| Message ID | 20200310101027.32152-2-anthony.mallet@laas.fr (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v3,1/2] USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL | expand |
On Tue, Mar 10, 2020 at 11:10:27AM +0100, Anthony Mallet wrote: > Quoting the bug reporter: > > By default, tty_port_init() initializes those parameters to a multiple > of HZ. For instance in line 69 of tty_port.c: > port->close_delay = (50 * HZ) / 100; > https://github.com/torvalds/linux/blob/master/drivers/tty/tty_port.c#L69 > > With e.g. CONFIG_HZ = 250 (as this is the case for Ubuntu 18.04 > linux-image-4.15.0-37-generic), the default setting for close_delay is > thus 125. > > When ioctl(fd, TIOCGSERIAL, &s) is executed, the setting returned in > user space is '12' (125/10). When ioctl(fd, TIOCSSERIAL, &s) is then > executed with the same setting '12', the value is interpreted as '120' > which is different from the current setting and a EPERM error may be > raised by set_serial_info() if !CAP_SYS_ADMIN. > https://github.com/torvalds/linux/blob/master/drivers/usb/class/cdc-acm.c#L919 > > Fixes: ba2d8ce9db0a6 ("cdc-acm: implement TIOCSSERIAL to avoid blocking close(2)") > Signed-off-by: Anthony Mallet <anthony.mallet@laas.fr> > Cc: stable <stable@vger.kernel.org> > --- > Changed in v2: fix typo (extra closing brace) > Changed in v3: version this patch series > --- > drivers/usb/class/cdc-acm.c | 27 +++++++++++++++++---------- > 1 file changed, 17 insertions(+), 10 deletions(-) > > diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c > index da619176deca..a41a3d27016c 100644 > --- a/drivers/usb/class/cdc-acm.c > +++ b/drivers/usb/class/cdc-acm.c > @@ -907,6 +907,7 @@ static int set_serial_info(struct tty_struct *tty, struct serial_struct *ss) > { > struct acm *acm = tty->driver_data; > unsigned int closing_wait, close_delay; > + unsigned int old_closing_wait, old_close_delay; > int retval = 0; > > close_delay = msecs_to_jiffies(ss->close_delay * 10); > @@ -914,19 +915,24 @@ static int set_serial_info(struct tty_struct *tty, struct serial_struct *ss) > ASYNC_CLOSING_WAIT_NONE : > msecs_to_jiffies(ss->closing_wait * 10); > > + /* we must redo the rounding here, so that the values match */ > + old_close_delay = jiffies_to_msecs(acm->port.close_delay) / 10; > + old_closing_wait = acm->port.closing_wait == ASYNC_CLOSING_WAIT_NONE ? > + ASYNC_CLOSING_WAIT_NONE : > + jiffies_to_msecs(acm->port.closing_wait) / 10; > + > mutex_lock(&acm->port.mutex); > > - if (!capable(CAP_SYS_ADMIN)) { > - if ((close_delay != acm->port.close_delay) || > - (closing_wait != acm->port.closing_wait)) > + if ((ss->close_delay != old_close_delay) || > + (ss->closing_wait != old_closing_wait)) { > + if (!capable(CAP_SYS_ADMIN)) > retval = -EPERM; > - else > - retval = -EOPNOTSUPP; > - } else { > - acm->port.close_delay = close_delay; > - acm->port.closing_wait = closing_wait; > - } > + else { > + acm->port.close_delay = close_delay; > + acm->port.closing_wait = closing_wait; > + } > + } else > + retval = -EOPNOTSUPP; > > mutex_unlock(&acm->port.mutex); > return retval; > -- > 2.17.1 > This patch doesn't apply to my usb-linus branch at all. What tree/branch did you make it against? thanks, greg k-h
On Thursday 12 Mar 2020, at 09:38, Greg KH wrote: > This patch doesn't apply to my usb-linus branch at all. What > tree/branch did you make it against? This is against master of https://github.com/torvalds/linux.git
On Thu, Mar 12, 2020 at 10:15:39AM +0100, Anthony Mallet wrote: > On Thursday 12 Mar 2020, at 09:38, Greg KH wrote: > > This patch doesn't apply to my usb-linus branch at all. What > > tree/branch did you make it against? > > This is against master of https://github.com/torvalds/linux.git Odd. Can you rebase and resend? Also, maybe try it against my usb-linus branch of usb.git on git.kernel.org? thanks, greg k-h
On Thursday 12 Mar 2020, at 10:35, Greg KH wrote: > On Thu, Mar 12, 2020 at 10:15:39AM +0100, Anthony Mallet wrote: > > On Thursday 12 Mar 2020, at 09:38, Greg KH wrote: > > > This patch doesn't apply to my usb-linus branch at all. What > > > tree/branch did you make it against? > > > > This is against master of https://github.com/torvalds/linux.git > > Odd. Can you rebase and resend? I did that: the only difference is in the "@@ -914,19 +915,24 @@" of the second chunk of the second patch. The "19" is wrong, it should be 18. However, I've no idea how this could happen, since I used "git format-patch" to generate the diff, and I did not edit the diff part at all manually. It might be an emacs and diff-mode glitch (or me mistyping something) when I added the comments in the patch, although this never happend to me before. Anyway, resending v4. Thanks for your time, Cheers.
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index da619176deca..a41a3d27016c 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -907,6 +907,7 @@ static int set_serial_info(struct tty_struct *tty, struct serial_struct *ss) { struct acm *acm = tty->driver_data; unsigned int closing_wait, close_delay; + unsigned int old_closing_wait, old_close_delay; int retval = 0; close_delay = msecs_to_jiffies(ss->close_delay * 10); @@ -914,19 +915,24 @@ static int set_serial_info(struct tty_struct *tty, struct serial_struct *ss) ASYNC_CLOSING_WAIT_NONE : msecs_to_jiffies(ss->closing_wait * 10); + /* we must redo the rounding here, so that the values match */ + old_close_delay = jiffies_to_msecs(acm->port.close_delay) / 10; + old_closing_wait = acm->port.closing_wait == ASYNC_CLOSING_WAIT_NONE ? + ASYNC_CLOSING_WAIT_NONE : + jiffies_to_msecs(acm->port.closing_wait) / 10; + mutex_lock(&acm->port.mutex); - if (!capable(CAP_SYS_ADMIN)) { - if ((close_delay != acm->port.close_delay) || - (closing_wait != acm->port.closing_wait)) + if ((ss->close_delay != old_close_delay) || + (ss->closing_wait != old_closing_wait)) { + if (!capable(CAP_SYS_ADMIN)) retval = -EPERM; - else - retval = -EOPNOTSUPP; - } else { - acm->port.close_delay = close_delay; - acm->port.closing_wait = closing_wait; - } + else { + acm->port.close_delay = close_delay; + acm->port.closing_wait = closing_wait; + } + } else + retval = -EOPNOTSUPP; mutex_unlock(&acm->port.mutex); return retval; --
Quoting the bug reporter: By default, tty_port_init() initializes those parameters to a multiple of HZ. For instance in line 69 of tty_port.c: port->close_delay = (50 * HZ) / 100; https://github.com/torvalds/linux/blob/master/drivers/tty/tty_port.c#L69 With e.g. CONFIG_HZ = 250 (as this is the case for Ubuntu 18.04 linux-image-4.15.0-37-generic), the default setting for close_delay is thus 125. When ioctl(fd, TIOCGSERIAL, &s) is executed, the setting returned in user space is '12' (125/10). When ioctl(fd, TIOCSSERIAL, &s) is then executed with the same setting '12', the value is interpreted as '120' which is different from the current setting and a EPERM error may be raised by set_serial_info() if !CAP_SYS_ADMIN. https://github.com/torvalds/linux/blob/master/drivers/usb/class/cdc-acm.c#L919 Fixes: ba2d8ce9db0a6 ("cdc-acm: implement TIOCSSERIAL to avoid blocking close(2)") Signed-off-by: Anthony Mallet <anthony.mallet@laas.fr> --- Changed in v2: fix typo (extra closing brace) Changed in v3: version this patch series --- drivers/usb/class/cdc-acm.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) 2.17.1