Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751832AbeAEN4q (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Fri, 5 Jan 2018 08:56:46 -0500
Received: from smtp.codeaurora.org ([198.145.29.96]:48278 "EHLO
        smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751316AbeAEN4o (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 5 Jan 2018 08:56:44 -0500
DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 39863602B9
Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org
Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=gkohli@codeaurora.org
Subject: Re: [PATCH] tty: fix data race in n_tty_receive_buf_common
To: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
Cc: jslaby@suse.com, gregkh@linuxfoundation.org, mikey@neuling.org,
        linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org
References: <1514987332-14122-1-git-send-email-gkohli@codeaurora.org>
 <20180103193807.465e054e@alans-desktop>
 <0a456419-c836-08cf-070b-a254fb702b75@codeaurora.org>
 <20180104110920.169a1fe5@alans-desktop>
 <0dbd1f05-4c94-d1cc-3858-7bd4d38b9212@codeaurora.org>
 <20180104143716.5b09b1c7@alans-desktop>
 <93a7bd73-1123-90a7-b22d-02964ba29fb0@codeaurora.org>
 <999c5499-05c7-4702-77a7-dfb56ba577d2@codeaurora.org>
 <20180105133609.636b2d1f@alans-desktop>
From: "Kohli, Gaurav" <gkohli@codeaurora.org>
Message-ID: <a502434e-b534-0e59-fa31-7644a23152eb@codeaurora.org>
Date: Fri, 5 Jan 2018 19:26:39 +0530
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <20180105133609.636b2d1f@alans-desktop>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>



On 1/5/2018 7:06 PM, Alan Cox wrote:
> On Fri, 5 Jan 2018 13:15:45 +0530
> "Kohli, Gaurav" <gkohli@codeaurora.org> wrote:
>
>> Hi Alan,
>>>>> Can you make that code available otherwise it's impossible to see
>>>>> what the problem might be.
>>>   
>>    https://source.codeaurora.org/quic/la/kernel/msm-4.9/tree/drivers/tty/serial?h=msm-4.9
>>    As discussed , there not seems a problem as we are getting print
>> request even when port seems to closed.
>>
>>
>> tty_ldisc_lock(tty, 5 * HZ);
>>    tty_ldisc_setup(tty);
>>    tty_ldisc_unlock(tty)
>>
>> But in above lock,  there is a chance when flush_to_ldisc will occur
>> first and acquired a lock in
>> tty_ldisc_ref itself.
> Which is fine.
>
> If the flush_to_ldisc gets there first then it will find there is a NULL
> ldisc and do nothing. When it finishes the tty_init_dev will run and will
> be protected from a further re-entry.
>
> If the init_dev gets there first it will complete the init before the
> flush_to_ldisc is permitted to proceed.
>
> In other words we restore the intended invariant that ldisc's do not get
> entered while their setup routine is running.
>
>

But in above case , there we can hit another race, if we have a sequence 
like this
tty_init_dev->alloc_tty_struct -> tty_ldisc_init -> this will initialize 
ldisc ,
but at this moment disc_data is still NULL

And if flush_to_ldisc comes in between, it will take ldisc reference and 
proceeds receive buffer.


Regards
Gaurav


-- 
Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project.