summaryrefslogtreecommitdiffstats
path: root/drivers/tty/tty_buffer.c
AgeCommit message (Collapse)AuthorFilesLines
2013-04-09tty: Fix race condition if flushing tty flip buffersPeter Hurley1-12/+10
As Ilya Zykov identified in his patch 'PROBLEM: Race condition in tty buffer's function flush_to_ldisc()', a race condition exists which allows a parallel flush_to_ldisc() to flush and free the tty flip buffers while those buffers are in-use. For example, CPU 0 | CPU 1 | CPU 2 | flush_to_ldisc() | | grab spin lock | tty_buffer_flush() | | flush_to_ldisc() wait for spin lock | | wait for spin lock | if (!test_and_set_bit(TTYP_FLUSHING)) | | while (next flip buffer) | | ... | | drop spin lock | grab spin lock | | if (test_bit(TTYP_FLUSHING)) | | set_bit(TTYP_FLUSHPENDING) | receive_buf() | drop spin lock | | | | grab spin lock | | if (!test_and_set_bit(TTYP_FLUSHING)) | | if (test_bit(TTYP_FLUSHPENDING)) | | __tty_buffer_flush() CPU 2 has just flushed and freed all tty flip buffers while CPU 1 is transferring data from the head flip buffer. The original patch was rejected under the assumption that parallel flush_to_ldisc() was not possible. Because of necessary changes to the workqueue api, work items can execute in parallel on SMP. This patch differs slightly from the original patch by testing for a pending flush _after_ each receive_buf(), since TTYP_FLUSHPENDING can only be set while the lock is dropped around receive_buf(). Reported-by: Ilya Zykov <linux@izyk.ru> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Ilya Zykov <linux@izyk.ru> Cc: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-03-04TTY: disable debugging warningJiri Slaby1-1/+1
We added a warning to flush_to_ldisc to report cases when it is called with a NULL tty. It was for debugging purposes and it lead to a patchset from Peter Hurley. The patchset however did not make it to 3.9, so disable the warning now to not disturb people. We can re-add it when the series is in and we are hunting for another bugs. Reported-by: David Miller <davem@davemloft.net> Cc: stable <stable@vger.kernel.org> # 3.8 Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-02-13pps: Move timestamp read into PPS code properGeorge Spelvin1-0/+1
The PPS (Pulse-Per-Second) line discipline has developed a number of unhealthy attachments to core tty data and functions, ultimately leading to its breakage. The previous patches fixed the crashing. This one reduces coupling further by eliminating the timestamp parameter from the dcd_change ldisc method. This reduces header file linkage and makes the extension more generic, and the timestamp read is delayed only slightly, from just before the ldisc->ops->dcd_change method call to just after. Fix attendant build breakage in drivers/tty/n_tty.c drivers/tty/tty_buffer.c drivers/staging/speakup/selection.c drivers/staging/dgrp/dgrp_*.c Cc: William Hubbs <w.d.hubbs@gmail.com> Cc: Chris Brannon <chris@the-brannons.com> Cc: Kirk Reiser <kirk@braille.uwo.ca> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: George Spelvin <linux@horizon.com> Acked-by: Rodolfo Giometti <giometti@enneenne.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-01-20tty: Correct tty buffer flush.Ilya Zykov1-70/+22
The root of problem is carelessly zeroing pointer(in function __tty_buffer_flush()), when another thread can use it. It can be cause of "NULL pointer dereference". Main idea of the patch, this is never free last (struct tty_buffer) in the active buffer. Only flush the data for ldisc(buf->head->read = buf->head->commit). At that moment driver can collect(write) data in buffer without conflict. It is repeat behavior of flush_to_ldisc(), only without feeding data to ldisc. Also revert: commit c56a00a165712fd73081f40044b1e64407bb1875 tty: hold lock across tty buffer finding and buffer filling In order to delete the unneeded locks any more. Signed-off-by: Ilya Zykov <ilya@ilyx.ru> CC: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-01-15TTY: switch tty_schedule_flipJiri Slaby1-4/+4
Now, we start converting tty buffer functions to actually use tty_port. This will allow us to get rid of the need of tty in many call sites. Only tty_port will needed and hence no more tty_port_tty_get in those paths. This is the last one: tty_schedule_flip Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-01-15TTY: switch tty_flip_buffer_pushJiri Slaby1-4/+4
Now, we start converting tty buffer functions to actually use tty_port. This will allow us to get rid of the need of tty in many call sites. Only tty_port will needed and hence no more tty_port_tty_get in those paths. Now, the one where most of tty_port_tty_get gets removed: tty_flip_buffer_push. IOW we also closed all the races in drivers not using tty_port_tty_get at all yet. Also we move tty_flip_buffer_push declaration from include/linux/tty.h to include/linux/tty_flip.h to all others while we are changing it anyway. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-01-15TTY: move low_latency to tty_portJiri Slaby1-4/+5
One point is to have less places where we actually need tty pointer. The other is that low_latency is bound to buffer processing and buffers are now in tty_port. So it makes sense to move low_latency to tty_port too. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-01-15TTY: convert more flipping functionsJiri Slaby1-16/+16
Now, we start converting tty buffer functions to actually use tty_port. This will allow us to get rid of the need of tty pointer in many call sites. Only tty_port will be needed and hence no more tty_port_tty_get calls in those paths. Now 4 string flipping ones are on turn: * tty_insert_flip_string_flags * tty_insert_flip_string_fixed_flag * tty_prepare_flip_string * tty_prepare_flip_string_flags Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-01-15TTY: switch tty_buffer_request_room to tty_portJiri Slaby1-3/+2
Now, we start converting tty buffer functions to actually use tty_port. This will allow us to get rid of the need of tty pointer in many call sites. Only tty_port will be needed and hence no more tty_port_tty_get calls in those paths. Here we start with tty_buffer_request_room. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-10-25tty: add missing newlines to WARN_RATELIMITSasha Levin1-1/+1
WARN_RATELIMIT() expects the warning to end with a newline if one is needed. Not doing so results in odd looking warnings such as: [ 1339.454272] tty is NULLPid: 7147, comm: kworker/4:0 Tainted: G W 3.7.0-rc2-next-20121025-sasha-00001-g673f98e-dirty #75 Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-10-24TTY: Report warning when low_latency flag is wrongly usedIvo Sieben1-0/+1
When a driver has the low_latency flag set and uses the schedule_flip() function to initiate copying data to the line discipline, a workqueue is scheduled in but never actually flushed. This is incorrect use of the low_latency flag (driver should not support the low_latency flag, or use the tty_flip_buffer_push() function instead). Make sure a warning is reported to catch incorrect use of the low_latency flag. This patch goes with: cee4ad1ed90a0959fc29f9d30a2526e5e9522cfa Signed-off-by: Ivo Sieben <meltedpianoman@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-10-22TTY: move tty buffers to tty_portJiri Slaby1-49/+53
So this is it. The big step why we did all the work over the past kernel releases. Now everything is prepared, so nothing protects us from doing that big step. | | \ \ nnnn/^l | | | | \ / / | | | '-,.__ => \/ ,-` => | '-,.__ | O __.´´) ( .` | O __.´´) ~~~ ~~ `` ~~~ ~~ The buffers are now in the tty_port structure and we can start teaching the buffer helpers (insert char/string, flip etc.) to use tty_port instead of tty_struct all around. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-10-22TTY: tty_buffer, cache pointer to tty->bufJiri Slaby1-56/+76
During the move of tty buffers from tty_struct to tty_port, we will need to switch all users of buf to tty->port->buf. There are many functions where this is accessed directly in their code many times. Cache the tty->buf pointer in such functions now and change only single lines in each function in the next patch. Not that it is convenient for the next patch, but the code is now also more readable. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-10-22TTY: move TTY_FLUSH* flags to tty_portJiri Slaby1-8/+10
They are only TTY buffers specific. And the buffers will go to tty_port in the next patches. So to remove the need to have both tty_port and tty_struct at some places, let us move the flags to tty_port. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-10-22tty: prevent unnecessary work queue lock checking on flip buffer copyIvo Sieben1-1/+4
When low_latency flag is set the TTY receive flip buffer is copied to the line discipline directly instead of using a work queue in the background. Therefor only in case a workqueue is actually used for copying data to the line discipline we'll have to flush the workqueue. This prevents unnecessary spin lock/unlock on the workqueue spin lock that can cause additional scheduling overhead on a PREEMPT_RT system. On a 200 MHz AT91SAM9261 processor setup this fixes about 100us of scheduling overhead on the TTY read call. Signed-off-by: Ivo Sieben <meltedpianoman@gmail.com> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-04-09tty: hold lock across tty buffer finding and buffer fillingXiaobing Tu1-20/+65
tty_buffer_request_room is well protected, but while after it returns, it releases the port->lock. tty->buf.tail might be modified by either irq handler or other threads. The patch adds more protection by holding the lock across tty buffer finding and buffer filling. Signed-off-by: Alek Du <alek.du@intel.com> Signed-off-by: Xiaobing Tu <xiaobing.tu@intel.com> Cc: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2011-06-08tty_buffer: get rid of 'seen_tail' logic in flush_to_ldiscLinus Torvalds1-12/+2
The flush_to_ldisc() work entry has special logic to notice when it has seen the original tail of the data queue, and it avoids continuing the flush if it sees that _original_ tail rather than the current tail. This logic can trigger in case somebody is constantly adding new data to the tty while the flushing is active - and the intent is to avoid excessive CPU usage while flushing the tty, especially as we used to do this from a softirq context which made it non-preemptible. However, since we no longer re-arm the work-queue from within itself (because that causes other trouble: see commit a5660b41af6a "tty: fix endless work loop when the buffer fills up"), this just leads to possible hung tty's (most easily seen in SMP and with a test-program that floods a pty with data - nobody seems to have reported this for any real-life situation yet). And since the workqueue isn't done from timers and softirq's any more, it's doubtful whether the CPU useage issue is really relevant any more. So just remove the logic entirely, and see if anybody ever notices. Alternatively, we might want to re-introduce the "re-arm the work" for just this case, but then we'd have to re-introduce the delayed work model or some explicit timer, which really doesn't seem worth it for this. Reported-and-tested-by: Guillaume Chazarain <guichaz@gmail.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Felipe Balbi <balbi@ti.com> Cc: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-06-04Revert "tty: make receive_buf() return the amout of bytes received"Linus Torvalds1-9/+6
This reverts commit b1c43f82c5aa265442f82dba31ce985ebb7aa71c. It was broken in so many ways, and results in random odd pty issues. It re-introduced the buggy schedule_work() in flush_to_ldisc() that can cause endless work-loops (see commit a5660b41af6a: "tty: fix endless work loop when the buffer fills up"). It also used an "unsigned int" return value fo the ->receive_buf() function, but then made multiple functions return a negative error code, and didn't actually check for the error in the caller. And it didn't actually work at all. BenH bisected down odd tty behavior to it: "It looks like the patch is causing some major malfunctions of the X server for me, possibly related to PTYs. For example, cat'ing a large file in a gnome terminal hangs the kernel for -minutes- in a loop of what looks like flush_to_ldisc/workqueue code, (some ftrace data in the quoted bits further down). ... Some more data: It -looks- like what happens is that the flush_to_ldisc work queue entry constantly re-queues itself (because the PTY is full ?) and the workqueue thread will basically loop forver calling it without ever scheduling, thus starving the consumer process that could have emptied the PTY." which is pretty much exactly the problem we fixed in a5660b41af6a. Milton Miller pointed out the 'unsigned int' issue. Reported-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reported-by: Milton Miller <miltonm@bga.com> Cc: Stefan Bigler <stefan.bigler@keymile.com> Cc: Toby Gray <toby.gray@realvnc.com> Cc: Felipe Balbi <balbi@ti.com> Cc: Greg Kroah-Hartman <gregkh@suse.de> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-04-22tty: make receive_buf() return the amout of bytes receivedFelipe Balbi1-6/+9
it makes it simpler to keep track of the amount of bytes received and simplifies how flush_to_ldisc counts the remaining bytes. It also fixes a bug of lost bytes on n_tty when flushing too many bytes via the USB serial gadget driver. Tested-by: Stefan Bigler <stefan.bigler@keymile.com> Tested-by: Toby Gray <toby.gray@realvnc.com> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-04tty: fix endless work loop when the buffer fills upLinus Torvalds1-3/+1
Commit f23eb2b2b285 ('tty: stop using "delayed_work" in the tty layer') ended up causing hung machines on UP with no preemption, because the work routine to flip the buffer data to the ldisc would endlessly re-arm itself if the destination buffer had filled up. With the delayed work, that only caused a timer-driving polling of the tty state every timer tick, but without the delay we just ended up with basically a busy loop instead. Stop the insane polling, and instead make the code that opens up the receive room re-schedule the buffer flip work. That's what we should have been doing anyway. This same "poll for tty room" issue is almost certainly also the cause of excessive kworker activity when idle reported by Dave Jones, who also reported "flush_to_ldisc executing 2500 times a second" back in Nov 2010: http://lkml.org/lkml/2010/11/30/592 which is that silly flushing done every timer tick. Wasting both power and CPU for no good reason. Reported-and-tested-by: Alexander Beregalov <a.beregalov@gmail.com> Reported-and-tested-by: Sitsofe Wheeler <sitsofe@yahoo.com> Cc: Greg KH <gregkh@suse.de> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Dave Jones <davej@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-03-22tty: stop using "delayed_work" in the tty layerLinus Torvalds1-7/+7
Using delayed-work for tty flip buffers ends up causing us to wait for the next tick to complete some actions. That's usually not all that noticeable, but for certain latency-critical workloads it ends up being totally unacceptable. As an extreme case of this, passing a token back-and-forth over a pty will take two ticks per iteration, so even just a thousand iterations will take 8 seconds assuming a common 250Hz configuration. Avoiding the whole delayed work issue brings that ping-pong test-case down to 0.009s on my machine. In more practical terms, this latency has been a performance problem for things like dive computer simulators (simulating the serial interface using the ptys) and for other environments (Alan mentions a CP/M emulator). Reported-by: Jef Driesen <jefdriesen@telenet.be> Acked-by: Greg KH <gregkh@suse.de> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-11-09tty: prevent DOS in the flush_to_ldiscJiri Olsa1-2/+12
There's a small window inside the flush_to_ldisc function, where the tty is unlocked and calling ldisc's receive_buf function. If in this window new buffer is added to the tty, the processing might never leave the flush_to_ldisc function. This scenario will hog the cpu, causing other tty processing starving, and making it impossible to interface the computer via tty. I was able to exploit this via pty interface by sending only control characters to the master input, causing the flush_to_ldisc to be scheduled, but never actually generate any output. To reproduce, please run multiple instances of following code. - SNIP #define _XOPEN_SOURCE #include <stdlib.h> #include <stdio.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> int main(int argc, char **argv) { int i, slave, master = getpt(); char buf[8192]; sprintf(buf, "%s", ptsname(master)); grantpt(master); unlockpt(master); slave = open(buf, O_RDWR); if (slave < 0) { perror("open slave failed"); return 1; } for(i = 0; i < sizeof(buf); i++) buf[i] = rand() % 32; while(1) { write(master, buf, sizeof(buf)); } return 0; } - SNIP The attached patch (based on -next tree) fixes this by checking on the tty buffer tail. Once it's reached, the current work is rescheduled and another could run. Signed-off-by: Jiri Olsa <jolsa@redhat.com> Cc: stable <stable@kernel.org> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-05TTY: create drivers/tty and move the tty core files thereGreg Kroah-Hartman1-0/+524
The tty code should be in its own subdirectory and not in the char driver with all of the cruft that is currently there. Based on work done by Arnd Bergmann <arnd@arndb.de> Acked-by: Arnd Bergmann <arnd@arndb.de> Cc: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>