comparison doc/Linux-DTR-RTS-flaw @ 176:fb2f6497ba53 default tip

doc/Linux-DTR-RTS-flaw: point to new location of this article
author Mychaela Falconia <falcon@freecalypso.org>
date Mon, 11 Dec 2023 19:37:20 +0000
parents 95c2a67e1219
children
comparison
equal deleted inserted replaced
175:b8473892b0ce 176:fb2f6497ba53
1 There is a fundamental flaw in the Linux kernel serial port handling subsystem 1 This article has moved; the new location is:
2 that affects anyone who builds special hardware in which DTR and/or RTS modem
3 control lines are repurposed for some non-traditional functions. The flaw is
4 that whenever a serial port is opened under Linux, the kernel immediately and
5 unstoppably asserts DTR and RTS (their initial power-up state prior to software
6 action is negated on every sane serial port hardware implementation), *without*
7 giving userspace applications any ability to say "no, please don't do it".
8 2
9 As long as DTR and RTS modem control outputs from the DTE are used for their 3 https://www.freecalypso.org/hg/freecalypso-docs/file/tip/Linux-DTR-RTS-flaw
10 original RS-232 functions, automatically raising both signals on serial port
11 open is harmless - and because these signals often need to be asserted in order
12 for serial communication to take place, having them raised automatically on
13 open (without requiring an explicit TIOCMBIS ioctl) is a convenience which many
14 applications rely on - if this standard kernel behaviour were to be changed
15 for the general case (outside of special quirk configurations), a lot of
16 applications will break. Linux implements this standard behaviour as mandated
17 by POSIX and other similar standards, and those standards are in turn based on
18 the original 1970s UNIX where this architectural design originates.
19
20 However, this standard Linux behaviour (and going all the way back to 1970s in
21 the greater UNIX family) is a total killer for custom hardware designs in which
22 DTR and/or RTS outputs from the UART are repurposed for some totally different
23 functions. Suppose that the hardware is wired in such a way that asserting the
24 control output causes an explosive charge to be set off, or causes a radio
25 transmitter to turn on (perhaps operating on some tightly regulated frequency
26 supporting mission-critical services, where spurious out-of-protocol
27 transmissions are not permissible), or applies a hard reset to some other
28 component that may be part of a live production system that must not be casually
29 reset - in all listed examples having such hardware wiring would be perfectly
30 safe in an OS-less environment where the custom application controls the custom
31 hardware as desired, without any OS inserting its own mind: the hardware design
32 of most serial ports (both traditional and USB-serial) guarantees that the
33 initial power-up state of both DTR and RTS outputs prior to software action will
34 always be negated, and the custom application thus gets to decide if and when
35 each of the two signals (independent of each other) should be asserted.
36
37 Everything works great if the application runs on the bare metal and directly
38 controls the hardware (or runs under something like DOS, which is the same as
39 running on bare metal for the present purpose of operating serial ports), but
40 add Linux into the equation, and things quickly begin to break. The problem is
41 that the moment you open a serial port under Linux (and sadly, the same thing
42 happens under most other current OSes too), the kernel automatically asserts
43 both DTR and RTS immediately on the open operation itself, without giving
44 userspace applications any way to say "no, please don't do it". Some people
45 have been proposing new termios flags that would suppress this auto-assertion
46 on subsequent opens, but you have to open the port first in order to do termios
47 or other ioctls on it, and if the auto-assertion of DTR and RTS on that initial
48 open causes irreparable damage, then you are screwed no matter what you do.
49
50 The only currently possible solution to this madness is to patch the kernel to
51 suppress this automatic assertion of DTR & RTS upon serial port open. But one
52 cannot simply change the standard behaviour for all serial ports, as lots of
53 standard applications for classic serial communication (where DTR and RTS do
54 need to be asserted) will break in that case. Instead the suppression of
55 automatic assertion of DTR & RTS on open needs to be conditionalized in some
56 way, so that the modified against-standards serial port open behaviour is
57 applied ONLY when special modem-control-repurposed hardware is being operated
58 on, and not for ordinary applications operating on ordinary serial ports.
59
60 Given the current state of Linux and what is possible in the current reality,
61 if a patch is to be applied to the kernel, creating the ability to exempt
62 certain serial port open operations from the standard POSIX requirement of
63 automatically asserting DTR & RTS, there are only 3 practically feasible ways
64 to communicate to the kernel that a given serial port (or a given individual
65 open operation on a serial port) should be exempt from automatic assertion of
66 DTR & RTS:
67
68 1) Create a new open flag like O_NODTR, or reuse/abuse some existing open flag
69 like O_DIRECT which currently has no effect on serial ports.
70
71 2) Create a sysfs attribute that is attached to every serial port, controlling
72 whether or not DTR & RTS should be automatically asserted on open, with the
73 default being standards-mandated traditional UNIX behaviour of
74 auto-assertion.
75
76 3) In special cases where the custom DTR/RTS-repurposed hardware is inseparably
77 integrated (on the same custom PCB) with a USB-serial chip, such that the
78 EEPROM controlling the USB VID:PID of the USB-serial device identifies not
79 just the USB-serial converter part, but the entire product board as a whole,
80 including the circuits that repurpose DTR and RTS for non-serial purposes,
81 then the most sensible approach is to mark the USB-serial device as special
82 and disable auto-assertion of DTR & RTS on this special device when the
83 custom USB VID:PID is detected.
84
85 As it happens, our own FreeCalypso hardware gadget with repurposed DTR & RTS
86 that requires suppression of auto-assertion of these signals (the optional boot
87 control feature of our DUART28 adapter) falls into the last special category
88 above (custom USB-serial device unambiguously distinguished by a custom USB ID),
89 hence this special case is the one that I (Mother Mychaela) have been focusing
90 on the most - as humans, we all have a natural right to put our own self-
91 interest first.
92
93 I (Mother Mychaela) have no way of knowing whether or not there is even one
94 person alive on Earth today who has an active use case where a need exists to
95 suppress automatic assertion of DTR & RTS for some serial device, but that
96 device does not have the same quality of being inseparably integrated with a
97 custom USB ID as our DUART28C, i.e., an active use case where a need exists to
98 signal to the kernel "please don't auto-assert DTR & RTS on this serial port"
99 and moreover do this special signaling for "any" serial port, rather than one
100 identified by a custom USB VID:PID. For all I know, I may very well be the
101 only person alive on Earth today who has an active need for auto-DTR/RTS
102 suppression - but I need it ONLY for a device that has a unique distinctive USB
103 VID:PID, not for "any" serial port.
104
105 I currently run Slackware Linux 14.2 as my personal OS, running Linux kernel
106 version 4.4.14 around which this version of Slackware was built - when I tried
107 running newer 4.4.x kernels, I was getting crashes which I could not debug. I
108 currently run this elderly Linux kernel version with my own custom patch applied
109 to the ftdi_sio driver, a patch that adds support for FreeCalypso DUART28C
110 (custom USB ID) and applies the appropriate special quirk just for this USB ID,
111 not affecting any other devices - a quirk that suppresses automatic DTR & RTS
112 assertion on FT2232D Channel B, the UART channel on which these signals are
113 repurposed on DUART28 hardware. Several different versions of this patch (made
114 to apply cleanly to several different kernel versions) can be found in the
115 linux-patch directory in the present source repository.
116
117 In 2020-09 I made a good-faith, due-diligence attempt to get the hardware
118 support patch for DUART28C (a patch to ftdi_sio driver that recognizes the new
119 USB ID and applies the necessary quirk, entirely contained inside this driver)
120 mainlined - I submitted the patch to ftdi_sio maintainer Johan Hovold. I was
121 quickly met with hostility, with Johan telling me to redesign my hardware (he
122 was basically telling me to throw away 20 perfectly good boards) in some
123 different way that would be more in line with the 1970s UNIX worldview for DTR
124 and RTS, which is what Linux currently implements.
125
126 Some time later I was able to kinda-somewhat-partially convince Johan that the
127 current handling of DTR and RTS is a serious problem for some users, and he was
128 a little more agreeable to my patch - but instead of merging it as-is, he
129 proposed an expanded patch (getting into the tty subsystem, outside of just
130 USB-serial) that solves a more general problem. Johan's proposed patch
131 introduced an internal flag telling the tty layer to suppress DTR & RTS
132 assertion on open, and a sysfs attribute (added to all classic serial and USB-
133 serial ports) that exposes this flag. A patch to ftdi_sio that recognizes my
134 custom USB ID and sets this flag in the quirk function was still included in
135 that proposed patch series, so I was happy with the proposal.
136
137 However, Johan's sysfs proposal was quickly shot down by other kernel
138 maintainers who didn't like the sysfs approach, and Johan himself was not too
139 interested in defending his sysfs proposal either - instead he favors a termios
140 flag that would only affect second and subsequent repeated opens of a device,
141 after the initial open to set that flag. Of course this termios flag idea does
142 not help at all, given that the very first open of the serial port would still
143 unstoppably assert DTR & RTS, causing irreparable damage - if these control
144 signals are wired to set off explosives, for example, the user's house would be
145 up in flames the moment he issues that magic stty command to set the new termios
146 flag, and Johan's assurances that second and subsequent opens of the same
147 serial port would not auto-assert DTR & RTS would be of little help to the poor
148 guy who just lost his house.
149
150 By the end of 2021-01 I realized that my battle against Johan and Greg K-H is
151 hopeless, so I give up. The only workable solution at this point is for all
152 affected people to stop running unpatched mainline kernels and to apply our own
153 local patches instead, preferably with our own coordination amongst ourselves
154 so we have some degree of standardization among our kind. The whole discussion
155 is archived here:
156
157 https://lore.kernel.org/linux-serial/X8iuCXYhOBVMGvXv@localhost/T/
158
159 I shall indefinitely, for as long as I am alive, maintain my ftdi_sio driver
160 patch that adds support for FreeCalypso DUART28C hardware. And because I do
161 not know whether or not there exists even one person on Earth who would benefit
162 from an ability to suppress DTR & RTS assertion under Linux on "any" serial
163 port, outside of tightly integrated USB-based devices with custom USB IDs, I
164 also make the following conditional offer: *if* at least one person comes
165 forward to me and demonstrates that he or she has an active use case of the
166 kind I am talking about, *then* I will also dig up Johan's patch (the one
167 rejected by other maintainers) adding a sysfs attribute, providing a working
168 solution for "any" serial port, start actively supporting that sysfs patch, and
169 maybe even make another attempt at convincing kernel maintainers to mainline it.
170 But I will go down that path *only* if there is at least one person alive on
171 Earth (just one person would be enough) who would actively benefit from this
172 feature - otherwise there is no point.