Received: by 10.223.176.46 with SMTP id f43csp3858471wra; Mon, 22 Jan 2018 23:47:23 -0800 (PST) X-Google-Smtp-Source: AH8x2279s64m9vFNeg9GgYkyJBqpcPusD99IdPP00RB810krMBZjCgtUaF20RTLfoTbhqXKF/708 X-Received: by 2002:a17:902:8601:: with SMTP id f1-v6mr4943274plo.380.1516693643131; Mon, 22 Jan 2018 23:47:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516693643; cv=none; d=google.com; s=arc-20160816; b=K+sp7VWjhgza9vfbBs1LMQUEEnzOV5lB6EJf49SxosP+0irCmJEAn/wIfXG0IVuq3+ JXGSk/7yZZ+zieykSfn064Cg900j87/zHJcT111xJt5MCQvix9qSlS+Qllz3cC31pYAO oY/Wu8ReJ0icxPE5wOZeeCkB7ofbKVseCufm4VpjYaxXQQVdI/DK4M3Mpf5Z3+4QdFH6 94V9ivAiPFrVQAgGEYIthGW6lgfYo9S6drPa4QkdR2sLrq1PVaHZjyjpbwyiU/IDbvLT cP4x3vQRIKznzJRdsZxIdjnUCwmsbAfafC94doW6MHR7mWPfvk9A2tBEx88qVnfXtRXH ZG7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=j9zeWSeCq6AJ2BlkiO/tmA8bGHAhZsP5wMtPOR83qac=; b=H/jQKuxh6KS6wad4Vt37NQ4qLe1LjzHigWZ52FvY2TrjlAo37pkat/QHvontVzpKxA SMExpjRdp3JfUcxuYHKnh5/h2/ovn5PHucJp9doTL42S0AKo+/A1uTqQjSidjIncg2vb p4012StjvQbO+96LgtjLvI8jqv/JXGJdlicdhN6yVGLGCifR94cN97U0TrCzMI7cRtiN KaZPO36MRHRPVpiU54CAsL8jXoEwPSatjUKAwNt9Ts/4veUIauyrLfvvxdPHUpX0aBDS dXqyafafB0xbxvpExNFHkQPvzmZCgJQOHhYyBPqNfHVSG0jyk2mvVtdJkvtuvd6aigJE Tf8Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bj8-v6si4342770plb.80.2018.01.22.23.47.07; Mon, 22 Jan 2018 23:47:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751169AbeAWHql (ORCPT + 99 others); Tue, 23 Jan 2018 02:46:41 -0500 Received: from alexa-out.qualcomm.com ([129.46.98.28]:27452 "EHLO alexa-out.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751056AbeAWHqk (ORCPT ); Tue, 23 Jan 2018 02:46:40 -0500 X-IronPort-AV: E=Sophos;i="5.46,400,1511856000"; d="scan'208";a="13499958" Received: from ironmsg-sd-alpha.qualcomm.com ([10.53.140.30]) by alexa-out.qualcomm.com with ESMTP; 22 Jan 2018 23:46:39 -0800 X-IronPort-AV: E=McAfee;i="5900,7806,8781"; a="58224803" X-MGA-submission: =?us-ascii?q?MDGKF0rjSTsF6lEEHjbKMI45q9RfUcsha9ZYLA?= =?us-ascii?q?8CvOSG9Wx1iOuLKQVmT5mzcF/rjPLSyKogv7DNGHEDwqeu8HSKTJmc+b?= =?us-ascii?q?UXH5xYM6JDYA+eQj3EintWI05xBkTq+l1lCYIZY1hDFJmtc0wLh9bD7y?= =?us-ascii?q?V2?= Received: from gkohli-linux.qualcomm.com ([10.204.78.26]) by ironmsg-SD-alpha.qualcomm.com with ESMTP; 22 Jan 2018 23:46:37 -0800 Received: by gkohli-linux.qualcomm.com (Postfix, from userid 427023) id 99B901AC3; Tue, 23 Jan 2018 13:16:35 +0530 (IST) From: Gaurav Kohli To: gnomes@lxorguk.ukuu.org.uk, gregkh@linuxfoundation.org Cc: linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, Gaurav Kohli Subject: [PATCH V2] tty: fix data race between tty_init_dev and flush of buf Date: Tue, 23 Jan 2018 13:16:34 +0530 Message-Id: <1516693594-28288-1-git-send-email-gkohli@codeaurora.org> X-Mailer: git-send-email 1.9.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There can be a race, if receive_buf call comes before tty initialization completes in n_tty_open and tty->disc_data may be NULL. CPU0 CPU1 ---- ---- 000|n_tty_receive_buf_common() n_tty_open() -001|n_tty_receive_buf2() tty_ldisc_open.isra.3() -002|tty_ldisc_receive_buf(inline) tty_ldisc_setup() Using ldisc semaphore lock in tty_init_dev till disc_data initializes completely. Signed-off-by: Gaurav Kohli --- Changes since V1: - Fix compilation, In case TTY is disabled in build. diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c index dc60aee..4b506f2 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c @@ -1323,6 +1323,9 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", __func__, tty->driver->name); + retval = tty_ldisc_lock(tty, 5 * HZ); + if (retval) + goto err_release_lock; tty->port->itty = tty; /* @@ -1333,6 +1336,7 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) retval = tty_ldisc_setup(tty, tty->link); if (retval) goto err_release_tty; + tty_ldisc_unlock(tty); /* Return the tty locked so that it cannot vanish under the caller */ return tty; @@ -1345,9 +1349,11 @@ struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) /* call the tty release_tty routine to clean out this slot */ err_release_tty: - tty_unlock(tty); + tty_ldisc_unlock(tty); tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", retval, idx); +err_release_lock: + tty_unlock(tty); release_tty(tty, idx); return ERR_PTR(retval); } diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c index 24ec5c7..4e7946c 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -337,7 +337,7 @@ static inline void __tty_ldisc_unlock(struct tty_struct *tty) ldsem_up_write(&tty->ldisc_sem); } -static int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout) +int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout) { int ret; @@ -348,7 +348,7 @@ static int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout) return 0; } -static void tty_ldisc_unlock(struct tty_struct *tty) +void tty_ldisc_unlock(struct tty_struct *tty) { clear_bit(TTY_LDISC_HALTED, &tty->flags); __tty_ldisc_unlock(tty); diff --git a/include/linux/tty.h b/include/linux/tty.h index 7ac8ba2..0a6c71e 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h @@ -405,6 +405,8 @@ static inline bool tty_throttled(struct tty_struct *tty) extern struct tty_struct *tty_kopen(dev_t device); extern void tty_kclose(struct tty_struct *tty); extern int tty_dev_name_to_number(const char *name, dev_t *number); +extern int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout); +extern void tty_ldisc_unlock(struct tty_struct *tty); #else static inline void tty_kref_put(struct tty_struct *tty) { } -- Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.