Received: by 10.223.176.5 with SMTP id f5csp999768wra; Fri, 2 Feb 2018 09:29:03 -0800 (PST) X-Google-Smtp-Source: AH8x227wZxLnpAyoBp4km9zvXaVruKnKRHCIVPwXfJvjx4ZWEiHHZ+6JJu/RpboAQnLWYwD2m+6p X-Received: by 10.99.49.73 with SMTP id x70mr4529557pgx.394.1517592542947; Fri, 02 Feb 2018 09:29:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517592542; cv=none; d=google.com; s=arc-20160816; b=gyHVn3LYz7L6aDfKaanoL3dY/OjUW7HV59rBwbaeK4OjnXFKALIdeb0Pi8Tio1IZrt gG8fXo6wkNYWzcM/FmwOLN65txfTBdID+W0mg2xlIeXBdiZ2lkGd4E0pEQvtyPLrBYEv tqBlh6onqNgxPB90d5qcnwESJnh9QLA0OGH4wEyiairdWlv4rYN+3UQjwKEhnKTdY2n9 Ktpspy+6Z2OGVNerP8qh2+Jf0ildUIO9lqClfgHsySfBHN4zGeblQF4w39M6ue7p9fxT R3qHXvhxbAy2EAhoTnWG7EYPK58lRehd+GZylHnzwAj/tii9reUT8JvDrfjubYJfmKl+ E5ZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=VG9GHemGnP6g5k1g7LE0HvXHHSaq20Gs3aAonRZt0xQ=; b=DLStL+X34HG8YLHCb9O2/nlrc8Fik1DDdY0uwzMivORrsLqjtDfI1FPmTB9sMYESNX BxVX9fQvMoHN8ZR0zXN0N0oKRjVA1vpaErMsyFzaPZs4UYCJ5YAKEKOPgTY7wCvHpDW8 uOUPWJaEQhH2zZ8N4Dr158Gf+ediigCa0+ncn5elsSHMszMkrnVvR/cmUwCn2EcxQWQ+ PRsfN28v1lIMcP7lPTixQ1eyTEU1m3BrL1018ovPsbiVRhQntaKZteW/NKGK8eMOisLo oamVzhC13o6pZNhQ5/Gujb3pJ1LdZRhzl6qFS1FETAQ1umB9E/TAjJIJyuhkWC9qWIxq G3qA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r74si2110560pfg.270.2018.02.02.09.28.48; Fri, 02 Feb 2018 09:29:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754159AbeBBR0f (ORCPT + 99 others); Fri, 2 Feb 2018 12:26:35 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:40832 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753421AbeBBRPq (ORCPT ); Fri, 2 Feb 2018 12:15:46 -0500 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id C4DE0D81; Fri, 2 Feb 2018 17:15:45 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Gaurav Kohli , Alan Cox Subject: [PATCH 4.15 30/55] tty: fix data race between tty_init_dev and flush of buf Date: Fri, 2 Feb 2018 17:58:48 +0100 Message-Id: <20180202140829.255840067@linuxfoundation.org> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180202140826.117602411@linuxfoundation.org> References: <20180202140826.117602411@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: Gaurav Kohli commit b027e2298bd588d6fa36ed2eda97447fb3eac078 upstream. There can be a race, if receive_buf call comes before tty initialization completes in n_tty_open and tty->disc_data may be NULL. CPU0 CPU1 ---- ---- 000|n_tty_receive_buf_common() n_tty_open() -001|n_tty_receive_buf2() tty_ldisc_open.isra.3() -002|tty_ldisc_receive_buf(inline) tty_ldisc_setup() Using ldisc semaphore lock in tty_init_dev till disc_data initializes completely. Signed-off-by: Gaurav Kohli Reviewed-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- drivers/tty/tty_io.c | 8 +++++++- drivers/tty/tty_ldisc.c | 4 ++-- include/linux/tty.h | 2 ++ 3 files changed, 11 insertions(+), 3 deletions(-) --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c @@ -1323,6 +1323,9 @@ struct tty_struct *tty_init_dev(struct t "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", __func__, tty->driver->name); + retval = tty_ldisc_lock(tty, 5 * HZ); + if (retval) + goto err_release_lock; tty->port->itty = tty; /* @@ -1333,6 +1336,7 @@ struct tty_struct *tty_init_dev(struct t retval = tty_ldisc_setup(tty, tty->link); if (retval) goto err_release_tty; + tty_ldisc_unlock(tty); /* Return the tty locked so that it cannot vanish under the caller */ return tty; @@ -1345,9 +1349,11 @@ err_module_put: /* call the tty release_tty routine to clean out this slot */ err_release_tty: - tty_unlock(tty); + tty_ldisc_unlock(tty); tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", retval, idx); +err_release_lock: + tty_unlock(tty); release_tty(tty, idx); return ERR_PTR(retval); } --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -337,7 +337,7 @@ static inline void __tty_ldisc_unlock(st ldsem_up_write(&tty->ldisc_sem); } -static int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout) +int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout) { int ret; @@ -348,7 +348,7 @@ static int tty_ldisc_lock(struct tty_str return 0; } -static void tty_ldisc_unlock(struct tty_struct *tty) +void tty_ldisc_unlock(struct tty_struct *tty) { clear_bit(TTY_LDISC_HALTED, &tty->flags); __tty_ldisc_unlock(tty); --- a/include/linux/tty.h +++ b/include/linux/tty.h @@ -405,6 +405,8 @@ extern const char *tty_name(const struct extern struct tty_struct *tty_kopen(dev_t device); extern void tty_kclose(struct tty_struct *tty); extern int tty_dev_name_to_number(const char *name, dev_t *number); +extern int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout); +extern void tty_ldisc_unlock(struct tty_struct *tty); #else static inline void tty_kref_put(struct tty_struct *tty) { }