Re: [PATCH] Bluetooth: hci_uart: Switch pty driver to slave side in tty_set_termios()

Wed, 30 Jan 2019 02:08:33 -0800 

On Sun, Jan 27, 2019 at 10:53:02PM -0800, Myungho Jung wrote:
> tty_set_termios() should be called with slave side of pty driver. So, If
> tty driver is pty master, it needs to be switched to ->link.

I'm not sure that's the right solution. PTYs are virtual devices used
for IPC and neither end (master or slave) have support for modem
control or baud rates.

> Reported-by: syzbot+a950165cbb86bdd02...@syzkaller.appspotmail.com
> Signed-off-by: Myungho Jung <mhju...@gmail.com>
> ---
>  drivers/bluetooth/hci_ldisc.c | 20 +++++++++++++++-----
>  1 file changed, 15 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
> index fbf7b4df23ab..90c5ea8c399b 100644
> --- a/drivers/bluetooth/hci_ldisc.c
> +++ b/drivers/bluetooth/hci_ldisc.c
> @@ -299,10 +299,18 @@ static int hci_uart_send_frame(struct hci_dev *hdev, 
> struct sk_buff *skb)
>       return 0;
>  }
>  
> +/* If driver is pty master, return slave side */
> +static struct tty_struct *hci_uart_get_real_tty(struct tty_struct *tty)
> +{
> +     return  (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
> +              tty->driver->subtype == PTY_TYPE_MASTER) ? tty->link : tty;
> +}
> +
>  /* Flow control or un-flow control the device */
>  void hci_uart_set_flow_control(struct hci_uart *hu, bool enable)
>  {
>       struct tty_struct *tty = hu->tty;
> +     struct tty_struct *real_tty;
>       struct ktermios ktermios;
>       int status;
>       unsigned int set = 0;
> @@ -314,11 +322,12 @@ void hci_uart_set_flow_control(struct hci_uart *hu, 
> bool enable)
>               return;
>       }
>  
> +     real_tty = hci_uart_get_real_tty(tty);
>       if (enable) {
>               /* Disable hardware flow control */
> -             ktermios = tty->termios;
> +             ktermios = real_tty->termios;
>               ktermios.c_cflag &= ~CRTSCTS;
> -             status = tty_set_termios(tty, &ktermios);
> +             status = tty_set_termios(real_tty, &ktermios);
>               BT_DBG("Disabling hardware flow control: %s",
>                      status ? "failed" : "success");

So instead of these pointless calls to set the slave termios and
modem-control state, you might as well bail out early above (and
similarly in set_baudrate()).

Using n_hci for a master pty really makes no sense at all, so we could
even bail out at ldisc open, but perhaps that can be discussed and
addressed later.

Johan

Reply via email to