From 8d2ead743dd54dff1fe3d0f4933e5da8bfe07472 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Tue, 16 Jun 2009 17:00:26 +0100 Subject: tty: Fix leaks introduced by the shift to separate ldisc objects Gold star for the kmemleak detector. Signed-off-by: Alan Cox Signed-off-by: Linus Torvalds --- drivers/char/tty_ldisc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'drivers/char') diff --git a/drivers/char/tty_ldisc.c b/drivers/char/tty_ldisc.c index 39c8f86dedd..94b3e06d73e 100644 --- a/drivers/char/tty_ldisc.c +++ b/drivers/char/tty_ldisc.c @@ -148,8 +148,10 @@ static struct tty_ldisc *tty_ldisc_try_get(int disc) } } spin_unlock_irqrestore(&tty_ldisc_lock, flags); - if (err) + if (err) { + kfree(ld); return ERR_PTR(err); + } return ld; } @@ -262,7 +264,7 @@ const struct file_operations tty_ldiscs_proc_fops = { * @ld: line discipline * * Install an instance of a line discipline into a tty structure. The - * ldisc must have a reference count above zero to ensure it remains/ + * ldisc must have a reference count above zero to ensure it remains. * The tty instance refcount starts at zero. * * Locking: -- cgit v1.2.3 From 52856ed732aeab5e8e0b7c9e2a7a3d31736218ab Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Tue, 16 Jun 2009 17:00:40 +0100 Subject: ldisc: Make sure the ldisc isn't active when we close it Signed-off-by: Alan Cox Signed-off-by: Linus Torvalds --- drivers/char/tty_ldisc.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'drivers/char') diff --git a/drivers/char/tty_ldisc.c b/drivers/char/tty_ldisc.c index 94b3e06d73e..874c2486c03 100644 --- a/drivers/char/tty_ldisc.c +++ b/drivers/char/tty_ldisc.c @@ -793,6 +793,8 @@ void tty_ldisc_hangup(struct tty_struct *tty) /* Avoid racing set_ldisc */ mutex_lock(&tty->ldisc_mutex); /* Switch back to N_TTY */ + tty_ldisc_halt(tty); + tty_ldisc_wait_idle(tty); tty_ldisc_reinit(tty); /* At this point we have a closed ldisc and we want to reopen it. We could defer this to the next open but -- cgit v1.2.3 From 677ca3060c474d7d89941948e32493d9c18c52d2 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Tue, 16 Jun 2009 17:00:53 +0100 Subject: ldisc: debug aids Signed-off-by: Linus Torvalds --- drivers/char/tty_ldisc.c | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers/char') diff --git a/drivers/char/tty_ldisc.c b/drivers/char/tty_ldisc.c index 874c2486c03..a19e935847b 100644 --- a/drivers/char/tty_ldisc.c +++ b/drivers/char/tty_ldisc.c @@ -207,6 +207,7 @@ static void tty_ldisc_put(struct tty_ldisc *ld) ldo->refcount--; module_put(ldo->owner); spin_unlock_irqrestore(&tty_ldisc_lock, flags); + WARN_ON(ld->refcount); kfree(ld); } -- cgit v1.2.3 From 5dca607bcf10d3f08d07ffeac664c6769c336145 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Tue, 16 Jun 2009 17:01:02 +0100 Subject: tty: fix unused warning when TCGETX is not defined MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If TCGETX is not defined, we end up with this warning: drivers/char/tty_ioctl.c: In function ‘tty_mode_ioctl’: drivers/char/tty_ioctl.c:950: warning: unused variable ‘ktermx’ Since the variable is only used in one case statement, push it down to the local case scope. Signed-off-by: Mike Frysinger Signed-off-by: Alan Cox Signed-off-by: Linus Torvalds --- drivers/char/tty_ioctl.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'drivers/char') diff --git a/drivers/char/tty_ioctl.c b/drivers/char/tty_ioctl.c index 8116bb1c8f8..b24f6c6a1ea 100644 --- a/drivers/char/tty_ioctl.c +++ b/drivers/char/tty_ioctl.c @@ -947,7 +947,6 @@ int tty_mode_ioctl(struct tty_struct *tty, struct file *file, void __user *p = (void __user *)arg; int ret = 0; struct ktermios kterm; - struct termiox ktermx; if (tty->driver->type == TTY_DRIVER_TYPE_PTY && tty->driver->subtype == PTY_TYPE_MASTER) @@ -1049,7 +1048,8 @@ int tty_mode_ioctl(struct tty_struct *tty, struct file *file, return ret; #endif #ifdef TCGETX - case TCGETX: + case TCGETX: { + struct termiox ktermx; if (real_tty->termiox == NULL) return -EINVAL; mutex_lock(&real_tty->termios_mutex); @@ -1058,6 +1058,7 @@ int tty_mode_ioctl(struct tty_struct *tty, struct file *file, if (copy_to_user(p, &ktermx, sizeof(struct termiox))) ret = -EFAULT; return ret; + } case TCSETX: return set_termiox(real_tty, p, 0); case TCSETXW: -- cgit v1.2.3 From 762faaed91e4ea4a3c34bc58f3221d9487acb470 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Tue, 16 Jun 2009 17:01:13 +0100 Subject: pty: Narrow the race on ldisc locking The pty code has always been buggy on its ldisc handling. The recent changes made the window for the race much bigger. Pending fixing it properly which is not at all trivial, at least make the race small again so we don't disrupt other dev work. Signed-off-by: Alan Cox Signed-off-by: Linus Torvalds --- drivers/char/pty.c | 53 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 40 insertions(+), 13 deletions(-) (limited to 'drivers/char') diff --git a/drivers/char/pty.c b/drivers/char/pty.c index 5acd29e6e04..daebe1ba43d 100644 --- a/drivers/char/pty.c +++ b/drivers/char/pty.c @@ -95,23 +95,34 @@ static void pty_unthrottle(struct tty_struct *tty) * a count. * * FIXME: Our pty_write method is called with our ldisc lock held but - * not our partners. We can't just take the other one blindly without - * risking deadlocks. + * not our partners. We can't just wait on the other one blindly without + * risking deadlocks. At some point when everything has settled down we need + * to look into making pty_write at least able to sleep over an ldisc change. + * + * The return on no ldisc is a bit counter intuitive but the logic works + * like this. During an ldisc change the other end will flush its buffers. We + * thus return the full length which is identical to the case where we had + * proper locking and happened to queue the bytes just before the flush during + * the ldisc change. */ static int pty_write(struct tty_struct *tty, const unsigned char *buf, int count) { struct tty_struct *to = tty->link; - int c; + struct tty_ldisc *ld; + int c = count; if (!to || tty->stopped) return 0; - - c = to->receive_room; - if (c > count) - c = count; - to->ldisc->ops->receive_buf(to, buf, NULL, c); - + ld = tty_ldisc_ref(to); + + if (ld) { + c = to->receive_room; + if (c > count) + c = count; + ld->ops->receive_buf(to, buf, NULL, c); + tty_ldisc_deref(ld); + } return c; } @@ -145,14 +156,23 @@ static int pty_write_room(struct tty_struct *tty) static int pty_chars_in_buffer(struct tty_struct *tty) { struct tty_struct *to = tty->link; - int count; + struct tty_ldisc *ld; + int count = 0; /* We should get the line discipline lock for "tty->link" */ - if (!to || !to->ldisc->ops->chars_in_buffer) + if (!to) + return 0; + /* We cannot take a sleeping reference here without deadlocking with + an ldisc change - but it doesn't really matter */ + ld = tty_ldisc_ref(to); + if (ld == NULL) return 0; /* The ldisc must report 0 if no characters available to be read */ - count = to->ldisc->ops->chars_in_buffer(to); + if (ld->ops->chars_in_buffer) + count = ld->ops->chars_in_buffer(to); + + tty_ldisc_deref(ld); if (tty->driver->subtype == PTY_TYPE_SLAVE) return count; @@ -182,12 +202,19 @@ static void pty_flush_buffer(struct tty_struct *tty) { struct tty_struct *to = tty->link; unsigned long flags; + struct tty_ldisc *ld; if (!to) return; + ld = tty_ldisc_ref(to); + + /* The other end is changing discipline */ + if (!ld) + return; - if (to->ldisc->ops->flush_buffer) + if (ld->ops->flush_buffer) to->ldisc->ops->flush_buffer(to); + tty_ldisc_deref(ld); if (to->packet) { spin_lock_irqsave(&tty->ctrl_lock, flags); -- cgit v1.2.3 From 1aa4bed82a684308f54bf782cffaecd4b1dc3cf4 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Tue, 16 Jun 2009 17:01:33 +0100 Subject: tty: fix sanity check The WARN_ON() that was added to tty_reopen can be triggered in the specific case of a hangup occurring during a re-open of a tty which is not in the middle of being otherwise closed. In that case however the WARN() is bogus as we don't hold the neccessary locks to make a correct decision. The case we should be checking is "if the ldisc is not changing and reopen is occuring". We could drop the WARN_ON but for the moment the debug is more valuable even if it means taking a mutex as it will find any other cases. Signed-off-by: Alan Cox Signed-off-by: Linus Torvalds --- drivers/char/tty_io.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'drivers/char') diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c index 939e198d767..a3afa0c387c 100644 --- a/drivers/char/tty_io.c +++ b/drivers/char/tty_io.c @@ -1263,7 +1263,9 @@ static int tty_reopen(struct tty_struct *tty) tty->count++; tty->driver = driver; /* N.B. why do this every time?? */ + mutex_lock(&tty->ldisc_mutex); WARN_ON(!test_bit(TTY_LDISC, &tty->flags)); + mutex_unlock(&tty->ldisc_mutex); return 0; } -- cgit v1.2.3