On Wed, May 31, 2017 at 10:39:23AM +0200, Dmitry Vyukov wrote: > On Tue, May 30, 2017 at 2:09 PM, Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx> wrote: > >> >> I'll think about possible solutions, but I have no prior experience > >> >> with the tty code. In the meantime syzkaller also hit a couple of > >> >> other fun tty/pty bugs including a write/ioctl race that results in > >> >> buffer overflow :-/ > > > > There are several of those, including some of that have been documented > > for years but nobody ever volunteered to fix - in particular all the > > interfaces that push characters to the tty other than via the normal > > interrupt receive path are dodgy (console selection in particular) > > > > The original tty model btw was that setting the ldisc to n_tty cannot > > fail, and the structure allocated was smaller than a page size so was > > safe. > > > > The simple way to fix it is to restore that behaviour by adding a 'null' > > ldisc that we can fail to instead of N_TTY since the N_TTY failback path > > is long broken. > > Greg, what do you think about this patch? Are you ready to accept > something like this? > Definitely shorter than changing all drivers. Yes, it looks reasonable to me. -- To unsubscribe from this list: send the line "unsubscribe linux-serial" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html