Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 8bfbe2de769afda051c56aba5450391670e769fc
commit8bfbe2de769afda051c56aba5450391670e769fc[log] [tgz]
authorChristian Riesch <christian.riesch@omicron.at>Thu Nov 13 05:53:26 2014 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Wed Nov 26 19:35:48 2014 -0800
treeb15c341998358b3a8df969d8240e7874980d86d8
parent8ad3b1352693972b737607c7b9c89b56d45fea9b [diff]
n_tty: Fix read_buf race condition, increment read_head after pushing data

Commit 19e2ad6a09f0c06dbca19c98e5f4584269d913dd ("n_tty: Remove overflow
tests from receive_buf() path") moved the increment of read_head into
the arguments list of read_buf_addr(). Function calls represent a
sequence point in C. Therefore read_head is incremented before the
character c is placed in the buffer. Since the circular read buffer is
a lock-less design since commit 6d76bd2618535c581f1673047b8341fd291abc67
("n_tty: Make N_TTY ldisc receive path lockless"), this creates a race
condition that leads to communication errors.

This patch modifies the code to increment read_head _after_ the data
is placed in the buffer and thus fixes the race for non-SMP machines.
To fix the problem for SMP machines, memory barriers must be added in
a separate patch.

Signed-off-by: Christian Riesch <christian.riesch@omicron.at>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: b15c341998358b3a8df969d8240e7874980d86d8
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS