of the tty. However, now that tty buffers are owned by and have lifetime equivalent to the tty_port (since v3.10), any data received immediately after the ldisc is re-instanced may cause continued driver i/o operations concurrently with the driver's hangup() operation. For drivers that shutdown h/w on hangup, this is unexpected and usually bad. For example, the serial core may free the xmit buffer page concurrently with an in-progress write() operation (triggered by echo). With the existing stable and robust ldisc reference handling, the cleaned-up tty_reopen(), the straggling unsafe ldisc use cleaned up, and the preparation to properly handle a NULL tty->ldisc, the ldisc instance can be destroyed and only re-instanced when the tty is re-opened. If the tty was opened as /dev/console or /dev/tty0, the original behavior of re-instancing the ldisc is retained (the 'reinit' parameter to tty_ldisc_hangup() is true). This is required since those file descriptors are never hungup. This patch has neglible impact on userspace; the tty file_operations ptr is changed to point to the hungup file operations _before_ the ldisc instance is destroyed, so only racing file operations might now retrieve a NULL ldisc reference (which is simply handled as if the hungup file operation had been called instead -- see "tty: Prepare for destroying line discipline on hangup"). This resolves a long-standing FIXME and several crash reports. Signed-off-by:
-
Peter Hurley authored
At tty hangup, the line discipline instance is reinitialized by closing the current ldisc instance and opening a new instance. This operation is complicated by error recovery: if the attempt to reinit the current line discipline fails, the line discipline is reset to N_TTY (which should not but can fail). Re-purpose tty_ldisc_reinit() to return a valid, open line discipline instance, or otherwise, an error. Signed-off-by:
-
Peter Hurley authored
tty->ldisc is a ptr to struct tty_ldisc, but unfortunately 'ldisc' is also used as a parameter or local name to refer to the line discipline index value (ie, N_TTY, N_GSM, etc.); instead prefer the name used by the line discipline registration/ref counting functions. Signed-off-by:
-
Peter Hurley authored
In preparation for destroying the line discipline instance on hangup, move tty_ldisc_kill() to eliminate needless forward declarations. No functional change. Signed-off-by:
-
Peter Hurley authored
In preparation of destroying line discipline on hangup, fix ldisc core operations to properly handle when the tty's ldisc is NULL. Signed-off-by:
-
Peter Hurley authored
tty file_operations (read/write/ioctl) wait for the ldisc reference indefinitely (until ldisc lifetime events, such as hangup or TIOCSETD, finish). Since hangup now destroys the ldisc and does not instance another copy, file_operations must now be prepared to receive a NULL ldisc reference from tty_ldisc_ref_wait(): CPU 0 CPU 1 ----- ----- (*f_op->read)() => tty_read() __tty_hangup() ... f_op = &hung_up_tty_fops; ... tty_ldisc_hangup() tty_ldisc_lock() tty_ldisc_kill() tty->ldisc = NULL tty_ldisc_unlock() ld = tty_ldisc_ref_wait() /* ld == NULL */ Instead, the action taken now is to return the same value as if the tty had been hungup a moment earlier: CPU 0 CPU 1 ----- ----- __tty_hangup() ... f_op = &hung_up_tty_fops; (*f_op->read)() => hung_up_tty_read() return 0; ... tty_ldisc_hangup() tty_ldisc_lock() tty_ldisc_kill() tty->ldisc = NULL tty_ldisc_unlock() Signed-off-by: -
Peter Hurley authored
tty_ldisc_kill() sets tty->ldisc to NULL; _not_ to N_TTY with a valid but unopened ldisc. Fix function header documentation. Signed-off-by:
-
Peter Hurley authored
tty_ldisc_get() returns ERR_PTR() values if unsuccessful, not NULL; fix function header documentation. Signed-off-by:
-
Peter Hurley authored
After the ldisc is released, but before the tty is destroyed, the termios is saved (in tty_free_termios()); this termios is restored if a new tty is created on next open(). However, the line discipline is always reset, which is not obvious in the current method. Instead, reset as part of the restore. Restore the original line discipline, which may not have been N_TTY. Signed-off-by:
-
Peter Hurley authored
The chars_in_buffer() line discipline method serves no functional purpose, other than as a (dubious) debugging aid for mostly bit-rotting drivers. Despite being documented as an optional method, every caller is unconditionally executed (although conditionally compiled). Furthermore, direct tty->ldisc access without an ldisc ref is unsafe. Lastly, N_TTY's chars_in_buffer() has warned of removal since 3.12. Signed-off-by:
-
Peter Hurley authored
The N_NCI ldisc does not define a flush_buffer() ldisc method, so the check when opening the ldisc is always false. Signed-off-by:
-
Peter Hurley authored
As the #warning indicates, the open-coded ldisc reset was always not ok. Not only is this code long dead, but now it would have no effect as the ldisc is destroyed when this driver's close() method returns; remove. Signed-off-by:
-
Peter Hurley authored
The open-coded tty_wakeup()s are attempts to workaround fixed bugs in the line discipline write_wakeup() method. Replace with tty_wakeup(). Signed-off-by:
-
Peter Hurley authored
Extract the driver lookup and reopen-or-initialize logic into helper function tty_open_by_driver(). No functional change. Signed-off-by:
-
Peter Hurley authored
Evaluate the conditions which prevent this tty being the controlling terminal in one place, just before setting the controlling terminal. Signed-off-by:
-
Peter Hurley authored
The tty lock/unlock code does not belong in the special lockfunc section which is treated specially by stack backtraces. Signed-off-by:
-
Peter Hurley authored
The tty core invokes the optional driver shutdown() just before the optional driver remove() (shutdown() has access to the termios and remove() does not). Because pty drivers must prevent the default remove() action, the Unix98 pty drivers define a dummy remove() function. Instead, release the slave index in the remove() method and delete the optional shutdown() method. Signed-off-by:
-
Peter Hurley authored
tty_driver_remove_tty() is only local-scope; declare as static. Signed-off-by:
-
Peter Hurley authored
tty_init_termios() never returns an error; re-declare as void. Remove unnecessary error handling from callers. Remove extern declarations of tty_free_termios() and free_tty_struct() and re-declare in file scope. Signed-off-by:
Johan Hovold <johan@kernel.org> Signed-off-by:
-
Peter Hurley authored
free_tty_struct() is never called with NULL tty; the two call sites would already have faulted on earlier access. Signed-off-by:
-
Peter Hurley authored
release_tty() leaks the ldisc instance when called directly (rather than when releasing the file descriptor from tty_release()). Since tty_ldisc_release() clears tty->ldisc, releasing the ldisc instance at tty teardown if tty->ldisc is non-null is not in danger of double-releasing the ldisc. Remove deinitialize_tty_struct() now that free_tty_struct() always performs the tty_ldisc_deinit(). Signed-off-by:
-
Peter Hurley authored
As the function documentation for tty_ldisc_ref_wait() notes, it is only callable from a tty file_operations routine; otherwise there is no guarantee the ref won't be NULL. The key difference with the VT's paste_selection() is that is an ioctl, where __speakup_paste_selection() is completely async kworker, kicked off from interrupt context. Fixes: 28a821c3 ("Staging: speakup: Update __speakup_paste_selection() tty (ab)usage to match vt") Cc: <stable@vger.kernel.org> Signed-off-by:
-
Peter Hurley authored
Although n_tty_check_unthrottle() has a valid ldisc reference (since the tty core gets the ldisc ref in tty_read() before calling the line discipline read() method), it does not have a valid ldisc reference to the "other" pty of a pty pair. Since getting an ldisc reference for tty->link essentially open-codes tty_wakeup(), just replace with the equivalent tty_wakeup(). Cc: <stable@vger.kernel.org> Signed-off-by:
-
Peter Hurley authored
ioctl(TIOCGETD) retrieves the line discipline id directly from the ldisc because the line discipline id (c_line) in termios is untrustworthy; userspace may have set termios via ioctl(TCSETS*) without actually changing the line discipline via ioctl(TIOCSETD). However, directly accessing the current ldisc via tty->ldisc is unsafe; the ldisc ptr dereferenced may be stale if the line discipline is changing via ioctl(TIOCSETD) or hangup. Wait for the line discipline reference (just like read() or write()) to retrieve the "current" line discipline id. Cc: <stable@vger.kernel.org> Signed-off-by:
-
Peter Hurley authored
A small window exists where a tty reopen will observe the tty just prior to imminent teardown (tty->count == 0); in this case, open() returns EIO to userspace. Instead, retry the open after checking for signals and yielding; this interruptible retry loop allows teardown to commence and initialize a new tty on retry. Never retry the BSD master pty reopen; there is no guarantee the pty pair teardown is imminent since the slave file descriptors may remain open indefinitely. Signed-off-by:
-
Peter Hurley authored
Allow a signal to interrupt the wait for a tty reopen; eg., if the tty has starting final close and is waiting for the device to drain. Signed-off-by:
-
