linux/drivers/char
Alan Cox 8077088449 n_tty: Fix echo race
If a tty in N_TTY mode with echo enabled manages to get itself into a state
where
	- echo characters are pending
	- FASYNC is enabled
	- tty_write_wakeup is called from either
		- a device write path (pty)
		- an IRQ (serial)

then it either deadlocks or explodes taking a mutex in the IRQ path.

On the serial side it is almost impossible to reproduce because you have to
go from a full serial port to a near empty one with echo characters
pending. The pty case happens to have become possible to trigger using
emacs and ptys, the pty changes having created a scenario which shows up
this bug.

The code path is

	n_tty:process_echoes() (takes mutex)
	tty_io:tty_put_char()
	pty:pty_write  (or serial paths)
	tty_wakeup     (from pty_write or serial IRQ)
	n_tty_write_wakeup()
	process_echoes()
	*KABOOM*

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-07-16 09:19:16 -07:00
..
agp Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2009-06-20 10:15:30 -07:00
hw_random Remove multiple KERN_ prefixes from printk formats 2009-07-08 10:30:03 -07:00
ip2 tty: rewrite the ldisc locking 2009-06-11 08:51:01 -07:00
ipmi ipmi: remove driver_data direct access of struct device 2009-06-15 21:30:27 -07:00
mwave mwave: struct device - replace bus_id with dev_name(), dev_set_name() 2009-01-06 10:44:38 -08:00
pcmcia pcmcia/cm4000: fix lock imbalance 2009-06-22 11:32:24 -07:00
rio headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
tpm headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
xilinx_hwicap xilinx_hwicap: remove improper wording in license statement 2008-12-17 11:23:07 -08:00
.gitignore
ChangeLog
Kconfig MIPS: Update VR41xx GPIO driver to use gpiolib 2009-07-03 15:45:25 +01:00
Makefile MIPS: Update VR41xx GPIO driver to use gpiolib 2009-07-03 15:45:25 +01:00
amiserial.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
apm-emulation.c APM emulation: Notify about all suspend events, not just APM invoked ones (v2) 2008-07-16 23:27:02 +02:00
applicom.c applicom: Auto-load applicom module when device opened. 2009-04-06 14:36:30 -07:00
applicom.h
bfin-otp.c Blackfin char driver for Blackfin on-chip OTP memory (v3) 2008-04-25 08:04:56 +08:00
bfin_jtag_comm.c bfin_jtag_comm: clean up printk usage 2009-06-22 11:32:23 -07:00
briq_panel.c briq_panel: BKL pushdown 2008-06-20 14:05:55 -06:00
bsr.c powerpc/BSR: Fix BSR to allow mmap of small BSR on 64k kernel 2009-06-26 14:37:26 +10:00
cd1865.h
consolemap.c consolemap: indentation & braces disagree - reindent 2009-01-06 15:59:30 -08:00
cp437.uni unicode table for cp437 2008-12-13 11:25:49 -08:00
cs5535_gpio.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
cyclades.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
defkeymap.c_shipped
defkeymap.map
digi1.h
digiFep1.h
digiPCI.h
ds1302.c rtc: use bcd2bin/bin2bcd 2008-10-20 08:52:41 -07:00
ds1620.c [ARM] netwinder: clean up GPIO naming 2008-12-13 09:12:07 +00:00
dsp56k.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
dtlk.c dtlk: off by one in {read,write}_tts() 2009-06-19 16:46:06 -07:00
efirtc.c drivers/char/efirtc.c: removed duplicated #include 2008-08-04 16:59:56 -07:00
epca.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
epca.h epca: use tty_port 2008-07-20 17:12:36 -07:00
epcaconfig.h
esp.c esp: fix section mismatch warning 2009-04-07 08:31:03 -07:00
generic_nvram.c driver/char/generic_nvram: fix banner 2008-06-12 18:05:41 -07:00
generic_serial.c tty: Remove some pointless casts 2009-01-02 10:19:40 -08:00
genrtc.c genrtc: BKL pushdown 2008-06-20 14:05:57 -06:00
hangcheck-timer.c
hpet.c irq: change ACPI GSI APIs to also take a device argument 2009-04-28 12:21:17 +02:00
hvc_beat.c powerpc/cell: Use correct types in beat files 2009-01-08 16:25:16 +11:00
hvc_console.c hvc_console: Remove tty->low_latency 2009-01-16 16:15:16 +11:00
hvc_console.h powerpc: Make open count variables signed in hvcs/hvsi/hvc_console 2008-12-03 21:04:13 +11:00
hvc_irq.c hvc_console: Call free_irq() only if request_irq() was successful 2009-01-13 14:48:01 +11:00
hvc_iseries.c drivers/hvc: Add missing __devexit_p() 2009-06-16 14:15:44 +10:00
hvc_iucv.c [S390] pm: hvc_iucv power management callbacks 2009-06-16 10:31:19 +02:00
hvc_rtas.c
hvc_udbg.c powerpc: udbg-based backend for hvc_console 2008-11-19 16:04:25 +11:00
hvc_vio.c drivers/hvc: Add missing __devexit_p() 2009-06-16 14:15:44 +10:00
hvc_xen.c hvc_console: Add a hangup notifier for backends 2008-10-22 10:59:54 +11:00
hvcs.c Merge commit 'origin/master' into next 2009-06-18 11:16:55 +10:00
hvsi.c hvc_console: Remove tty->low_latency on pseries backends 2009-03-11 10:44:26 +11:00
i8k.c i8k: Add Dell Vostro systems 2009-01-02 10:28:32 -08:00
isicom.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
istallion.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
keyboard.c Input: keyboard - remove warning about raw mode not supported 2009-04-20 21:21:24 -07:00
lp.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
mbcs.c mbcs: cdev lock_kernel() pushdown 2008-06-20 14:05:48 -06:00
mbcs.h
mem.c drivers/char/mem.c: memory_open() cleanup: lookup minor device number from devlist 2009-06-18 13:03:54 -07:00
misc.c Driver Core: misc: add nodename support for misc devices. 2009-06-15 21:30:25 -07:00
mmtimer.c mmtimer: Push BKL down into the ioctl handler 2008-07-17 11:34:49 -07:00
moxa.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
moxa.h Char: moxa, cleanup rx/tx 2008-04-30 08:29:43 -07:00
mspec.c mspec: convert nopfn to fault 2008-07-24 10:47:14 -07:00
mxser.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
mxser.h mxser: convert large macros to functions 2008-04-30 08:29:49 -07:00
n_hdlc.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
n_r3964.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
n_tty.c n_tty: Fix echo race 2009-07-16 09:19:16 -07:00
nozomi.c tty: nozomi, fix tty refcounting bug 2009-07-16 09:19:16 -07:00
nsc_gpio.c
nvram.c [PATCH] nvram - convert PRINT_PROC to seq_file 2008-11-11 09:56:00 +00:00
nwbutton.c
nwbutton.h
nwflash.c [ARM] netwinder: clean up GPIO naming 2008-12-13 09:12:07 +00:00
pc8736x_gpio.c pc8736x_gpio: add support for PC87365 chips 2008-10-20 08:52:40 -07:00
ppdev.c ppdev: reduce kernel log spam 2009-06-18 13:03:54 -07:00
ps3flash.c ps3flash: Always read chunks of 256 KiB, and cache them 2009-06-15 16:47:27 +10:00
pty.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
random.c Avoid ICE in get_random_int() with gcc-3.4.5 2009-05-19 11:25:35 -07:00
raw.c Driver Core: raw: add nodename for raw devices 2009-06-15 21:30:26 -07:00
riscom8.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
riscom8.h tty: add more tty_port fields 2008-07-20 17:12:38 -07:00
riscom8_reg.h
rocket.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
rocket.h tty: rocketport uses different port flags to everyone else 2009-01-02 10:19:39 -08:00
rocket_int.h tty: rocketport uses different port flags to everyone else 2009-01-02 10:19:39 -08:00
rtc.c RTC: Remove the BKL. 2009-01-08 16:44:03 -07:00
scc.h m68k: atari - Rename "mfp" to "st_mfp" 2009-02-22 09:23:02 -08:00
scx200_gpio.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
selection.c tty: rewrite the ldisc locking 2009-06-11 08:51:01 -07:00
ser_a2232.c m68k: ser_a2232 - Kill warn_unused_result warnings 2009-01-12 20:56:39 +01:00
ser_a2232.h
ser_a2232fw.ax
ser_a2232fw.h
serial167.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
snsc.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
snsc.h
snsc_event.c byteorder: don't directly include linux/byteorder/generic.h 2008-05-16 12:01:45 -07:00
sonypi.c Rationalize fasync return values 2009-03-16 08:34:35 -06:00
specialix.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
specialix_io8.h tty: add more tty_port fields 2008-07-20 17:12:38 -07:00
stallion.c tty: Add carrier processing on close to the tty_port core 2009-06-11 08:50:56 -07:00
sx.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
sx.h
sxboards.h
sxwindow.h
synclink.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
synclink_gt.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
synclinkmp.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
sysrq.c kexec: sysrq: simplify sysrq-c handler 2009-06-18 13:03:59 -07:00
tb0219.c Update Yoichi Yuasa's e-mail address 2009-07-03 15:45:29 +01:00
tlclk.c tlckl: BKL pushdown 2008-06-20 14:05:51 -06:00
toshiba.c toshiba: use ioremap_cached 2008-04-30 23:15:34 +02:00
tty_audit.c tty: remove buffer special casing 2009-06-11 08:51:02 -07:00
tty_buffer.c tty: split the buffering from tty_io 2008-10-13 09:51:40 -07:00
tty_io.c tty: fix sanity check 2009-06-16 12:01:16 -07:00
tty_ioctl.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
tty_ldisc.c tty: fix close/hangup race 2009-07-16 09:19:16 -07:00
tty_port.c tty: fix tty_port_block_til_ready waiting 2009-06-24 09:55:50 -07:00
vc_screen.c vcs: hook sysfs devices into object lifetime instead of "binding" 2009-03-24 16:38:26 -07:00
viotape.c tape: beyond ARRAY_SIZE of viocd_diskinfo 2009-06-02 10:32:34 +10:00
virtio_console.c virtio: find_vqs/del_vqs virtio operations 2009-06-12 22:16:36 +09:30
vme_scc.c m68k: vme_scc - Kill warn_unused_result warnings 2009-01-12 20:56:38 +01:00
vr41xx_giu.c MIPS: Update VR41xx GPIO driver to use gpiolib 2009-07-03 15:45:25 +01:00
vt.c vt: drop bootmem/slab memory distinction 2009-07-16 09:19:16 -07:00
vt_ioctl.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00