Commits
Peter Hurley committed 4d0ed18277c
n_tty: Fix buffer overruns with larger-than-4k pastes readline() inadvertently triggers an error recovery path when pastes larger than 4k overrun the line discipline buffer. The error recovery path discards input when the line discipline buffer is full and operating in canonical mode and no newline has been received. Because readline() changes the termios to non-canonical mode to read the line char-by-char, the line discipline buffer can become full, and then when readline() restores termios back to canonical mode for the caller, the now-full line discipline buffer triggers the error recovery. When changing termios from non-canon to canon mode and the read buffer contains data, simulate an EOF push _without_ the DISABLED_CHAR in the read buffer. Importantly for the readline() problem, the termios can be changed back to non-canonical mode without changes to the read buffer occurring; ie., as if the previous termios change had not happened (as long as no intervening read took place). Preserve existing userspace behavior which allows '\0's already received in non-canon mode to be read as '\0's in canon mode (rather than trigger add'l EOF pushes or an actual EOF). Patch based on original proposal and discussion here https://bugzilla.kernel.org/show_bug.cgi?id=55991 by Stas Sergeev <stsp@users.sourceforge.net> Reported-by: Margarita Manterola <margamanterola@gmail.com> Cc: Maximiliano Curia <maxy@gnuservers.com.ar> Cc: Pavel Machek <pavel@ucw.cz> Cc: Arkadiusz Miskiewicz <a.miskiewicz@gmail.com> Acked-by: Stas Sergeev <stsp@users.sourceforge.net> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>