Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752598AbeAEU2V (ORCPT + 1 other); Fri, 5 Jan 2018 15:28:21 -0500 Received: from smtp.codeaurora.org ([198.145.29.96]:54988 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751219AbeAEU2T (ORCPT ); Fri, 5 Jan 2018 15:28:19 -0500 DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org C917A60B21 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=gkohli@codeaurora.org Subject: Re: [PATCH] tty: fix data race in n_tty_receive_buf_common From: "Kohli, Gaurav" To: Alan Cox Cc: jslaby@suse.com, gregkh@linuxfoundation.org, mikey@neuling.org, linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org References: <1514987332-14122-1-git-send-email-gkohli@codeaurora.org> <20180103193807.465e054e@alans-desktop> <0a456419-c836-08cf-070b-a254fb702b75@codeaurora.org> <20180104110920.169a1fe5@alans-desktop> <0dbd1f05-4c94-d1cc-3858-7bd4d38b9212@codeaurora.org> <20180104143716.5b09b1c7@alans-desktop> <93a7bd73-1123-90a7-b22d-02964ba29fb0@codeaurora.org> <999c5499-05c7-4702-77a7-dfb56ba577d2@codeaurora.org> <20180105133609.636b2d1f@alans-desktop> <20180105141504.0e399394@alans-desktop> <1097619b-9e03-cba8-e40e-b0c00a53b84c@codeaurora.org> Message-ID: <986c5915-d6a6-22f9-12a1-cf9f627b0b85@codeaurora.org> Date: Sat, 6 Jan 2018 01:58:12 +0530 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <1097619b-9e03-cba8-e40e-b0c00a53b84c@codeaurora.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: HI Alan, Sorry correcting the typo here: On 1/6/2018 1:44 AM, Kohli, Gaurav wrote: > Hi Alan, > > > On 1/5/2018 7:45 PM, Alan Cox wrote: >>> But in above case , there we can hit another race, if we have a >>> sequence >>> like this >>> tty_init_dev->alloc_tty_struct -> tty_ldisc_init -> this will >>> initialize >>> ldisc , >>> but at this moment disc_data is still NULL >>> >>> And if flush_to_ldisc comes in between, it will take ldisc reference >>> and >>> proceeds receive buffer. >> So you need to move the lock up one line to protect the assignment to >> tty->port->itty. We can do that. >> >> At that point your flush_to_ldisc should see either port->itty = NULL >> or a >> valid initialized ldisc. >> >> > > Yes , with little modification this should work. > > +retval =  tty_ldisc_lock(tty, 5 * HZ); > +if (retval) > +         goto err_release_lock; > tty->port->itty = tty; > /* > * Structures all installed ... call the ldisc open routines. > * If we fail here just call release_tty to clean up.  No need > * to decrement the use counts, as release_tty doesn't care. > */ > retval = tty_ldisc_setup(tty, tty->link); >         if (retval) >             goto err_release_tty; > tty_ldisc_unlock(tty); > err_release_tty: > tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", >     retval, idx); > +err_release_lock;     +tty_unlock(tty);     +release_tty(tty, idx); > +tty_ldisc_unlock(tty); > +return ERR_PTR(retval); > > Please let me know if above modification seems fine , then we can > upload this and try reproduction of Bug. > > Regards > Gaurav > -- Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.