From a1bf9584429d61b7096f93ae09325e1ba538e9e8 Mon Sep 17 00:00:00 2001 From: Ilya Zykov Date: Wed, 16 Jan 2013 13:07:50 +0400 Subject: tty: Add driver unthrottle in ioctl(...,TCFLSH,..). Regression 'tty: fix "IRQ45: nobody cared"' Regression commit 7b292b4bf9a9d6098440d85616d6ca4c608b8304 Function reset_buffer_flags() also invoked during the ioctl(...,TCFLSH,..). At the time of request we can have full buffers and throttled driver too. If we don't unthrottle driver, we can get forever throttled driver, because, after request, we will have empty buffers and throttled driver and there is no place to unthrottle driver. It simple reproduce with "pty" pair then one side sleep on tty->write_wait, and other side do ioctl(...,TCFLSH,..). Then there is no place to do writers wake up. Signed-off-by: Ilya Zykov Cc: Alan Cox Signed-off-by: Greg Kroah-Hartman --- drivers/tty/tty_ioctl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'drivers/tty/tty_ioctl.c') diff --git a/drivers/tty/tty_ioctl.c b/drivers/tty/tty_ioctl.c index 8481b29d5b3a..cc0fc52787c7 100644 --- a/drivers/tty/tty_ioctl.c +++ b/drivers/tty/tty_ioctl.c @@ -1096,12 +1096,16 @@ int tty_perform_flush(struct tty_struct *tty, unsigned long arg) ld = tty_ldisc_ref_wait(tty); switch (arg) { case TCIFLUSH: - if (ld && ld->ops->flush_buffer) + if (ld && ld->ops->flush_buffer) { ld->ops->flush_buffer(tty); + tty_unthrottle(tty); + } break; case TCIOFLUSH: - if (ld && ld->ops->flush_buffer) + if (ld && ld->ops->flush_buffer) { ld->ops->flush_buffer(tty); + tty_unthrottle(tty); + } /* fall through */ case TCOFLUSH: tty_driver_flush_buffer(tty); -- cgit v1.2.3 From 183d95cdd834381c594d3aa801c1f9f9c0c54fa9 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov Date: Tue, 29 Jan 2013 20:07:41 +0100 Subject: tty: set_termios/set_termiox should not return -EINTR See https://bugzilla.redhat.com/show_bug.cgi?id=904907 read command causes bash to abort with double free or corruption (out). A simple test-case from Roman: // Compile the reproducer and send sigchld ti that process. // EINTR occurs even if SA_RESTART flag is set. void handler(int sig) { } main() { struct sigaction act; act.sa_handler = handler; act.sa_flags = SA_RESTART; sigaction (SIGCHLD, &act, 0); struct termio ttp; ioctl(0, TCGETA, &ttp); while(1) { if (ioctl(0, TCSETAW, ttp) < 0) { if (errno == EINTR) { fprintf(stderr, "BUG!"); return(1); } } } } Change set_termios/set_termiox to return -ERESTARTSYS to fix this particular problem. I didn't dare to change other EINTR's in drivers/tty/, but they look equally wrong. Reported-by: Roman Rakus Reported-by: Lingzhu Xiang Signed-off-by: Oleg Nesterov Cc: Jiri Slaby Cc: stable Signed-off-by: Greg Kroah-Hartman --- drivers/tty/tty_ioctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers/tty/tty_ioctl.c') diff --git a/drivers/tty/tty_ioctl.c b/drivers/tty/tty_ioctl.c index cc0fc52787c7..d58b92cc187c 100644 --- a/drivers/tty/tty_ioctl.c +++ b/drivers/tty/tty_ioctl.c @@ -617,7 +617,7 @@ static int set_termios(struct tty_struct *tty, void __user *arg, int opt) if (opt & TERMIOS_WAIT) { tty_wait_until_sent(tty, 0); if (signal_pending(current)) - return -EINTR; + return -ERESTARTSYS; } tty_set_termios(tty, &tmp_termios); @@ -684,7 +684,7 @@ static int set_termiox(struct tty_struct *tty, void __user *arg, int opt) if (opt & TERMIOS_WAIT) { tty_wait_until_sent(tty, 0); if (signal_pending(current)) - return -EINTR; + return -ERESTARTSYS; } mutex_lock(&tty->termios_mutex); -- cgit v1.2.3