diff mbox series

[2/2] USB: cdc-acm: fix rounding error in TIOCSSERIAL

Message ID 24160.54137.563763.50884@beetle.laas.fr (mailing list archive)
State Superseded
Headers show
Series [1/2] USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL | expand

Commit Message

Anthony Mallet March 5, 2020, 10:24 a.m. UTC
By default, tty_port_init() initializes those parameters to a multiple
of HZ. For instance in line 69 of tty_port.c:
   port->close_delay = (50 * HZ) / 100;
https://github.com/torvalds/linux/blob/master/drivers/tty/tty_port.c#L69

With e.g. CONFIG_HZ = 250 (as this is the case for Ubuntu 18.04
linux-image-4.15.0-37-generic), the default setting for close_delay is
thus 125.

When ioctl(fd, TIOCGSERIAL, &s) is executed, the setting returned in
user space is '12' (125/10). When ioctl(fd, TIOCSSERIAL, &s) is then
executed with the same setting '12', the value is interpreted as '120'
which is different from the current setting and a EPERM error may be
raised by set_serial_info() if !CAP_SYS_ADMIN.
https://github.com/torvalds/linux/blob/master/drivers/usb/class/cdc-acm.c#L919

Signed-off-by: Anthony Mallet <anthony.mallet@laas.fr>
Fixes: ba2d8ce9db0a6 ("cdc-acm: implement TIOCSSERIAL to avoid blocking close(2)")
---
 drivers/usb/class/cdc-acm.c | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

Comments

Oliver Neukum March 5, 2020, 10:35 a.m. UTC | #1
Am Donnerstag, den 05.03.2020, 11:24 +0100 schrieb Anthony Mallet:
> By default, tty_port_init() initializes those parameters to a multiple
> of HZ. For instance in line 69 of tty_port.c:
>    port->close_delay = (50 * HZ) / 100;
> https://github.com/torvalds/linux/blob/master/drivers/tty/tty_port.c#L69
> 
> With e.g. CONFIG_HZ = 250 (as this is the case for Ubuntu 18.04
> linux-image-4.15.0-37-generic), the default setting for close_delay is
> thus 125.
> 
> When ioctl(fd, TIOCGSERIAL, &s) is executed, the setting returned in
> user space is '12' (125/10). When ioctl(fd, TIOCSSERIAL, &s) is then
> executed with the same setting '12', the value is interpreted as '120'
> which is different from the current setting and a EPERM error may be
> raised by set_serial_info() if !CAP_SYS_ADMIN.
> https://github.com/torvalds/linux/blob/master/drivers/usb/class/cdc-acm.c#L919
> 
> Signed-off-by: Anthony Mallet <anthony.mallet@laas.fr>
> Fixes: ba2d8ce9db0a6 ("cdc-acm: implement TIOCSSERIAL to avoid blocking close(2)")
Acked-by: Oliver Neukum <oneukum@suse.com>

	Regards
		Oliver
Greg KH March 5, 2020, 6:44 p.m. UTC | #2
On Thu, Mar 05, 2020 at 11:24:57AM +0100, Anthony Mallet wrote:
> By default, tty_port_init() initializes those parameters to a multiple
> of HZ. For instance in line 69 of tty_port.c:
>    port->close_delay = (50 * HZ) / 100;
> https://github.com/torvalds/linux/blob/master/drivers/tty/tty_port.c#L69
> 
> With e.g. CONFIG_HZ = 250 (as this is the case for Ubuntu 18.04
> linux-image-4.15.0-37-generic), the default setting for close_delay is
> thus 125.
> 
> When ioctl(fd, TIOCGSERIAL, &s) is executed, the setting returned in
> user space is '12' (125/10). When ioctl(fd, TIOCSSERIAL, &s) is then
> executed with the same setting '12', the value is interpreted as '120'
> which is different from the current setting and a EPERM error may be
> raised by set_serial_info() if !CAP_SYS_ADMIN.
> https://github.com/torvalds/linux/blob/master/drivers/usb/class/cdc-acm.c#L919
> 
> Signed-off-by: Anthony Mallet <anthony.mallet@laas.fr>
> Fixes: ba2d8ce9db0a6 ("cdc-acm: implement TIOCSSERIAL to avoid blocking close(2)")
> Cc: stable <stable@vger.kernel.org>
> Acked-by: Oliver Neukum <oneukum@suse.com>
> ---
>  drivers/usb/class/cdc-acm.c | 27 +++++++++++++++++----------
>  1 file changed, 17 insertions(+), 10 deletions(-)
> 
> diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
> index da619176d..b43820fb2 100644
> --- a/drivers/usb/class/cdc-acm.c
> +++ b/drivers/usb/class/cdc-acm.c
> @@ -907,6 +907,7 @@ static int set_serial_info(struct tty_struct *tty, struct serial_struct *ss)
>  {
>  	struct acm *acm = tty->driver_data;
>  	unsigned int closing_wait, close_delay;
> +	unsigned int old_closing_wait, old_close_delay;
>  	int retval = 0;
>  
>  	close_delay = msecs_to_jiffies(ss->close_delay * 10);
> @@ -914,18 +915,24 @@ static int set_serial_info(struct tty_struct *tty, struct serial_struct *ss)
>  			ASYNC_CLOSING_WAIT_NONE :
>  			msecs_to_jiffies(ss->closing_wait * 10);
>  
> +	/* we must redo the rounding here, so that the values match */
> +	old_close_delay	= jiffies_to_msecs(acm->port.close_delay) / 10;
> +	old_closing_wait = acm->port.closing_wait == ASYNC_CLOSING_WAIT_NONE ?
> +				ASYNC_CLOSING_WAIT_NONE :
> +				jiffies_to_msecs(acm->port.closing_wait) / 10;
> +
>  	mutex_lock(&acm->port.mutex);
>  
> -	if (!capable(CAP_SYS_ADMIN)) {
> -		if ((close_delay != acm->port.close_delay) ||
> -		    (closing_wait != acm->port.closing_wait))
> +	if ((ss->close_delay != old_close_delay) ||
> +            (ss->closing_wait != old_closing_wait)) {
> +		if (!capable(CAP_SYS_ADMIN)) {
>  			retval = -EPERM;
> -		else
> -			retval = -EOPNOTSUPP;
> -	} else {
> -		acm->port.close_delay  = close_delay;
> -		acm->port.closing_wait = closing_wait;
> -	}
> +		else {
> +			acm->port.close_delay  = close_delay;
> +			acm->port.closing_wait = closing_wait;
> +		}
> +	} else
> +		retval = -EOPNOTSUPP;
>  
>  	mutex_unlock(&acm->port.mutex);
>  	return retval;
> @@ -969,7 +976,7 @@ static int wait_serial_change(struct acm *acm, unsigned long arg)
>  		}
>  	} while (!rv);
>  
> -	
> +
>  

Was this patch even build tested?

drivers/usb/class/cdc-acm.c: In function ‘set_serial_info’:
drivers/usb/class/cdc-acm.c:930:3: error: expected ‘}’ before ‘else’
  930 |   else {
      |   ^~~~


Please fix up, properly test, and resend both of these.

And yes, this is the correct format for these patches, nice work there.

thanks,

greg k-h
kernel test robot March 5, 2020, 8:49 p.m. UTC | #3
Hi Anthony,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on usb/usb-testing]
[also build test ERROR on peter.chen-usb/ci-for-usb-next balbi-usb/next v5.6-rc4 next-20200305]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]

url:    https://github.com/0day-ci/linux/commits/Anthony-Mallet/USB-cdc-acm-fix-close_delay-and-closing_wait-units-in-TIOCSSERIAL/20200306-021541
base:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
config: openrisc-randconfig-a001-20200305 (attached as .config)
compiler: or1k-linux-gcc (GCC) 9.2.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        GCC_VERSION=9.2.0 make.cross ARCH=openrisc 

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   drivers/usb/class/cdc-acm.c: In function 'set_serial_info':
>> drivers/usb/class/cdc-acm.c:930:3: error: expected '}' before 'else'
     930 |   else {
         |   ^~~~

vim +930 drivers/usb/class/cdc-acm.c

   905	
   906	static int set_serial_info(struct tty_struct *tty, struct serial_struct *ss)
   907	{
   908		struct acm *acm = tty->driver_data;
   909		unsigned int closing_wait, close_delay;
   910		unsigned int old_closing_wait, old_close_delay;
   911		int retval = 0;
   912	
   913		close_delay = msecs_to_jiffies(ss->close_delay * 10);
   914		closing_wait = ss->closing_wait == ASYNC_CLOSING_WAIT_NONE ?
   915				ASYNC_CLOSING_WAIT_NONE :
   916				msecs_to_jiffies(ss->closing_wait * 10);
   917	
   918		/* we must redo the rounding here, so that the values match */
   919		old_close_delay	= jiffies_to_msecs(acm->port.close_delay) / 10;
   920		old_closing_wait = acm->port.closing_wait == ASYNC_CLOSING_WAIT_NONE ?
   921					ASYNC_CLOSING_WAIT_NONE :
   922					jiffies_to_msecs(acm->port.closing_wait) / 10;
   923	
   924		mutex_lock(&acm->port.mutex);
   925	
   926		if ((ss->close_delay != old_close_delay) ||
   927	            (ss->closing_wait != old_closing_wait)) {
   928			if (!capable(CAP_SYS_ADMIN)) {
   929				retval = -EPERM;
 > 930			else {
   931				acm->port.close_delay  = close_delay;
   932				acm->port.closing_wait = closing_wait;
   933			}
   934		} else
   935			retval = -EOPNOTSUPP;
   936	
   937		mutex_unlock(&acm->port.mutex);
   938		return retval;
   939	}
   940	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
kernel test robot March 6, 2020, 4:58 p.m. UTC | #4
Hi Anthony,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on usb/usb-testing]
[also build test ERROR on peter.chen-usb/ci-for-usb-next balbi-usb/next v5.6-rc4 next-20200306]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]

url:    https://github.com/0day-ci/linux/commits/Anthony-Mallet/USB-cdc-acm-fix-close_delay-and-closing_wait-units-in-TIOCSSERIAL/20200306-021541
base:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
config: arm64-allyesconfig (attached as .config)
compiler: clang version 11.0.0 (git://gitmirror/llvm_project a0cd413426479abb207381bdbab862f3dfb3ce7d)
reproduce:
        # FIXME the reproduce steps for clang is not ready yet

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

>> drivers/usb/class/cdc-acm.c:930:3: error: expected expression
                   else {
                   ^
>> drivers/usb/class/cdc-acm.c:942:1: error: function definition is not allowed here
   {
   ^
   drivers/usb/class/cdc-acm.c:986:1: error: function definition is not allowed here
   {
   ^
   drivers/usb/class/cdc-acm.c:1002:1: error: function definition is not allowed here
   {
   ^
   drivers/usb/class/cdc-acm.c:1023:1: error: function definition is not allowed here
   {
   ^
   drivers/usb/class/cdc-acm.c:1086:1: error: function definition is not allowed here
   {
   ^
   drivers/usb/class/cdc-acm.c:1095:1: error: function definition is not allowed here
   {
   ^
   drivers/usb/class/cdc-acm.c:1105:1: error: function definition is not allowed here
   {
   ^
   drivers/usb/class/cdc-acm.c:1127:1: error: function definition is not allowed here
   {
   ^
   drivers/usb/class/cdc-acm.c:1514:1: error: function definition is not allowed here
   {
   ^
   drivers/usb/class/cdc-acm.c:1568:1: error: function definition is not allowed here
   {
   ^
   drivers/usb/class/cdc-acm.c:1592:1: error: function definition is not allowed here
   {
   ^
   drivers/usb/class/cdc-acm.c:1629:1: error: function definition is not allowed here
   {
   ^
   drivers/usb/class/cdc-acm.c:1641:1: error: function definition is not allowed here
   {
   ^
>> drivers/usb/class/cdc-acm.c:1913:11: error: use of undeclared identifier 'acm_probe'
           .probe =        acm_probe,
                           ^
>> drivers/usb/class/cdc-acm.c:1914:16: error: use of undeclared identifier 'acm_disconnect'
           .disconnect =   acm_disconnect,
                           ^
>> drivers/usb/class/cdc-acm.c:1916:13: error: use of undeclared identifier 'acm_suspend'; did you mean 'dpm_suspend'?
           .suspend =      acm_suspend,
                           ^~~~~~~~~~~
                           dpm_suspend
   include/linux/pm.h:727:12: note: 'dpm_suspend' declared here
   extern int dpm_suspend(pm_message_t state);
              ^
>> drivers/usb/class/cdc-acm.c:1917:12: error: use of undeclared identifier 'acm_resume'; did you mean 'dpm_resume'?
           .resume =       acm_resume,
                           ^~~~~~~~~~
                           dpm_resume
   include/linux/pm.h:719:13: note: 'dpm_resume' declared here
   extern void dpm_resume(pm_message_t state);
               ^
>> drivers/usb/class/cdc-acm.c:1918:18: error: use of undeclared identifier 'acm_reset_resume'; did you mean 'pm_request_resume'?
           .reset_resume = acm_reset_resume,
                           ^~~~~~~~~~~~~~~~
                           pm_request_resume
   include/linux/pm_runtime.h:209:19: note: 'pm_request_resume' declared here
   static inline int pm_request_resume(struct device *dev)
                     ^
   fatal error: too many errors emitted, stopping now [-ferror-limit=]
   20 errors generated.

vim +930 drivers/usb/class/cdc-acm.c

   905	
   906	static int set_serial_info(struct tty_struct *tty, struct serial_struct *ss)
   907	{
   908		struct acm *acm = tty->driver_data;
   909		unsigned int closing_wait, close_delay;
   910		unsigned int old_closing_wait, old_close_delay;
   911		int retval = 0;
   912	
   913		close_delay = msecs_to_jiffies(ss->close_delay * 10);
   914		closing_wait = ss->closing_wait == ASYNC_CLOSING_WAIT_NONE ?
   915				ASYNC_CLOSING_WAIT_NONE :
   916				msecs_to_jiffies(ss->closing_wait * 10);
   917	
   918		/* we must redo the rounding here, so that the values match */
   919		old_close_delay	= jiffies_to_msecs(acm->port.close_delay) / 10;
   920		old_closing_wait = acm->port.closing_wait == ASYNC_CLOSING_WAIT_NONE ?
   921					ASYNC_CLOSING_WAIT_NONE :
   922					jiffies_to_msecs(acm->port.closing_wait) / 10;
   923	
   924		mutex_lock(&acm->port.mutex);
   925	
   926		if ((ss->close_delay != old_close_delay) ||
   927	            (ss->closing_wait != old_closing_wait)) {
   928			if (!capable(CAP_SYS_ADMIN)) {
   929				retval = -EPERM;
 > 930			else {
   931				acm->port.close_delay  = close_delay;
   932				acm->port.closing_wait = closing_wait;
   933			}
   934		} else
   935			retval = -EOPNOTSUPP;
   936	
   937		mutex_unlock(&acm->port.mutex);
   938		return retval;
   939	}
   940	
   941	static int wait_serial_change(struct acm *acm, unsigned long arg)
 > 942	{
   943		int rv = 0;
   944		DECLARE_WAITQUEUE(wait, current);
   945		struct async_icount old, new;
   946	
   947		do {
   948			spin_lock_irq(&acm->read_lock);
   949			old = acm->oldcount;
   950			new = acm->iocount;
   951			acm->oldcount = new;
   952			spin_unlock_irq(&acm->read_lock);
   953	
   954			if ((arg & TIOCM_DSR) &&
   955				old.dsr != new.dsr)
   956				break;
   957			if ((arg & TIOCM_CD)  &&
   958				old.dcd != new.dcd)
   959				break;
   960			if ((arg & TIOCM_RI) &&
   961				old.rng != new.rng)
   962				break;
   963	
   964			add_wait_queue(&acm->wioctl, &wait);
   965			set_current_state(TASK_INTERRUPTIBLE);
   966			schedule();
   967			remove_wait_queue(&acm->wioctl, &wait);
   968			if (acm->disconnected) {
   969				if (arg & TIOCM_CD)
   970					break;
   971				else
   972					rv = -ENODEV;
   973			} else {
   974				if (signal_pending(current))
   975					rv = -ERESTARTSYS;
   976			}
   977		} while (!rv);
   978	
   979	
   980	
   981		return rv;
   982	}
   983	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
diff mbox series

Patch

diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index da619176d..b43820fb2 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -907,6 +907,7 @@  static int set_serial_info(struct tty_struct *tty, struct serial_struct *ss)
 {
 	struct acm *acm = tty->driver_data;
 	unsigned int closing_wait, close_delay;
+	unsigned int old_closing_wait, old_close_delay;
 	int retval = 0;
 
 	close_delay = msecs_to_jiffies(ss->close_delay * 10);
@@ -914,18 +915,24 @@  static int set_serial_info(struct tty_struct *tty, struct serial_struct *ss)
 			ASYNC_CLOSING_WAIT_NONE :
 			msecs_to_jiffies(ss->closing_wait * 10);
 
+	/* we must redo the rounding here, so that the values match */
+	old_close_delay	= jiffies_to_msecs(acm->port.close_delay) / 10;
+	old_closing_wait = acm->port.closing_wait == ASYNC_CLOSING_WAIT_NONE ?
+				ASYNC_CLOSING_WAIT_NONE :
+				jiffies_to_msecs(acm->port.closing_wait) / 10;
+
 	mutex_lock(&acm->port.mutex);
 
-	if (!capable(CAP_SYS_ADMIN)) {
-		if ((close_delay != acm->port.close_delay) ||
-		    (closing_wait != acm->port.closing_wait))
+	if ((ss->close_delay != old_close_delay) ||
+            (ss->closing_wait != old_closing_wait)) {
+		if (!capable(CAP_SYS_ADMIN)) {
 			retval = -EPERM;
-		else
-			retval = -EOPNOTSUPP;
-	} else {
-		acm->port.close_delay  = close_delay;
-		acm->port.closing_wait = closing_wait;
-	}
+		else {
+			acm->port.close_delay  = close_delay;
+			acm->port.closing_wait = closing_wait;
+		}
+	} else
+		retval = -EOPNOTSUPP;
 
 	mutex_unlock(&acm->port.mutex);
 	return retval;
@@ -969,7 +976,7 @@  static int wait_serial_change(struct acm *acm, unsigned long arg)
 		}
 	} while (!rv);
 
-	
+
 
 	return rv;
 }