diff options
| author | Peter Hurley <peter@hurleysoftware.com> | 2013-06-15 07:28:30 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-06-17 12:55:30 -0700 |
| commit | b84830527645dfe7b7a5cc03518e3c791b4ee9e0 (patch) | |
| tree | ece65ac8c7dd14703870d6417d99f7f856eac4e8 /security | |
| parent | a6e54319a7499bf754efb3a2cb2f5d4901ccbcff (diff) | |
n_tty: Fix unsafe update of available buffer space
receive_room is used to control the amount of data the flip
buffer work can push to the read buffer. This update is unsafe:
CPU 0 | CPU 1
|
| n_tty_read()
| n_tty_set_room()
| left = <calc of space>
n_tty_receive_buf() |
<push data to buffer> |
n_tty_set_room() |
left = <calc of space> |
tty->receive_room = left |
| tty->receive_room = left
receive_room is now updated with a stale calculation of the
available buffer space, and the subsequent work loop will likely
overwrite unread data in the input buffer.
Update receive_room atomically with the calculation of the
available buffer space.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions