From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <okash.khawaja@gmail.com>
Received: by befuddled.reisers.ca (Postfix, from userid 65534)
 id 868361F06B1; Fri, 26 May 2017 02:35:09 -0400 (EDT)
Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com
 [IPv6:2a00:1450:400c:c09::22f])
 by befuddled.reisers.ca (Postfix) with ESMTPS id 912DB1F06AD
 for <speakup@linux-speakup.org>; Fri, 26 May 2017 02:35:07 -0400 (EDT)
Received: by mail-wm0-x22f.google.com with SMTP id d127so8860711wmf.0
 for <speakup@linux-speakup.org>; Thu, 25 May 2017 23:35:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=date:from:to:cc:subject:message-id:mime-version:content-disposition
 :user-agent; bh=+IABeKHD4vKba5Osu3GuQf1Rzlmz1GDZh4oH8D7K7Mo=;
 b=nkG2Ge4Xb55M7obcDlBdzgsnF7YuUDeac4gebRoeSN1Ar2UipK0pZ5ygTe7ydD5FE/
 pWIhwv+jKcjN0nmGxd2JwisjBPRSiMVue2cTkYzZfW+XEolmwnWCC+H5WZTj7lwJgyI2
 Nax9Elhscc4QOfvpEX/yNA0W/zdEi3frA3jKymZZZ4n/rzPqPMFMGaPZnamcN3XOnbZY
 TtPdCNrHqgOVLEZ0XfpoHs6+qNo285j2hD/UBR7P4xY8hyjX4xEhr1gQiXwC0NMrndty
 SkXpiXXJd7n2nX85igpT+9SlLFvU+OD3A755BUDBXdYZddDazBZ0oUmUg6J79S06WDlc
 DgSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
 :content-disposition:user-agent;
 bh=+IABeKHD4vKba5Osu3GuQf1Rzlmz1GDZh4oH8D7K7Mo=;
 b=P2V+0Bki9G/6VJNdNbQ4YSYlxhH5+PnKmY+oS3rVfYsw8rIAIwdfJ9vuJEghjuhayy
 /DWzuD0+/jyGeOq8x4arWitlB8aKQuDjlP4SLuJRl9Q9tZPYN3uNFe7HSwERwH0dMPK0
 jIOCHCJelEcRffWXzgSmHkvFkDv6ZSLMVFoAtdRPAvAdathlNuuBd896nXxuT1ZQG/O5
 DVURkssjuqvIPdVCepdbRNw1tf7CCfwMwjQWj1ay5uImk41tT1c+bVRf1AzgO8a4H5NH
 p8LJrfNiqwc2S11mEdphbAWiN6NkrKbB58ZExSQbvE60qqc71YhKObPNgB2aWkNY7Gzt
 o08A==
X-Gm-Message-State: AODbwcAkf0ru51QWJcDCbCAsm9wBXhQj8A2nLygwupX5I+1cj9WRKkfl
 XdQluinkCJCIZw==
X-Received: by 10.28.33.66 with SMTP id h63mr797098wmh.86.1495780141707;
 Thu, 25 May 2017 23:29:01 -0700 (PDT)
Received: from sanghar (host81-157-247-88.range81-157.btcentralplus.com.
 [81.157.247.88])
 by smtp.gmail.com with ESMTPSA id p76sm840575wma.15.2017.05.25.23.29.00
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 25 May 2017 23:29:01 -0700 (PDT)
Date: Fri, 26 May 2017 07:28:59 +0100
From: Okash Khawaja <okash.khawaja@gmail.com>
To: Samuel Thibault <samuel.thibault@ens-lyon.org>
Cc: speakup@linux-speakup.org
Subject: [PATCH] tty: resolve contention over tty device between user and
 kernel space
Message-ID: <20170526062859.GA1270@sanghar>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.8.2 (2017-04-18)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
X-BeenThere: speakup@linux-speakup.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Speakup is a screen review system for Linux."
 <speakup.linux-speakup.org>
List-Unsubscribe: <http://linux-speakup.org/cgi-bin/mailman/options/speakup>,
 <mailto:speakup-request@linux-speakup.org?subject=unsubscribe>
List-Archive: <http://linux-speakup.org/pipermail/speakup/>
List-Post: <mailto:speakup@linux-speakup.org>
List-Help: <mailto:speakup-request@linux-speakup.org?subject=help>
List-Subscribe: <http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup>,
 <mailto:speakup-request@linux-speakup.org?subject=subscribe>
X-List-Received-Date: Fri, 26 May 2017 06:35:09 -0000

Hi,

I have attached the patch to address the issue when opening a device
from user space when it is already opened by kernel. I have used
tty->flags field as that seems to fit the purpose.

However, there are two things left unaddressed:

1. when kernel opens the device while it is opened from user space it
will still create a new tty_struct through a call to tty_init_dev.
2. how will kernel "release" the device? e.g. decrement tty->count and
undo other things it did in tty_open_by_driver

As I understand it exporting tty_open_by_driver (and this patch) are
fine when the device is opened at boot time and held until shutdown,
i.e. when speakup is built into kernel and not as a module. When built
as a module, it could open the tty device while it is user opened and it
may stop using it without ever decrementing tty->count, preventing user
space from opening it.

Thanks,
Okash

---
 drivers/staging/speakup/spk_ttyio.c |    2 ++
 drivers/tty/tty_io.c                |    7 +++++++
 include/linux/tty.h                 |    1 +
 3 files changed, 10 insertions(+)

--- a/drivers/staging/speakup/spk_ttyio.c
+++ b/drivers/staging/speakup/spk_ttyio.c
@@ -151,6 +151,7 @@ static int spk_ttyio_initialise_ldisc(in
 			pr_warn("speakup: Failed to set hardware flow control\n");
 	}
 
+	set_bit(&tty->flags, TTY_KOPENED);
 	tty_unlock(tty);
 
 	ret = tty_set_ldisc(tty, N_SPEAKUP);
@@ -258,6 +259,7 @@ void spk_ttyio_release(void)
 		speakup_tty->ops->close(speakup_tty, NULL);
 
 	tty_ldisc_flush(speakup_tty);
+	clear_bit(&speakup_tty->flags, TTY_KOPENED);
 	tty_unlock(speakup_tty);
 	tty_ldisc_release(speakup_tty);
 }
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -2137,6 +2137,13 @@ retry_open:
 
 	tty_add_file(tty, filp);
 
+	if (test_bit(TTY_KOPENED, &tty->flags)) {
+		tty_warn(tty, "device already opened by kernel\n");
+		tty_unlock(tty);
+		tty_release(inode, filp);
+		return -EBUSY;
+	}
+
 	check_tty_count(tty, __func__);
 	tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
 
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -363,6 +363,7 @@ struct tty_file_private {
 #define TTY_NO_WRITE_SPLIT 	17	/* Preserve write boundaries to driver */
 #define TTY_HUPPED 		18	/* Post driver->hangup() */
 #define TTY_LDISC_HALTED	22	/* Line discipline is halted */
+#define TTY_KOPENED		23	/* Already opened by kernel */
 
 /* Values for tty->flow_change */
 #define TTY_THROTTLE_SAFE 1