Prevent an O_NDELAY writer from blocking when a tty write is blocked by the tty atomic writer mutex

Without this a tty write could block if a previous blocking tty write was in progress on the same tty and blocked by a line discipline or hardware event. Originally found and reported by Dave Johnson. Signed-off-by: Alan Cox <alan@redhat.com> Acked-by: Dave Johnson <djohnson+linux-kernel@sw.starentnetworks.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Alan Cox <alan@redhat.com> 2007-07-16 02:39:43 -0400
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-07-16 12:05:41 -0400
commit: 9c1729db3e6d738f872bcb090212af00473bf666 (patch)
tree: be68b99784607953fb50d9330d34c2728215be57 /drivers/char/tty_io.c
parent: c9c64155f5a81b4b41e98f9fb9c464a565c1bf72 (diff)
1 files changed, 28 insertions, 12 deletions
diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index a96f26a63fa2..a37e6330db8a 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -1726,6 +1726,23 @@ static ssize_t tty_read(struct file * file, char __user * buf, size_t count,
        return i;
 }
+void tty_write_unlock(struct tty_struct *tty)
+{
+        mutex_unlock(&tty->atomic_write_lock);
+        wake_up_interruptible(&tty->write_wait);
+}
+int tty_write_lock(struct tty_struct *tty, int ndelay)
+{
+        if (!mutex_trylock(&tty->atomic_write_lock)) {
+                if (ndelay)
+                        return -EAGAIN;
+                if (mutex_lock_interruptible(&tty->atomic_write_lock))
+                        return -ERESTARTSYS;
+        }
+        return 0;
+}
 /*
 * Split writes up in sane blocksizes to avoid
 * denial-of-service type attacks
@@ -1737,13 +1754,12 @@ static inline ssize_t do_tty_write(
        const char __user *buf,
        size_t count)
 {
-        ssize_t ret = 0, written = 0;
+        ssize_t ret, written = 0;
        unsigned int chunk;
        
-        /* FIXME: O_NDELAY ... */
+        ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
-        if (mutex_lock_interruptible(&tty->atomic_write_lock)) {
+        if (ret < 0)
-                return -ERESTARTSYS;
+                return ret;
-        }
        /*
         * We chunk up writes into a temporary buffer. This
@@ -1776,8 +1792,8 @@ static inline ssize_t do_tty_write(
                buf = kmalloc(chunk, GFP_KERNEL);
                if (!buf) {
-                        mutex_unlock(&tty->atomic_write_lock);
+                        ret = -ENOMEM;
-                        return -ENOMEM;
+                        goto out;
                }
                kfree(tty->write_buf);
                tty->write_cnt = chunk;
@@ -1812,7 +1828,8 @@ static inline ssize_t do_tty_write(
                inode->i_mtime = current_fs_time(inode->i_sb);
                ret = written;
        }
-        mutex_unlock(&tty->atomic_write_lock);
+out:
+        tty_write_unlock(tty);
        return ret;
 }
@@ -3163,14 +3180,13 @@ static int tiocsetd(struct tty_struct *tty, int __user *p)
 static int send_break(struct tty_struct *tty, unsigned int duration)
 {
-        if (mutex_lock_interruptible(&tty->atomic_write_lock))
+        if (tty_write_lock(tty, 0) < 0)
                return -EINTR;
        tty->driver->break_ctl(tty, -1);
-        if (!signal_pending(current)) {
+        if (!signal_pending(current))
                msleep_interruptible(duration);
-        }
        tty->driver->break_ctl(tty, 0);
-        mutex_unlock(&tty->atomic_write_lock);
+        tty_write_unlock(tty);
        if (signal_pending(current))
                return -EINTR;
        return 0;
author	Alan Cox <alan@redhat.com>	2007-07-16 02:39:43 -0400
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-07-16 12:05:41 -0400
commit	9c1729db3e6d738f872bcb090212af00473bf666 (patch)
tree	be68b99784607953fb50d9330d34c2728215be57 /drivers/char/tty_io.c
parent	c9c64155f5a81b4b41e98f9fb9c464a565c1bf72 (diff)