Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-5.11.y 2021-01-25T20:08:07+00:00 2021-01-25T20:08:07+00:00 Sami Tolvanen samitolvanen@google.com 2021-01-25T19:09:25+00:00 urn:sha1:9f12e37cae44a96132fc3031535a0b165486941a layer to use write_iter. Fix the redirected_tty_write declaration also in n_tty and change the comparisons to use write_iter instead of write. [ Also moved the declaration of redirected_tty_write() to the proper location in a header file. The reason for the bug was the bogus extern declaration in n_tty.c silently not matching the changed definition in tty_io.c, and because it wasn't in a shared header file, there was no cross-checking of the declaration. Sami noticed because Clang's Control Flow Integrity checking ended up incidentally noticing the inconsistent declaration. - Linus ] Fixes: 9bb48c82aced ("tty: implement write_iter") Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2020-12-09T14:27:42+00:00 Johan Hovold johan@kernel.org 2020-12-02T11:39:37+00:00 urn:sha1:9e1792727ead477f49958578d0dbd466a7deea48 Declare the port parameter to the flag-test accessors as const. This is currently mostly cosmetic as the accessors are already inlined. Suggested-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20201202113942.27024-3-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2020-12-09T14:26:31+00:00 Johan Hovold johan@kernel.org 2020-12-02T11:39:36+00:00 urn:sha1:af633212c4aac1dbd3a48615a834646ce072346d Use the new assign_bit() wrapper in the port-flag accessors instead of open coding. Suggested-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20201202113942.27024-2-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2020-12-07T09:19:31+00:00 Greg Kroah-Hartman gregkh@linuxfoundation.org 2020-12-07T09:19:31+00:00 urn:sha1:ba3b8bb1263dfb87914ef0ccf5f3a78604b3686b We want the tty fixes in here as well. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2020-12-04T16:39:58+00:00 Jann Horn jannh@google.com 2020-12-03T01:25:05+00:00 urn:sha1:c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9 Currently, locking of ->session is very inconsistent; most places protect it using the legacy tty mutex, but disassociate_ctty(), __do_SAK(), tiocspgrp() and tiocgsid() don't. Two of the writers hold the ctrl_lock (because they already need it for ->pgrp), but __proc_set_tty() doesn't do that yet. On a PREEMPT=y system, an unprivileged user can theoretically abuse this broken locking to read 4 bytes of freed memory via TIOCGSID if tiocgsid() is preempted long enough at the right point. (Other things might also go wrong, especially if root-only ioctls are involved; I'm not sure about that.) Change the locking on ->session such that: - tty_lock() is held by all writers: By making disassociate_ctty() hold it. This should be fine because the same lock can already be taken through the call to tty_vhangup_session(). The tricky part is that we need to shorten the area covered by siglock to be able to take tty_lock() without ugly retry logic; as far as I can tell, this should be fine, since nothing in the signal_struct is touched in the `if (tty)` branch. - ctrl_lock is held by all writers: By changing __proc_set_tty() to hold the lock a little longer. - All readers that aren't holding tty_lock() hold ctrl_lock: By adding locking to tiocgsid() and __do_SAK(), and expanding the area covered by ctrl_lock in tiocspgrp(). Cc: stable@kernel.org Signed-off-by: Jann Horn <jannh@google.com> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2020-12-04T15:54:35+00:00 Jann Horn jannh@google.com 2020-12-03T02:03:31+00:00 urn:sha1:e0efb3168d34dc8c8c72718672b8902e40efff8f set_termiox() and the TCGETX handler bail out with -EINVAL immediately if ->termiox is NULL, but there are no code paths that can set ->termiox to a non-NULL pointer; and no such code paths seem to have existed since the termiox mechanism was introduced back in commit 1d65b4a088de ("tty: Add termiox") in v2.6.28. Similarly, no driver actually implements .set_termiox; and it looks like no driver ever has. Delete this dead code; but leave the definition of struct termiox in the UAPI headers intact. Signed-off-by: Jann Horn <jannh@google.com> Link: https://lore.kernel.org/r/20201203020331.2394754-1-jannh@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2020-11-06T09:49:27+00:00 Lee Jones lee.jones@linaro.org 2020-11-04T19:35:17+00:00 urn:sha1:aec51036a166a0aecc26cba101bfbbdc53d64139 Fixes the following W=1 kernel build warning(s): drivers/tty/tty_ldisc.c:883:6: warning: no previous prototype for ‘tty_sysctl_init’ [-Wmissing-prototypes] 883 | void tty_sysctl_init(void) | ^~~~~~~~~~~~~~~ Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Jiri Slaby <jirislaby@kernel.org> Cc: Nick Holloway <alfie@dcs.warwick.ac.uk> Cc: -- <julian@uhunix.uhcc.hawaii.edu> Cc: Marko Kohtala <Marko.Kohtala@hut.fi> Cc: Bill Hawes <whawes@star.net> Cc: "C. Scott Ananian" <cananian@alumni.princeton.edu> Cc: Russell King <rmk@arm.linux.org.uk> Cc: Andrew Morton <andrewm@uow.edu.eu> Signed-off-by: Lee Jones <lee.jones@linaro.org> Link: https://lore.kernel.org/r/20201104193549.4026187-5-lee.jones@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2020-05-04T16:16:37+00:00 Linus Torvalds torvalds@linux-foundation.org 2020-05-04T16:16:37+00:00 urn:sha1:9d82973e032e246ff5663c9805fbb5407ae932e3 Due to a bug-report that was compiler-dependent, I updated one of my machines to gcc-10. That shows a lot of new warnings. Happily they seem to be mostly the valid kind, but it's going to cause a round of churn for getting rid of them.. This is the really low-hanging fruit of removing a couple of zero-sized arrays in some core code. We have had a round of these patches before, and we'll have many more coming, and there is nothing special about these except that they were particularly trivial, and triggered more warnings than most. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2020-02-10T20:26:44+00:00 Johan Hovold johan@kernel.org 2020-02-10T14:57:30+00:00 urn:sha1:0c5aae59270fb1f827acce182786094c9ccf598e The serdev tty-port controller driver should reset the tty-port client operations also on deregistration to avoid a NULL-pointer dereference in case the port is later re-registered as a normal tty device. Note that this can only happen with tty drivers such as 8250 which have statically allocated port structures that can end up being reused and where a later registration would not register a serdev controller (e.g. due to registration errors or if the devicetree has been changed in between). Specifically, this can be an issue for any statically defined ports that would be registered by 8250 core when an 8250 driver is being unbound. Fixes: bed35c6dfa6a ("serdev: add a tty port controller driver") Cc: stable <stable@vger.kernel.org> # 4.11 Reported-by: Loic Poulain <loic.poulain@linaro.org> Signed-off-by: Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20200210145730.22762-1-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-12-10T09:17:45+00:00 Greg Kroah-Hartman gregkh@linuxfoundation.org 2018-12-10T09:17:45+00:00 urn:sha1:9c96f401e91a4358eb4a5e227c1521dea1c20127 We want the TTY changes in here as well. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>