aboutsummaryrefslogtreecommitdiff
path: root/include/linux/fpga/fpga-bridge.h
diff options
context:
space:
mode:
authorTetsuo Handa <[email protected]>2018-05-26 09:53:14 +0900
committerGreg Kroah-Hartman <[email protected]>2018-06-28 21:30:16 +0900
commitebec3f8f5271139df618ebdf8427e24ba102ba94 (patch)
tree6badd6fd0faa57bf1947bd98af158590ef6857c9 /include/linux/fpga/fpga-bridge.h
parent3d63b7e4ae0dc5e02d28ddd2fa1f945defc68d81 (diff)
n_tty: Access echo_* variables carefully.
syzbot is reporting stalls at __process_echoes() [1]. This is because since ldata->echo_commit < ldata->echo_tail becomes true for some reason, the discard loop is serving as almost infinite loop. This patch tries to avoid falling into ldata->echo_commit < ldata->echo_tail situation by making access to echo_* variables more carefully. Since reset_buffer_flags() is called without output_lock held, it should not touch echo_* variables. And omit a call to reset_buffer_flags() from n_tty_open() by using vzalloc(). Since add_echo_byte() is called without output_lock held, it needs memory barrier between storing into echo_buf[] and incrementing echo_head counter. echo_buf() needs corresponding memory barrier before reading echo_buf[]. Lack of handling the possibility of not-yet-stored multi-byte operation might be the reason of falling into ldata->echo_commit < ldata->echo_tail situation, for if I do WARN_ON(ldata->echo_commit == tail + 1) prior to echo_buf(ldata, tail + 1), the WARN_ON() fires. Also, explicitly masking with buffer for the former "while" loop, and use ldata->echo_commit > tail for the latter "while" loop. [1] https://syzkaller.appspot.com/bug?id=17f23b094cd80df750e5b0f8982c521ee6bcbf40 Signed-off-by: Tetsuo Handa <[email protected]> Reported-by: syzbot <[email protected]> Cc: Peter Hurley <[email protected]> Cc: stable <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Diffstat (limited to 'include/linux/fpga/fpga-bridge.h')
0 files changed, 0 insertions, 0 deletions