aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/block
diff options
context:
space:
mode:
authorJiri Olsa <jolsa@redhat.com>2010-11-08 19:01:47 +0100
committerGreg Kroah-Hartman <gregkh@suse.de>2010-11-09 15:02:02 -0800
commite045fec48970df84647a47930fcf7a22ff7229c0 (patch)
tree166eeaf241f594ab70f6cc4da80d3b194228f931 /drivers/block
parentc9bd9d01db02319c33767da5ee310ea37afda059 (diff)
downloadkernel_samsung_smdk4412-e045fec48970df84647a47930fcf7a22ff7229c0.zip
kernel_samsung_smdk4412-e045fec48970df84647a47930fcf7a22ff7229c0.tar.gz
kernel_samsung_smdk4412-e045fec48970df84647a47930fcf7a22ff7229c0.tar.bz2
tty: prevent DOS in the flush_to_ldisc
There's a small window inside the flush_to_ldisc function, where the tty is unlocked and calling ldisc's receive_buf function. If in this window new buffer is added to the tty, the processing might never leave the flush_to_ldisc function. This scenario will hog the cpu, causing other tty processing starving, and making it impossible to interface the computer via tty. I was able to exploit this via pty interface by sending only control characters to the master input, causing the flush_to_ldisc to be scheduled, but never actually generate any output. To reproduce, please run multiple instances of following code. - SNIP #define _XOPEN_SOURCE #include <stdlib.h> #include <stdio.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> int main(int argc, char **argv) { int i, slave, master = getpt(); char buf[8192]; sprintf(buf, "%s", ptsname(master)); grantpt(master); unlockpt(master); slave = open(buf, O_RDWR); if (slave < 0) { perror("open slave failed"); return 1; } for(i = 0; i < sizeof(buf); i++) buf[i] = rand() % 32; while(1) { write(master, buf, sizeof(buf)); } return 0; } - SNIP The attached patch (based on -next tree) fixes this by checking on the tty buffer tail. Once it's reached, the current work is rescheduled and another could run. Signed-off-by: Jiri Olsa <jolsa@redhat.com> Cc: stable <stable@kernel.org> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/block')
0 files changed, 0 insertions, 0 deletions