microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/drivers/tty
История
Jiri Slaby b2d1e4cd55 tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() 
commit a501ab75e7 upstream.

There is a race in pty_write(). pty_write() can be called in parallel
with e.g. ioctl(TIOCSTI) or ioctl(TCXONC) which also inserts chars to
the buffer. Provided, tty_flip_buffer_push() in pty_write() is called
outside the lock, it can commit inconsistent tail. This can lead to out
of bounds writes and other issues. See the Link below.

To fix this, we have to introduce a new helper called
tty_insert_flip_string_and_push_buffer(). It does both
tty_insert_flip_string() and tty_flip_buffer_commit() under the port
lock. It also calls queue_work(), but outside the lock. See
71a174b39f (pty: do tty_flip_buffer_push without port->lock in
pty_write) for the reasons.

Keep the helper internal-only (in drivers' tty.h). It is not intended to
be used widely.

Link: https://seclists.org/oss-sec/2022/q2/155
Fixes: 71a174b39f (pty: do tty_flip_buffer_push without port->lock in pty_write)
Cc: 一只狗 <chennbnbnb@gmail.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Suggested-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Link: https://lore.kernel.org/r/20220707082558.9250-2-jslaby@suse.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2022-07-29 17:25:32 +02:00
..
hvc tty: hvc: fix return value of __setup handler 2022-04-08 14:23:50 +02:00
ipwireless
serdev
serial tty: drivers/tty/, stop using tty_schedule_flip() 2022-07-29 17:25:31 +02:00
vt tty: drivers/tty/, stop using tty_schedule_flip() 2022-07-29 17:25:31 +02:00
Kconfig
Makefile
amiserial.c
ehv_bytechan.c
goldfish.c tty: drivers/tty/, stop using tty_schedule_flip() 2022-07-29 17:25:31 +02:00
mips_ejtag_fdc.c
moxa.c tty: drivers/tty/, stop using tty_schedule_flip() 2022-07-29 17:25:31 +02:00
moxa.h
mxser.c mxser: fix xmit_buf leak in activate when LSR == 0xff 2022-04-08 14:23:43 +02:00
n_gsm.c tty: n_gsm: fix encoding of command/response bit 2022-07-12 16:35:11 +02:00
n_hdlc.c
n_null.c
n_tty.c tty: n_tty: Restore EOF push handling behavior 2022-06-14 18:36:03 +02:00
nozomi.c
pty.c tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() 2022-07-29 17:25:32 +02:00
synclink_gt.c tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() 2022-06-14 18:36:20 +02:00
sysrq.c sysrq: do not omit current cpu when showing backtrace of all active CPUs 2022-06-14 18:36:21 +02:00
tty.h tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() 2022-07-29 17:25:32 +02:00
tty_audit.c
tty_baudrate.c
tty_buffer.c tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() 2022-07-29 17:25:32 +02:00
tty_io.c
tty_ioctl.c
tty_jobctrl.c
tty_ldisc.c
tty_ldsem.c
tty_mutex.c
tty_port.c
ttynull.c
vcc.c