linux/drivers/tty/tty_port.c

633 lines
16 KiB
C
Raw Normal View History

/*
* Tty port functions
*/
#include <linux/types.h>
#include <linux/errno.h>
#include <linux/tty.h>
#include <linux/tty_driver.h>
#include <linux/tty_flip.h>
#include <linux/serial.h>
#include <linux/timer.h>
#include <linux/string.h>
#include <linux/slab.h>
#include <linux/sched/signal.h>
#include <linux/wait.h>
#include <linux/bitops.h>
#include <linux/delay.h>
#include <linux/module.h>
static int tty_port_default_receive_buf(struct tty_port *port,
const unsigned char *p,
const unsigned char *f, size_t count)
{
int ret;
struct tty_struct *tty;
struct tty_ldisc *disc;
tty = READ_ONCE(port->itty);
if (!tty)
return 0;
disc = tty_ldisc_ref(tty);
if (!disc)
return 0;
tty: fix port buffer locking tty_insert_flip_string_fixed_flag() is racy against itself when called from the ioctl(TCXONC, TCION/TCIOFF) path [1] and the flush_to_ldisc() workqueue path [2]. The problem is that port->buf.tail->used is modified without consistent locking; the ioctl path takes tty->atomic_write_lock, whereas the workqueue path takes ldata->output_lock. We cannot simply take ldata->output_lock, since that is specific to the N_TTY line discipline. It might seem natural to try to take port->buf.lock inside tty_insert_flip_string_fixed_flag() and friends (where port->buf is actually used/modified), but this creates problems for flush_to_ldisc() which takes it before grabbing tty->ldisc_sem, o_tty->termios_rwsem, and ldata->output_lock. Therefore, the simplest solution for now seems to be to take tty->atomic_write_lock inside tty_port_default_receive_buf(). This lock is also used in the write path [3] with a consistent ordering. [1]: Call Trace: tty_insert_flip_string_fixed_flag pty_write tty_send_xchar // down_read(&o_tty->termios_rwsem) // mutex_lock(&tty->atomic_write_lock) n_tty_ioctl_helper n_tty_ioctl tty_ioctl // down_read(&tty->ldisc_sem) do_vfs_ioctl SyS_ioctl [2]: Workqueue: events_unbound flush_to_ldisc Call Trace: tty_insert_flip_string_fixed_flag pty_write tty_put_char __process_echoes commit_echoes // mutex_lock(&ldata->output_lock) n_tty_receive_buf_common n_tty_receive_buf2 tty_ldisc_receive_buf // down_read(&o_tty->termios_rwsem) tty_port_default_receive_buf // down_read(&tty->ldisc_sem) flush_to_ldisc // mutex_lock(&port->buf.lock) process_one_work [3]: Call Trace: tty_insert_flip_string_fixed_flag pty_write n_tty_write // mutex_lock(&ldata->output_lock) // down_read(&tty->termios_rwsem) do_tty_write (inline) // mutex_lock(&tty->atomic_write_lock) tty_write // down_read(&tty->ldisc_sem) __vfs_write vfs_write SyS_write The bug can result in about a dozen different crashes depending on what exactly gets corrupted when port->buf.tail->used points outside the buffer. The patch passes my LOCKDEP/PROVE_LOCKING testing but more testing is always welcome. Found using syzkaller. Cc: <stable@vger.kernel.org> Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-11 13:18:52 +03:00
mutex_lock(&tty->atomic_write_lock);
ret = tty_ldisc_receive_buf(disc, p, (char *)f, count);
tty: fix port buffer locking tty_insert_flip_string_fixed_flag() is racy against itself when called from the ioctl(TCXONC, TCION/TCIOFF) path [1] and the flush_to_ldisc() workqueue path [2]. The problem is that port->buf.tail->used is modified without consistent locking; the ioctl path takes tty->atomic_write_lock, whereas the workqueue path takes ldata->output_lock. We cannot simply take ldata->output_lock, since that is specific to the N_TTY line discipline. It might seem natural to try to take port->buf.lock inside tty_insert_flip_string_fixed_flag() and friends (where port->buf is actually used/modified), but this creates problems for flush_to_ldisc() which takes it before grabbing tty->ldisc_sem, o_tty->termios_rwsem, and ldata->output_lock. Therefore, the simplest solution for now seems to be to take tty->atomic_write_lock inside tty_port_default_receive_buf(). This lock is also used in the write path [3] with a consistent ordering. [1]: Call Trace: tty_insert_flip_string_fixed_flag pty_write tty_send_xchar // down_read(&o_tty->termios_rwsem) // mutex_lock(&tty->atomic_write_lock) n_tty_ioctl_helper n_tty_ioctl tty_ioctl // down_read(&tty->ldisc_sem) do_vfs_ioctl SyS_ioctl [2]: Workqueue: events_unbound flush_to_ldisc Call Trace: tty_insert_flip_string_fixed_flag pty_write tty_put_char __process_echoes commit_echoes // mutex_lock(&ldata->output_lock) n_tty_receive_buf_common n_tty_receive_buf2 tty_ldisc_receive_buf // down_read(&o_tty->termios_rwsem) tty_port_default_receive_buf // down_read(&tty->ldisc_sem) flush_to_ldisc // mutex_lock(&port->buf.lock) process_one_work [3]: Call Trace: tty_insert_flip_string_fixed_flag pty_write n_tty_write // mutex_lock(&ldata->output_lock) // down_read(&tty->termios_rwsem) do_tty_write (inline) // mutex_lock(&tty->atomic_write_lock) tty_write // down_read(&tty->ldisc_sem) __vfs_write vfs_write SyS_write The bug can result in about a dozen different crashes depending on what exactly gets corrupted when port->buf.tail->used points outside the buffer. The patch passes my LOCKDEP/PROVE_LOCKING testing but more testing is always welcome. Found using syzkaller. Cc: <stable@vger.kernel.org> Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-11 13:18:52 +03:00
mutex_unlock(&tty->atomic_write_lock);
tty_ldisc_deref(disc);
return ret;
}
static void tty_port_default_wakeup(struct tty_port *port)
{
struct tty_struct *tty = tty_port_tty_get(port);
if (tty) {
tty_wakeup(tty);
tty_kref_put(tty);
}
}
static const struct tty_port_client_operations default_client_ops = {
.receive_buf = tty_port_default_receive_buf,
.write_wakeup = tty_port_default_wakeup,
};
void tty_port_init(struct tty_port *port)
{
memset(port, 0, sizeof(*port));
tty_buffer_init(port);
init_waitqueue_head(&port->open_wait);
init_waitqueue_head(&port->delta_msr_wait);
mutex_init(&port->mutex);
mutex_init(&port->buf_mutex);
spin_lock_init(&port->lock);
port->close_delay = (50 * HZ) / 100;
port->closing_wait = (3000 * HZ) / 100;
port->client_ops = &default_client_ops;
kref_init(&port->kref);
}
EXPORT_SYMBOL(tty_port_init);
/**
* tty_port_link_device - link tty and tty_port
* @port: tty_port of the device
* @driver: tty_driver for this device
* @index: index of the tty
*
* Provide the tty layer wit ha link from a tty (specified by @index) to a
* tty_port (@port). Use this only if neither tty_port_register_device nor
* tty_port_install is used in the driver. If used, this has to be called before
* tty_register_driver.
*/
void tty_port_link_device(struct tty_port *port,
struct tty_driver *driver, unsigned index)
{
if (WARN_ON(index >= driver->num))
return;
driver->ports[index] = port;
}
EXPORT_SYMBOL_GPL(tty_port_link_device);
/**
* tty_port_register_device - register tty device
* @port: tty_port of the device
* @driver: tty_driver for this device
* @index: index of the tty
* @device: parent if exists, otherwise NULL
*
* It is the same as tty_register_device except the provided @port is linked to
* a concrete tty specified by @index. Use this or tty_port_install (or both).
* Call tty_port_link_device as a last resort.
*/
struct device *tty_port_register_device(struct tty_port *port,
struct tty_driver *driver, unsigned index,
struct device *device)
{
return tty_port_register_device_attr(port, driver, index, device, NULL, NULL);
}
EXPORT_SYMBOL_GPL(tty_port_register_device);
/**
* tty_port_register_device_attr - register tty device
* @port: tty_port of the device
* @driver: tty_driver for this device
* @index: index of the tty
* @device: parent if exists, otherwise NULL
* @drvdata: Driver data to be set to device.
* @attr_grp: Attribute group to be set on device.
*
* It is the same as tty_register_device_attr except the provided @port is
* linked to a concrete tty specified by @index. Use this or tty_port_install
* (or both). Call tty_port_link_device as a last resort.
*/
struct device *tty_port_register_device_attr(struct tty_port *port,
struct tty_driver *driver, unsigned index,
struct device *device, void *drvdata,
const struct attribute_group **attr_grp)
{
tty_port_link_device(port, driver, index);
return tty_register_device_attr(driver, index, device, drvdata,
attr_grp);
}
EXPORT_SYMBOL_GPL(tty_port_register_device_attr);
int tty_port_alloc_xmit_buf(struct tty_port *port)
{
/* We may sleep in get_zeroed_page() */
mutex_lock(&port->buf_mutex);
if (port->xmit_buf == NULL)
port->xmit_buf = (unsigned char *)get_zeroed_page(GFP_KERNEL);
mutex_unlock(&port->buf_mutex);
if (port->xmit_buf == NULL)
return -ENOMEM;
return 0;
}
EXPORT_SYMBOL(tty_port_alloc_xmit_buf);
void tty_port_free_xmit_buf(struct tty_port *port)
{
mutex_lock(&port->buf_mutex);
if (port->xmit_buf != NULL) {
free_page((unsigned long)port->xmit_buf);
port->xmit_buf = NULL;
}
mutex_unlock(&port->buf_mutex);
}
EXPORT_SYMBOL(tty_port_free_xmit_buf);
/**
* tty_port_destroy -- destroy inited port
* @port: tty port to be doestroyed
*
* When a port was initialized using tty_port_init, one has to destroy the
* port by this function. Either indirectly by using tty_port refcounting
* (tty_port_put) or directly if refcounting is not used.
*/
void tty_port_destroy(struct tty_port *port)
{
tty_buffer_cancel_work(port);
tty_buffer_free_all(port);
}
EXPORT_SYMBOL(tty_port_destroy);
static void tty_port_destructor(struct kref *kref)
{
struct tty_port *port = container_of(kref, struct tty_port, kref);
/* check if last port ref was dropped before tty release */
if (WARN_ON(port->itty))
return;
if (port->xmit_buf)
free_page((unsigned long)port->xmit_buf);
tty_port_destroy(port);
if (port->ops && port->ops->destruct)
port->ops->destruct(port);
else
kfree(port);
}
void tty_port_put(struct tty_port *port)
{
if (port)
kref_put(&port->kref, tty_port_destructor);
}
EXPORT_SYMBOL(tty_port_put);
/**
* tty_port_tty_get - get a tty reference
* @port: tty port
*
* Return a refcount protected tty instance or NULL if the port is not
* associated with a tty (eg due to close or hangup)
*/
struct tty_struct *tty_port_tty_get(struct tty_port *port)
{
unsigned long flags;
struct tty_struct *tty;
spin_lock_irqsave(&port->lock, flags);
tty = tty_kref_get(port->tty);
spin_unlock_irqrestore(&port->lock, flags);
return tty;
}
EXPORT_SYMBOL(tty_port_tty_get);
/**
* tty_port_tty_set - set the tty of a port
* @port: tty port
* @tty: the tty
*
* Associate the port and tty pair. Manages any internal refcounts.
* Pass NULL to deassociate a port
*/
void tty_port_tty_set(struct tty_port *port, struct tty_struct *tty)
{
unsigned long flags;
spin_lock_irqsave(&port->lock, flags);
tty_kref_put(port->tty);
port->tty = tty_kref_get(tty);
spin_unlock_irqrestore(&port->lock, flags);
}
EXPORT_SYMBOL(tty_port_tty_set);
static void tty_port_shutdown(struct tty_port *port, struct tty_struct *tty)
{
mutex_lock(&port->mutex);
if (port->console)
goto out;
if (tty_port_initialized(port)) {
tty_port_set_initialized(port, 0);
/*
* Drop DTR/RTS if HUPCL is set. This causes any attached
* modem to hang up the line.
*/
if (tty && C_HUPCL(tty))
tty_port_lower_dtr_rts(port);
if (port->ops->shutdown)
port->ops->shutdown(port);
}
out:
mutex_unlock(&port->mutex);
}
/**
* tty_port_hangup - hangup helper
* @port: tty port
*
* Perform port level tty hangup flag and count changes. Drop the tty
* reference.
tty: Document locking for tty_port_hangup() The tty lock is held when the tty driver's hangup() method is called (from the lone call-site, __tty_hangup()). The call-tree audit [1] of tty_port_hangup() is a closed graph of the callers of tty_port_hangup(); ie., all callers originate only from __tty_hangup(). Of these callers, none drop the tty lock prior to calling tty_port_hangup(). [1] Call-tree audit of tty_port_hangup() __tty_hangup() tty->ops->hangup() --+ | rs_hangup():arch/ia64/hp/sim/simserial.c line_hangup():arch/um/drivers/line.c gdm_tty_hangup():drivers/staging/gdm724x/gdm_tty.c fwtty_hangup():drivers/staging/fwserial/fwserial.c acm_tty_hangup():drivers/usb/class/cdc-acm.c serial_hangup():drivers/usb/serial/usb-serial.c ipoctal_hangup():drivers/ipack/devices/ipoctal.c cy_hangup():drivers/tty/cyclades.c isicom_hangup():drivers/tty/isicom.c rp_hangup():drivers/tty/rocket.c dashtty_hangup():drivers/tty/metag_da.c moxa_hangup():drivers/tty/moxa.c gsmtty_hangup():drivers/tty/n_gsm.c goldfish_tty_hangup():drivers/tty/goldfish.c ehv_bc_tty_hangup():drivers/tty/ehv_bytechan.c mxser_hangup():drivers/tty/mxser.c kgdb_nmi_tty_hangup():drivers/tty/serial/kgdb_nmi.c ifx_spi_hangup():drivers/tty/serial/ifx6x60.c ntty_hangup():drivers/tty/nozomi.c capinc_tty_hangup():drivers/isdn/capi/capi.c mgslpc_hangup():drivers/char/pcmcia/synclink_cs.c sdio_uart_hangup():drivers/mmc/card/sdio_uart.c rfcomm_tty_hangup():net/bluetooth/rfcomm/tty.c | +- tty_port_hangup() Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-16 17:17:02 +04:00
*
* Caller holds tty lock.
*/
void tty_port_hangup(struct tty_port *port)
{
struct tty_struct *tty;
unsigned long flags;
spin_lock_irqsave(&port->lock, flags);
port->count = 0;
tty = port->tty;
if (tty)
set_bit(TTY_IO_ERROR, &tty->flags);
port->tty = NULL;
spin_unlock_irqrestore(&port->lock, flags);
tty_port_set_active(port, 0);
tty_port_shutdown(port, tty);
tty_kref_put(tty);
wake_up_interruptible(&port->open_wait);
wake_up_interruptible(&port->delta_msr_wait);
}
EXPORT_SYMBOL(tty_port_hangup);
/**
* tty_port_tty_hangup - helper to hang up a tty
*
* @port: tty port
* @check_clocal: hang only ttys with CLOCAL unset?
*/
void tty_port_tty_hangup(struct tty_port *port, bool check_clocal)
{
struct tty_struct *tty = tty_port_tty_get(port);
if (tty && (!check_clocal || !C_CLOCAL(tty)))
tty_hangup(tty);
tty_kref_put(tty);
}
EXPORT_SYMBOL_GPL(tty_port_tty_hangup);
/**
* tty_port_tty_wakeup - helper to wake up a tty
*
* @port: tty port
*/
void tty_port_tty_wakeup(struct tty_port *port)
{
port->client_ops->write_wakeup(port);
}
EXPORT_SYMBOL_GPL(tty_port_tty_wakeup);
/**
* tty_port_carrier_raised - carrier raised check
* @port: tty port
*
* Wrapper for the carrier detect logic. For the moment this is used
* to hide some internal details. This will eventually become entirely
* internal to the tty port.
*/
int tty_port_carrier_raised(struct tty_port *port)
{
if (port->ops->carrier_raised == NULL)
return 1;
return port->ops->carrier_raised(port);
}
EXPORT_SYMBOL(tty_port_carrier_raised);
/**
* tty_port_raise_dtr_rts - Raise DTR/RTS
* @port: tty port
*
* Wrapper for the DTR/RTS raise logic. For the moment this is used
* to hide some internal details. This will eventually become entirely
* internal to the tty port.
*/
void tty_port_raise_dtr_rts(struct tty_port *port)
{
if (port->ops->dtr_rts)
port->ops->dtr_rts(port, 1);
}
EXPORT_SYMBOL(tty_port_raise_dtr_rts);
/**
* tty_port_lower_dtr_rts - Lower DTR/RTS
* @port: tty port
*
* Wrapper for the DTR/RTS raise logic. For the moment this is used
* to hide some internal details. This will eventually become entirely
* internal to the tty port.
*/
void tty_port_lower_dtr_rts(struct tty_port *port)
{
if (port->ops->dtr_rts)
port->ops->dtr_rts(port, 0);
}
EXPORT_SYMBOL(tty_port_lower_dtr_rts);
/**
* tty_port_block_til_ready - Waiting logic for tty open
* @port: the tty port being opened
* @tty: the tty device being bound
tty_port: allow a port to be opened with a tty that has no file handle Let us create tty objects entirely in kernel space. Untested proposal to show why all the ideas around rewriting half the uart stack are not needed. With this a kernel created non file backed tty object could be used to handle data, and set terminal modes. Not all ldiscs can cope with this as N_TTY in particular has to work back to the fs/tty layer. The tty_port code is however otherwise clean of file handles as far as I can tell as is the low level tty port write path used by the ldisc, the configuration low level interfaces and most of the ldiscs. Currently you don't have any exposure to see tty hangups because those are built around the file layer. However a) it's a fixed port so you probably don't care about that b) if you do we can add a callback and c) you almost certainly don't want the userspace tear down/rebuild behaviour anyway. This should however be sufficient if we wanted for example to enumerate all the bluetooth bound fixed ports via ACPI and make them directly available. It doesn't deal with the case of a user opening a port that's also kernel opened and that would need some locking out (so it returned EBUSY if bound to a kernel device of some kind). That needs resolving along with how you "up" or "down" your new bluetooth device, or enumerate it while providing the existing tty API to avoid regressions (and to debug). Signed-off-by: Alan Cox <alan@linux.intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-By: Sebastian Reichel <sre@kernel.org> Signed-off-by: Rob Herring <robh@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-01-17 01:54:29 +03:00
* @filp: the file pointer of the opener or NULL
*
* Implement the core POSIX/SuS tty behaviour when opening a tty device.
* Handles:
* - hangup (both before and during)
* - non blocking open
* - rts/dtr/dcd
* - signals
* - port flags and counts
*
* The passed tty_port must implement the carrier_raised method if it can
* do carrier detect and the dtr_rts method if it supports software
* management of these lines. Note that the dtr/rts raise is done each
* iteration as a hangup may have previously dropped them while we wait.
*
* Caller holds tty lock.
*
* NB: May drop and reacquire tty lock when blocking, so tty and tty_port
* may have changed state (eg., may have been hung up).
*/
int tty_port_block_til_ready(struct tty_port *port,
struct tty_struct *tty, struct file *filp)
{
int do_clocal = 0, retval;
unsigned long flags;
DEFINE_WAIT(wait);
/* if non-blocking mode is set we can pass directly to open unless
the port has just hung up or is in another error state */
if (tty_io_error(tty)) {
tty_port_set_active(port, 1);
return 0;
}
tty_port: allow a port to be opened with a tty that has no file handle Let us create tty objects entirely in kernel space. Untested proposal to show why all the ideas around rewriting half the uart stack are not needed. With this a kernel created non file backed tty object could be used to handle data, and set terminal modes. Not all ldiscs can cope with this as N_TTY in particular has to work back to the fs/tty layer. The tty_port code is however otherwise clean of file handles as far as I can tell as is the low level tty port write path used by the ldisc, the configuration low level interfaces and most of the ldiscs. Currently you don't have any exposure to see tty hangups because those are built around the file layer. However a) it's a fixed port so you probably don't care about that b) if you do we can add a callback and c) you almost certainly don't want the userspace tear down/rebuild behaviour anyway. This should however be sufficient if we wanted for example to enumerate all the bluetooth bound fixed ports via ACPI and make them directly available. It doesn't deal with the case of a user opening a port that's also kernel opened and that would need some locking out (so it returned EBUSY if bound to a kernel device of some kind). That needs resolving along with how you "up" or "down" your new bluetooth device, or enumerate it while providing the existing tty API to avoid regressions (and to debug). Signed-off-by: Alan Cox <alan@linux.intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-By: Sebastian Reichel <sre@kernel.org> Signed-off-by: Rob Herring <robh@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-01-17 01:54:29 +03:00
if (filp == NULL || (filp->f_flags & O_NONBLOCK)) {
/* Indicate we are open */
if (C_BAUD(tty))
tty_port_raise_dtr_rts(port);
tty_port_set_active(port, 1);
return 0;
}
if (C_CLOCAL(tty))
do_clocal = 1;
/* Block waiting until we can proceed. We may need to wait for the
carrier, but we must also wait for any close that is in progress
before the next open may complete */
retval = 0;
/* The port lock protects the port counts */
spin_lock_irqsave(&port->lock, flags);
tty: Remove tty_hung_up_p() tests from tty drivers' open() Since at least before 2.6.30, it has not been possible to observe a hung up file pointer in a tty driver's open() method unless/until the driver open() releases the tty_lock() (eg., before blocking). This is because tty_open() adds the file pointer while holding the tty_lock() _and_ doesn't release the lock until after calling the tty driver's open() method. [ Before tty_lock(), this was lock_kernel(). ] Since __tty_hangup() first waits on the tty_lock() before enumerating and hanging up the open file pointers, either __tty_hangup() will wait for the tty_lock() or tty_open() will not yet have added the file pointer. For example, CPU 0 | CPU 1 | tty_open | __tty_hangup .. | .. tty_lock | .. tty_reopen | tty_lock / blocks .. | tty_add_file(tty, filp) | .. | tty->ops->open(tty, filp) | tty_port_open | tty_port_block_til_ready | .. | while (1) | .. | tty_unlock | / unblocks schedule | for each filp on tty->tty_files | f_ops = tty_hung_up_fops; | .. | tty_unlock tty_lock | .. | tty_unlock | Note that since tty_port_block_til_ready() and similar drop the tty_lock while blocking, when woken, the file pointer must then be tested for having been hung up. Also, fix bit-rotted drivers that used extra_count to track the port->count bump. CC: Mikael Starvik <starvik@axis.com> CC: Samuel Ortiz <samuel@sortiz.org> CC: "David S. Miller" <davem@davemloft.net> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Jesper Nilsson <jesper.nilsson@axis.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-16 17:17:06 +04:00
port->count--;
port->blocked_open++;
spin_unlock_irqrestore(&port->lock, flags);
while (1) {
/* Indicate we are open */
if (C_BAUD(tty) && tty_port_initialized(port))
tty_port_raise_dtr_rts(port);
prepare_to_wait(&port->open_wait, &wait, TASK_INTERRUPTIBLE);
/* Check for a hangup or uninitialised port.
Return accordingly */
if (tty_hung_up_p(filp) || !tty_port_initialized(port)) {
if (port->flags & ASYNC_HUP_NOTIFY)
retval = -EAGAIN;
else
retval = -ERESTARTSYS;
break;
}
/*
* Probe the carrier. For devices with no carrier detect
* tty_port_carrier_raised will always return true.
* Never ask drivers if CLOCAL is set, this causes troubles
* on some hardware.
*/
if (do_clocal || tty_port_carrier_raised(port))
break;
if (signal_pending(current)) {
retval = -ERESTARTSYS;
break;
}
tty_unlock(tty);
schedule();
tty_lock(tty);
}
finish_wait(&port->open_wait, &wait);
/* Update counts. A parallel hangup will have set count to zero and
we must not mess that up further */
spin_lock_irqsave(&port->lock, flags);
if (!tty_hung_up_p(filp))
port->count++;
port->blocked_open--;
spin_unlock_irqrestore(&port->lock, flags);
if (retval == 0)
tty_port_set_active(port, 1);
return retval;
}
EXPORT_SYMBOL(tty_port_block_til_ready);
static void tty_port_drain_delay(struct tty_port *port, struct tty_struct *tty)
{
unsigned int bps = tty_get_baud_rate(tty);
long timeout;
if (bps > 1200) {
timeout = (HZ * 10 * port->drain_delay) / bps;
timeout = max_t(long, timeout, HZ / 10);
} else {
timeout = 2 * HZ;
}
schedule_timeout_interruptible(timeout);
}
tty: Remove tty_wait_until_sent_from_close() tty_wait_until_sent_from_close() drops the tty lock while waiting for the tty driver to finish sending previously accepted data (ie., data remaining in its write buffer and transmit fifo). tty_wait_until_sent_from_close() was added by commit a57a7bf3fc7e ("TTY: define tty_wait_until_sent_from_close") to prevent the entire tty subsystem from being unable to open new ttys while waiting for one tty to close while output drained. However, since commit 0911261d4cb6 ("tty: Don't take tty_mutex for tty count changes"), holding a tty lock while closing does not prevent other ttys from being opened/closed/hung up, but only prevents lifetime event changes for the tty under lock. Holding the tty lock while waiting for output to drain does prevent parallel non-blocking opens (O_NONBLOCK) from advancing or returning while the tty lock is held. However, all parallel opens _already_ block even if the tty lock is dropped while closing and the parallel open advances. Blocking in open has been in mainline since at least 2.6.29 (see tty_port_block_til_ready(); note the test for O_NONBLOCK is _after_ the wait while ASYNC_CLOSING). IOW, before this patch a non-blocking open will sleep anyway for the _entire_ duration of a parallel hardware shutdown, and when it wakes, the error return will cause a release of its tty, and it will restart with a fresh attempt to open. Similarly with a blocking open that is already waiting; when it's woken, the hardware shutdown has already completed to ASYNC_INITIALIZED is not set, which forces a release and restart as well. So, holding the tty lock across the _entire_ close (which is what this patch does), even while waiting for output to drain, is equivalent to the current outcome wrt parallel opens. Cc: Alan Cox <alan@linux.intel.com> Cc: David Laight <David.Laight@aculab.com> CC: Arnd Bergmann <arnd@arndb.de> CC: Karsten Keil <isdn@linux-pingi.de> CC: linuxppc-dev@lists.ozlabs.org Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-10-10 23:00:51 +03:00
/* Caller holds tty lock. */
int tty_port_close_start(struct tty_port *port,
struct tty_struct *tty, struct file *filp)
{
unsigned long flags;
if (tty_hung_up_p(filp))
return 0;
spin_lock_irqsave(&port->lock, flags);
if (tty->count == 1 && port->count != 1) {
tty_warn(tty, "%s: tty->count = 1 port count = %d\n", __func__,
port->count);
port->count = 1;
}
if (--port->count < 0) {
tty_warn(tty, "%s: bad port count (%d)\n", __func__,
port->count);
port->count = 0;
}
if (port->count) {
spin_unlock_irqrestore(&port->lock, flags);
return 0;
}
spin_unlock_irqrestore(&port->lock, flags);
tty: Move tty->closing from port lock critical section tty->closing informs the line discipline that the hardware will be shutting down imminently, and to disable further input other than soft flow control (but to still allow additional output). However, the tty lock is the necessary lock for preventing concurrent changes to tty->closing. As shown by the call-tree audit [1] of functions that modify tty->closing, the tty lock is already held for those functions. [1] Call-tree audit of functions that modify tty->closing * does not include call tree to tty_port_close(), tty_port_close_start(), or tty_port_close_end() which is already documented in 'tty: Document locking for tty_port_close{,start,end}' that shows callers to those 3 functions hold the tty lock tty_release() tty->ops->close() --+ | __tty_hangup() | tty->ops->close() --+ | mp_close():drivers/staging/sb105x/sb_pci_mp.c dngc_tty_close():drivers/staging/dgnc/dgnc_tty.c dgap_tty_close():drivers/staging/dgap/dgap_tty.c dgrp_tty_close():drivers/staging/dgrp/dgrp_tty.c rp_close():drivers/tty/rocket.c hvsi_close():drivers/tty/hvc/hvsi.c rs_close():drivers/tty/serial/68328serial.c rs_close():drivers/tty/serial/crisv10.c uart_close():drivers/tty/serial/serial_core.c isdn_tty_close():drivers/isdn/i4l/isdn_tty.c tty3215_close():drivers/s390/char/con3215.c tty_open() tty_ldisc_setup() ----+ | __tty_hangup() | tty_ldisc_hangup() ---+ | tty_set_ldisc() --------+ tty_ldisc_restore() --+ | +- tty_ldisc_open() ld->ops->open() --+ | +- n_tty_open() Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-16 17:17:03 +04:00
tty->closing = 1;
if (tty_port_initialized(port)) {
/* Don't block on a stalled port, just pull the chain */
if (tty->flow_stopped)
tty_driver_flush_buffer(tty);
if (port->closing_wait != ASYNC_CLOSING_WAIT_NONE)
tty: Remove tty_wait_until_sent_from_close() tty_wait_until_sent_from_close() drops the tty lock while waiting for the tty driver to finish sending previously accepted data (ie., data remaining in its write buffer and transmit fifo). tty_wait_until_sent_from_close() was added by commit a57a7bf3fc7e ("TTY: define tty_wait_until_sent_from_close") to prevent the entire tty subsystem from being unable to open new ttys while waiting for one tty to close while output drained. However, since commit 0911261d4cb6 ("tty: Don't take tty_mutex for tty count changes"), holding a tty lock while closing does not prevent other ttys from being opened/closed/hung up, but only prevents lifetime event changes for the tty under lock. Holding the tty lock while waiting for output to drain does prevent parallel non-blocking opens (O_NONBLOCK) from advancing or returning while the tty lock is held. However, all parallel opens _already_ block even if the tty lock is dropped while closing and the parallel open advances. Blocking in open has been in mainline since at least 2.6.29 (see tty_port_block_til_ready(); note the test for O_NONBLOCK is _after_ the wait while ASYNC_CLOSING). IOW, before this patch a non-blocking open will sleep anyway for the _entire_ duration of a parallel hardware shutdown, and when it wakes, the error return will cause a release of its tty, and it will restart with a fresh attempt to open. Similarly with a blocking open that is already waiting; when it's woken, the hardware shutdown has already completed to ASYNC_INITIALIZED is not set, which forces a release and restart as well. So, holding the tty lock across the _entire_ close (which is what this patch does), even while waiting for output to drain, is equivalent to the current outcome wrt parallel opens. Cc: Alan Cox <alan@linux.intel.com> Cc: David Laight <David.Laight@aculab.com> CC: Arnd Bergmann <arnd@arndb.de> CC: Karsten Keil <isdn@linux-pingi.de> CC: linuxppc-dev@lists.ozlabs.org Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-10-10 23:00:51 +03:00
tty_wait_until_sent(tty, port->closing_wait);
if (port->drain_delay)
tty_port_drain_delay(port, tty);
}
/* Flush the ldisc buffering */
tty_ldisc_flush(tty);
/* Report to caller this is the last port reference */
return 1;
}
EXPORT_SYMBOL(tty_port_close_start);
tty: Document locking for tty_port_close{,start,end}() The tty lock is held when the tty driver's .close method is called (from the two lone call-sites of tty_release() and __tty_hangup()). The call-tree audit[1] of tty_port_close(), tty_port_close_start, and tty_port_close_end() is a closed graph of the callers of these 3 functions; ie., all callers originate from only tty_release() or __tty_hangup(). Of these callers, none drop the tty lock. Also, document tty_port_close_start() may drop and reacquire the tty lock in tty_wait_until_sent_from_close(), which means the tty or tty_port may have changed state (but not reopened or hung up). [1] Call-tree audit of tty_port_close, tty_port_close_start, and tty_port_close_end() tty_release() tty->ops->close() --+ | __tty_hangup() | tty->ops->close() --+ | +- rp_close():drivers/tty/rocket.c -------------------+ +- uart_close():drivers/tty/serial/serial_core.c -----+ | +- tty_port_close_start() | | +- close():drivers/tty/synclinkmp.c ------------------+ +- rs_close():drivers/tty/amiserial.c ----------------+ +- gsmtty_close():drivers/tty/n_gsm.c ----------------+ +- mxser_close():drivers/tty/mxser.c -----------------+ +- close():drivers/tty/synclink_gt.c -----------------+ +- mgsl_close():drivers/tty/synclink.c ---------------+ +- isdn_tty_close():drivers/isdn/i4l/isdn_tty.c ------+ +- mgslpc_close():drivers/char/pcmcia/synclink_cs.c --+ +- ircomm_tty_close():net/irda/ircomm/ircomm_tty.c ---+ | | rs_close():arch/ia64/hp/sim/simserial.c | *line_close():arch/um/drivers/line.c | gdm_tty_close():drivers/staging/gdm724x/gdm_tty.c fwtty_close():drivers/staging/fwserial/fwserial.c acm_tty_close():drivers/usb/class/cdc-acm.c serial_close():drivers/usb/serial/usb-serial.c pti_tty_driver_close():drivers/misc/pti.c ipoctal_close():drivers/ipack/devices/ipoctal.c cy_close():drivers/tty/cyclades.c isicom_close():drivers/tty/isicom.c dashtty_close():drivers/tty/metag_da.c moxa_close():drivers/tty/moxa.c goldfish_tty_close():drivers/tty/goldfish.c ehv_bc_tty_close():drivers/tty/ehv_bytechan.c kgdb_nmi_tty_close():drivers/tty/serial/kgdb_nmi.c ifx_spi_close():drivers/tty/serial/ifx6x60.c smd_tty_close():drivers/tty/serial/msm_smd_tty.c ntty_close():drivers/tty/nozomi.c capinc_tty_close():drivers/isdn/capi/capi.c tpk_close():drivers/char/ttyprintk.c sdio_uart_close():drivers/mmc/card/sdio_uart.c | rfcomm_tty_close():net/bluetooth/rfcomm/tty.c | | | +- tty_port_close():drivers/tty/tty_port.c -----------+ | +- tty_port_close_start() +- tty_port_close_end() * line_close() is the .close method for 2 um drivers, declared in ./arch/um/drivers/stdio_console.c and in ./arch/um/drivers/ssl.c, and not called directly Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-16 17:16:59 +04:00
/* Caller holds tty lock */
void tty_port_close_end(struct tty_port *port, struct tty_struct *tty)
{
unsigned long flags;
tty_ldisc_flush(tty);
tty->closing = 0;
tty: Move tty->closing from port lock critical section tty->closing informs the line discipline that the hardware will be shutting down imminently, and to disable further input other than soft flow control (but to still allow additional output). However, the tty lock is the necessary lock for preventing concurrent changes to tty->closing. As shown by the call-tree audit [1] of functions that modify tty->closing, the tty lock is already held for those functions. [1] Call-tree audit of functions that modify tty->closing * does not include call tree to tty_port_close(), tty_port_close_start(), or tty_port_close_end() which is already documented in 'tty: Document locking for tty_port_close{,start,end}' that shows callers to those 3 functions hold the tty lock tty_release() tty->ops->close() --+ | __tty_hangup() | tty->ops->close() --+ | mp_close():drivers/staging/sb105x/sb_pci_mp.c dngc_tty_close():drivers/staging/dgnc/dgnc_tty.c dgap_tty_close():drivers/staging/dgap/dgap_tty.c dgrp_tty_close():drivers/staging/dgrp/dgrp_tty.c rp_close():drivers/tty/rocket.c hvsi_close():drivers/tty/hvc/hvsi.c rs_close():drivers/tty/serial/68328serial.c rs_close():drivers/tty/serial/crisv10.c uart_close():drivers/tty/serial/serial_core.c isdn_tty_close():drivers/isdn/i4l/isdn_tty.c tty3215_close():drivers/s390/char/con3215.c tty_open() tty_ldisc_setup() ----+ | __tty_hangup() | tty_ldisc_hangup() ---+ | tty_set_ldisc() --------+ tty_ldisc_restore() --+ | +- tty_ldisc_open() ld->ops->open() --+ | +- n_tty_open() Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-16 17:17:03 +04:00
spin_lock_irqsave(&port->lock, flags);
if (port->blocked_open) {
spin_unlock_irqrestore(&port->lock, flags);
if (port->close_delay)
msleep_interruptible(jiffies_to_msecs(port->close_delay));
spin_lock_irqsave(&port->lock, flags);
wake_up_interruptible(&port->open_wait);
}
spin_unlock_irqrestore(&port->lock, flags);
tty_port_set_active(port, 0);
}
EXPORT_SYMBOL(tty_port_close_end);
tty: Document locking for tty_port_close{,start,end}() The tty lock is held when the tty driver's .close method is called (from the two lone call-sites of tty_release() and __tty_hangup()). The call-tree audit[1] of tty_port_close(), tty_port_close_start, and tty_port_close_end() is a closed graph of the callers of these 3 functions; ie., all callers originate from only tty_release() or __tty_hangup(). Of these callers, none drop the tty lock. Also, document tty_port_close_start() may drop and reacquire the tty lock in tty_wait_until_sent_from_close(), which means the tty or tty_port may have changed state (but not reopened or hung up). [1] Call-tree audit of tty_port_close, tty_port_close_start, and tty_port_close_end() tty_release() tty->ops->close() --+ | __tty_hangup() | tty->ops->close() --+ | +- rp_close():drivers/tty/rocket.c -------------------+ +- uart_close():drivers/tty/serial/serial_core.c -----+ | +- tty_port_close_start() | | +- close():drivers/tty/synclinkmp.c ------------------+ +- rs_close():drivers/tty/amiserial.c ----------------+ +- gsmtty_close():drivers/tty/n_gsm.c ----------------+ +- mxser_close():drivers/tty/mxser.c -----------------+ +- close():drivers/tty/synclink_gt.c -----------------+ +- mgsl_close():drivers/tty/synclink.c ---------------+ +- isdn_tty_close():drivers/isdn/i4l/isdn_tty.c ------+ +- mgslpc_close():drivers/char/pcmcia/synclink_cs.c --+ +- ircomm_tty_close():net/irda/ircomm/ircomm_tty.c ---+ | | rs_close():arch/ia64/hp/sim/simserial.c | *line_close():arch/um/drivers/line.c | gdm_tty_close():drivers/staging/gdm724x/gdm_tty.c fwtty_close():drivers/staging/fwserial/fwserial.c acm_tty_close():drivers/usb/class/cdc-acm.c serial_close():drivers/usb/serial/usb-serial.c pti_tty_driver_close():drivers/misc/pti.c ipoctal_close():drivers/ipack/devices/ipoctal.c cy_close():drivers/tty/cyclades.c isicom_close():drivers/tty/isicom.c dashtty_close():drivers/tty/metag_da.c moxa_close():drivers/tty/moxa.c goldfish_tty_close():drivers/tty/goldfish.c ehv_bc_tty_close():drivers/tty/ehv_bytechan.c kgdb_nmi_tty_close():drivers/tty/serial/kgdb_nmi.c ifx_spi_close():drivers/tty/serial/ifx6x60.c smd_tty_close():drivers/tty/serial/msm_smd_tty.c ntty_close():drivers/tty/nozomi.c capinc_tty_close():drivers/isdn/capi/capi.c tpk_close():drivers/char/ttyprintk.c sdio_uart_close():drivers/mmc/card/sdio_uart.c | rfcomm_tty_close():net/bluetooth/rfcomm/tty.c | | | +- tty_port_close():drivers/tty/tty_port.c -----------+ | +- tty_port_close_start() +- tty_port_close_end() * line_close() is the .close method for 2 um drivers, declared in ./arch/um/drivers/stdio_console.c and in ./arch/um/drivers/ssl.c, and not called directly Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-16 17:16:59 +04:00
/**
* tty_port_close
*
* Caller holds tty lock
*/
void tty_port_close(struct tty_port *port, struct tty_struct *tty,
struct file *filp)
{
if (tty_port_close_start(port, tty, filp) == 0)
return;
tty_port_shutdown(port, tty);
set_bit(TTY_IO_ERROR, &tty->flags);
tty_port_close_end(port, tty);
tty_port_tty_set(port, NULL);
}
EXPORT_SYMBOL(tty_port_close);
/**
* tty_port_install - generic tty->ops->install handler
* @port: tty_port of the device
* @driver: tty_driver for this device
* @tty: tty to be installed
*
* It is the same as tty_standard_install except the provided @port is linked
* to a concrete tty specified by @tty. Use this or tty_port_register_device
* (or both). Call tty_port_link_device as a last resort.
*/
int tty_port_install(struct tty_port *port, struct tty_driver *driver,
struct tty_struct *tty)
{
tty->port = port;
return tty_standard_install(driver, tty);
}
EXPORT_SYMBOL_GPL(tty_port_install);
tty: Document locking for tty_port_open() The tty lock is held when the tty driver's open method is called (from the lone call-site, tty_open()). The call-tree audit [1] of tty_port_open() is a closed graph of the callers of tty_port_open(); ie., all callers originate from only tty_open(). Of these callers, none drop the tty lock. Also, document that tty_port_block_til_ready() may drop and reacquire the tty lock when blocking, which means the tty or tty_port may have changed state. [1] Call-tree audit of tty_port_open() tty_open() tty->ops->open() --+ | rs_open():arch/ia64/hp/sim/simserial.c *line_open():arch/um/drivers/line.c gdm_tty_open():drivers/staging/gdm724x/gdm_tty.c fwtty_open():drivers/staging/fwserial/fwserial.c acm_tty_open():drivers/usb/class/cdc-acm.c serial_open():drivers/usb/serial/usb-serial.c pti_tty_driver_open():drivers/misc/pti.c ipoctal_open():drivers/ipack/devices/ipoctal.c isicom_open():drivers/tty/isicom.c dashtty_open():drivers/tty/metag_da.c goldfish_tty_open():drivers/tty/goldfish.c ehv_bc_tty_open():drivers/tty/ehv_bytechan.c mxser_open():drivers/tty/mxser.c kgdb_nmi_tty_open():drivers/tty/serial/kgdb_nmi.c ifx_spi_open():drivers/tty/serial/ifx6x60.c smd_tty_open():drivers/tty/serial/msm_smd_tty.c ntty_open():drivers/tty/nozomi.c capinc_tty_open():drivers/isdn/capi/capi.c tpk_open():drivers/char/ttyprintk.c sdio_uart_open():drivers/mmc/card/sdio_uart.c rfcomm_tty_open():net/bluetooth/rfcomm/tty.c | +- tty_port_open() * line_open() is the .open method for 2 um drivers declared in ./arch/um/drivers/stdio_console.c and in ./arch/um/drivers/ssl.c, and not called directly Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-16 17:17:00 +04:00
/**
* tty_port_open
*
* Caller holds tty lock.
*
* NB: may drop and reacquire tty lock (in tty_port_block_til_ready()) so
* tty and tty_port may have changed state (eg., may be hung up now)
*/
int tty_port_open(struct tty_port *port, struct tty_struct *tty,
struct file *filp)
{
spin_lock_irq(&port->lock);
tty: Remove tty_hung_up_p() tests from tty drivers' open() Since at least before 2.6.30, it has not been possible to observe a hung up file pointer in a tty driver's open() method unless/until the driver open() releases the tty_lock() (eg., before blocking). This is because tty_open() adds the file pointer while holding the tty_lock() _and_ doesn't release the lock until after calling the tty driver's open() method. [ Before tty_lock(), this was lock_kernel(). ] Since __tty_hangup() first waits on the tty_lock() before enumerating and hanging up the open file pointers, either __tty_hangup() will wait for the tty_lock() or tty_open() will not yet have added the file pointer. For example, CPU 0 | CPU 1 | tty_open | __tty_hangup .. | .. tty_lock | .. tty_reopen | tty_lock / blocks .. | tty_add_file(tty, filp) | .. | tty->ops->open(tty, filp) | tty_port_open | tty_port_block_til_ready | .. | while (1) | .. | tty_unlock | / unblocks schedule | for each filp on tty->tty_files | f_ops = tty_hung_up_fops; | .. | tty_unlock tty_lock | .. | tty_unlock | Note that since tty_port_block_til_ready() and similar drop the tty_lock while blocking, when woken, the file pointer must then be tested for having been hung up. Also, fix bit-rotted drivers that used extra_count to track the port->count bump. CC: Mikael Starvik <starvik@axis.com> CC: Samuel Ortiz <samuel@sortiz.org> CC: "David S. Miller" <davem@davemloft.net> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Jesper Nilsson <jesper.nilsson@axis.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-16 17:17:06 +04:00
++port->count;
spin_unlock_irq(&port->lock);
tty_port_tty_set(port, tty);
/*
* Do the device-specific open only if the hardware isn't
* already initialized. Serialize open and shutdown using the
* port mutex.
*/
mutex_lock(&port->mutex);
if (!tty_port_initialized(port)) {
clear_bit(TTY_IO_ERROR, &tty->flags);
if (port->ops->activate) {
int retval = port->ops->activate(port, tty);
if (retval) {
mutex_unlock(&port->mutex);
return retval;
}
}
tty_port_set_initialized(port, 1);
}
mutex_unlock(&port->mutex);
return tty_port_block_til_ready(port, tty, filp);
}
EXPORT_SYMBOL(tty_port_open);