From: "D. Starke" <daniel.starke@siemens.com>
To: linux-serial@vger.kernel.org, gregkh@linuxfoundation.org,
jirislaby@kernel.org
Cc: linux-kernel@vger.kernel.org, Daniel Starke <daniel.starke@siemens.com>
Subject: [PATCH 17/20] tty: n_gsm: fix reset fifo race condition
Date: Thu, 14 Apr 2022 02:42:22 -0700 [thread overview]
Message-ID: <20220414094225.4527-17-daniel.starke@siemens.com> (raw)
In-Reply-To: <20220414094225.4527-1-daniel.starke@siemens.com>
From: Daniel Starke <daniel.starke@siemens.com>
gsmtty_write() and gsm_dlci_data_output() properly guard the fifo access.
However, gsm_dlci_close() and gsmtty_flush_buffer() modifies the fifo but
do not guard this.
Add a guard here to prevent race conditions on parallel writes to the fifo.
Fixes: e1eaea46bb40 ("tty: n_gsm line discipline")
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Starke <daniel.starke@siemens.com>
---
drivers/tty/n_gsm.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index f4ec48c0d6d7..1e135a71860f 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -1446,13 +1446,17 @@ static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
static void gsm_dlci_close(struct gsm_dlci *dlci)
{
+ unsigned long flags;
+
del_timer(&dlci->t1);
if (debug & 8)
pr_debug("DLCI %d goes closed.\n", dlci->addr);
dlci->state = DLCI_CLOSED;
if (dlci->addr != 0) {
tty_port_tty_hangup(&dlci->port, false);
+ spin_lock_irqsave(&dlci->lock, flags);
kfifo_reset(&dlci->fifo);
+ spin_unlock_irqrestore(&dlci->lock, flags);
/* Ensure that gsmtty_open() can return. */
tty_port_set_initialized(&dlci->port, 0);
wake_up_interruptible(&dlci->port.open_wait);
@@ -3150,13 +3154,17 @@ static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty)
static void gsmtty_flush_buffer(struct tty_struct *tty)
{
struct gsm_dlci *dlci = tty->driver_data;
+ unsigned long flags;
+
if (dlci->state == DLCI_CLOSED)
return;
/* Caution needed: If we implement reliable transport classes
then the data being transmitted can't simply be junked once
it has first hit the stack. Until then we can just blow it
away */
+ spin_lock_irqsave(&dlci->lock, flags);
kfifo_reset(&dlci->fifo);
+ spin_unlock_irqrestore(&dlci->lock, flags);
/* Need to unhook this DLCI from the transmit queue logic */
}
--
2.25.1
next prev parent reply other threads:[~2022-04-14 9:46 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 9:42 [PATCH 01/20] tty: n_gsm: fix missing mux reset on config change at responder D. Starke
2022-04-14 9:42 ` [PATCH 02/20] tty: n_gsm: fix restart handling via CLD command D. Starke
2022-04-14 9:42 ` [PATCH 03/20] tty: n_gsm: fix decoupled mux resource D. Starke
2022-04-14 9:42 ` [PATCH 04/20] tty: n_gsm: fix mux cleanup after unregister tty device D. Starke
2022-04-14 9:42 ` [PATCH 05/20] tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 D. Starke
2022-04-14 9:42 ` [PATCH 06/20] tty: n_gsm: fix frame reception handling D. Starke
2022-04-14 9:42 ` [PATCH 07/20] tty: n_gsm: fix malformed counter for out of frame data D. Starke
2022-04-14 9:42 ` [PATCH 08/20] tty: n_gsm: fix insufficient txframe size D. Starke
2022-04-14 9:42 ` [PATCH 09/20] tty: n_gsm: fix wrong DLCI release order D. Starke
2022-04-14 9:42 ` [PATCH 10/20] tty: n_gsm: fix missing explicit ldisc flush D. Starke
2022-04-14 9:42 ` [PATCH 11/20] tty: n_gsm: fix wrong command retry handling D. Starke
2022-04-14 9:42 ` [PATCH 12/20] tty: n_gsm: fix wrong command frame length field encoding D. Starke
2022-04-14 9:42 ` [PATCH 13/20] tty: n_gsm: fix wrong signal octets encoding in MSC D. Starke
2022-04-14 9:42 ` [PATCH 14/20] tty: n_gsm: fix missing tty wakeup in convergence layer type 2 D. Starke
2022-04-14 9:42 ` [PATCH 15/20] tty: n_gsm: fix missing update of modem controls after DLCI open D. Starke
2022-04-15 6:29 ` Greg KH
2022-04-19 8:07 ` [PATCH v2 " D. Starke
2022-04-19 10:07 ` Greg KH
2022-04-14 9:42 ` [PATCH 16/20] tty: n_gsm: fix invalid command/response bit check for UI/UIH frames D. Starke
2022-04-15 6:31 ` Greg KH
2022-04-19 8:17 ` [PATCH v2 16/20] tty: n_gsm: clean up dead code in gsm_queue() D. Starke
2022-04-19 10:06 ` Greg KH
2022-04-19 10:07 ` Greg KH
2022-04-14 9:42 ` D. Starke [this message]
2022-04-14 9:42 ` [PATCH 18/20] tty: n_gsm: fix implicit CR bit encoding in address field D. Starke
2022-04-15 6:33 ` Greg KH
2022-04-19 8:19 ` [PATCH v2 18/20] tty: n_gsm: clean up " D. Starke
2022-04-19 10:06 ` Greg KH
2022-04-14 9:42 ` [PATCH 19/20] tty: n_gsm: fix wrong behavior of gsm_carrier_raised() on debug D. Starke
2022-04-15 6:34 ` Greg KH
2022-04-14 9:42 ` [PATCH 20/20] tty: n_gsm: fix incorrect UA handling D. Starke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220414094225.4527-17-daniel.starke@siemens.com \
--to=daniel.starke@siemens.com \
--cc=gregkh@linuxfoundation.org \
--cc=jirislaby@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-serial@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).