The patch titled n_tty: loss of sync following a buffer overflow has been added to the -mm tree. Its filename is n_tty-loss-of-sync-following-a-buffer-overflow.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find out what to do about this The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: n_tty: loss of sync following a buffer overflow From: Rupesh Sugathan <Rupesh.Sugathan@xxxxxxxxx> There seems to be a synchronization issue with the n_tty.c driver when working in canonical mode. The n_tty rightly discards data received following a buffer overflow and hence the tty->read_cnt is not updated. However, the newline characters received following a buffer overflow seems to increment the tty->canon_data index. This may result in a loss of sync between the tty->canon_data & tty->read_cnt while processing read in the read_chan(). This loss of sync might be irrecoverable even when the data is later received at a slower rate. I am not very sure if there is any deliberate rationale to process the newlines even when the buffer has overflown. Signed-off-by: Rupesh Sugathan <Rupesh.Sugathan@xxxxxxxxx> Cc: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> Cc: Paul Fulghum <paulkf@xxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- drivers/char/n_tty.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff -puN drivers/char/n_tty.c~n_tty-loss-of-sync-following-a-buffer-overflow drivers/char/n_tty.c --- a/drivers/char/n_tty.c~n_tty-loss-of-sync-following-a-buffer-overflow +++ a/drivers/char/n_tty.c @@ -850,15 +850,17 @@ send_signal: put_tty_queue(c, tty); handle_newline: - spin_lock_irqsave(&tty->read_lock, flags); - set_bit(tty->read_head, tty->read_flags); - put_tty_queue_nolock(c, tty); - tty->canon_head = tty->read_head; - tty->canon_data++; - spin_unlock_irqrestore(&tty->read_lock, flags); - kill_fasync(&tty->fasync, SIGIO, POLL_IN); - if (waitqueue_active(&tty->read_wait)) - wake_up_interruptible(&tty->read_wait); + if (tty->read_cnt < N_TTY_BUF_SIZE) { + spin_lock_irqsave(&tty->read_lock, flags); + set_bit(tty->read_head, tty->read_flags); + put_tty_queue_nolock(c, tty); + tty->canon_head = tty->read_head; + tty->canon_data++; + spin_unlock_irqrestore(&tty->read_lock, flags); + kill_fasync(&tty->fasync, SIGIO, POLL_IN); + if (waitqueue_active(&tty->read_wait)) + wake_up_interruptible(&tty->read_wait); + } return; } } _ Patches currently in -mm which might be from Rupesh.Sugathan@xxxxxxxxx are n_tty-loss-of-sync-following-a-buffer-overflow.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html