Received: by 10.213.65.68 with SMTP id h4csp701637imn; Thu, 22 Mar 2018 06:49:28 -0700 (PDT) X-Google-Smtp-Source: AG47ELvKQbVnOyVKjBpf+rMVIm5WgAOtPx1ONwc17C/JMAIE+wdQIdywLouVpE5KT62rFOCoO/b6 X-Received: by 10.99.172.84 with SMTP id z20mr17657984pgn.273.1521726567988; Thu, 22 Mar 2018 06:49:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521726567; cv=none; d=google.com; s=arc-20160816; b=FGPCl9U6D+0s7vmBy/RcQrFeX4UcYsQV6hE7k1kBEa+YffqzxssBgZ0na8oSIBah8d UVoMLQ0UYtPgZYAf1IQijQD4WA2jS3tAcAtCl7+nJjw6AMuPlm7x5dGutZ42Q5XCXH8T xcY6JOuiqLR8EFcFYYo3FQbtIyHL9F9ZgZbEK4TZ8t77sG2iwMCIXHifEu4D4bud5q2q rxkMy96jDG+6MrkdBtHBH3VVmwlsbeIGFh28uPq1+Y2DQ/DgXdmQWO7XUbT/kzatGcVm 0B31FxjdJQ0L2MF3Wi97Jc3VpwLXd7bx1wbUYU6ncrpyEiq+pCT9HJr3XJRjzb0ngD4T 80mA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=5wyhMzRgBNiEWeS3YtPAYuINyRBl7sq5+gIK2NiCPno=; b=uriI3+15UNSq4pw5sUUcaHBMSpM1J1PbbVvKMnEg5xIQrmhX6b5BGDNp6ddw5uEYg9 BJ7mYlW339wuWavyp8g2n1pL/8w6JsiFDgTDn3LlYSQNsmLcx7Ko3QSA4/Cq/88v8YgM TS91T5dF1jrE30surPcDUAOK6DjXGmOY4BH+O2NBEND286zVFgiW/odWKkwHxeavUjAx 46j9iSI14Hct0Zg8kWpC4PtK+mQnlYoBwRCwqyfh2Owcrgz4LIA/YwGfqe+gtPjvH18C V0ZsLKwrlJQf+nbeQBJAHHjN8HYVh9QvQD7wK2ZYHuhLQJ04Z6q5JkXMeIePJbRHlSjT qPDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@axtens.net header.s=google header.b=B9Ql1N5g; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n19-v6si6108864plp.582.2018.03.22.06.49.09; Thu, 22 Mar 2018 06:49:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@axtens.net header.s=google header.b=B9Ql1N5g; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755262AbeCVNsP (ORCPT + 99 others); Thu, 22 Mar 2018 09:48:15 -0400 Received: from mail-wm0-f67.google.com ([74.125.82.67]:50674 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755136AbeCVNsK (ORCPT ); Thu, 22 Mar 2018 09:48:10 -0400 Received: by mail-wm0-f67.google.com with SMTP id f19so16138135wmc.0 for ; Thu, 22 Mar 2018 06:48:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version; bh=5wyhMzRgBNiEWeS3YtPAYuINyRBl7sq5+gIK2NiCPno=; b=B9Ql1N5g7zQqacaF77YkjVP10PFDvzv1eeLkCGi7WSQTquUqMt8ALmclY6/PpkKiOs HV3ekpYmbRVAKuTBQ1eWdf3/jV/xl2HiiEIiOJih/e5tO1rHsu7bdT0g8b0LUZUgE5FK d6eEnlpuBwIjdJGUN6to1SEmkIG6ODcwnTxaA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=5wyhMzRgBNiEWeS3YtPAYuINyRBl7sq5+gIK2NiCPno=; b=ND2tEyibo2Rt03L8oE9SeLMT6D7EULoauJ/Uwocr/vNoRXsHYRMOxrzINI9zFd6wIT Q88o7gwsG2MaTmE1JrnBJl2OXoH3pfx8g032wXEtWiQvjO+qtZcAUvV9sJoJmaiNzJP/ iVB/HaBRs4akgjHGSWY6DOa9yWrDFHOth09K61R3PgfjxAAlXYrvBF4hJ6YPPst3PY49 LKsopx9AtZ5UEy/rGfXGYz8QDanWkyUjQcr1UqwVTcAQpjNugwHt71vPlKUtsxTMNEqQ 84W1ozj1X2qoMntPyNrQf4+EdhMlmhUOl8/KHRh6V7FXPJ50YMyRcSFb5htJa2uK4wiZ uq7A== X-Gm-Message-State: AElRT7GmvZxByOVbr1mg8xpenvbvFFLdQ3bHQzgFmghBm7+qsRAe0N1b 5aF/CHxRlH8R2Kn/Kj6hE/jabA== X-Received: by 10.28.161.4 with SMTP id k4mr5284366wme.132.1521726489079; Thu, 22 Mar 2018 06:48:09 -0700 (PDT) Received: from localhost ([2001:67c:1560:8007::aac:c356]) by smtp.gmail.com with ESMTPSA id c34sm6269252wrc.60.2018.03.22.06.48.07 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 22 Mar 2018 06:48:08 -0700 (PDT) From: Daniel Axtens To: Michael Neuling , Mikulas Patocka , Peter Hurley Cc: Greg Kroah-Hartman , Jiri Slaby , Linux Kernel Mailing List , Michael Neuling Subject: Re: tty crash in Linux 4.6 In-Reply-To: References: <573A5996.3080305@hurleysoftware.com> <573B3F84.5050201@hurleysoftware.com> <573B5E4C.8030808@hurleysoftware.com> Date: Fri, 23 Mar 2018 00:48:06 +1100 Message-ID: <87po3wusq1.fsf@linkitivity.dja.id.au> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, >> This patch works, I've had no tty crashes since applying it. >> >> I've seen that you haven't sent this patch yet to Linux-4.7-rc and >> Linux-4.6-stable. Will you? Or did you create a different patch? > > We are hitting this now on powerpc. This patch never seemed to make > it upstream (drivers/tty/tty_ldisc.c hasn't been touched in 1 year). I seem to be hitting this too on a kernel that has the 4.6 changes backported to 4.4. Has there been any further progress on getting this accepted? Regards, Daniel > > Peter, can we take this patch as is, or do you have an updated version? > > Mikey > >> Mikulas >> >> >> On Tue, 17 May 2016, Peter Hurley wrote: >> >> > On 05/17/2016 08:57 AM, Peter Hurley wrote: >> > > On 05/16/2016 04:36 PM, Peter Hurley wrote: >> > >> > Hi Mikulas, >> > >> > >> > >> > On 05/16/2016 01:12 PM, Mikulas Patocka wrote: >> > >>> >> Hi >> > >>> >> >> > >>> >> In the kernel 4.6 I get crashes in the tty layer. I can reproduce the >> > >>> >> crash by logging into the machine with ssh and typing before the prompt >> > >>> >> appears. >> > >> > >> > >> > Thanks for the report. >> > >> > I tried to reproduce this a number of times on different machines >> > >> > with no luck. >> > > >> > > I was able to reproduce this crash with a test jig. >> > > The patch below fixed it, but I'm testing a better patch now, which >> > > I'll get to you asap. >> > >> > --- >% --- >> > Subject: [PATCH] tty: Fix ldisc crash on reopened tty >> > >> > If the tty has been hungup, the ldisc instance may have been destroyed. >> > Continued input to the tty will be ignored as long as the ldisc instance >> > is not visible to the flush_to_ldisc kworker. However, when the tty >> > is reopened and a new ldisc instance is created, the flush_to_ldisc >> > kworker can obtain an ldisc reference before the new ldisc is >> > completely initialized. This will likely crash: >> > >> > BUG: unable to handle kernel paging request at 0000000000002260 >> > IP: [] n_tty_receive_buf_common+0x6d/0xb80 >> > PGD 2ab581067 PUD 290c11067 PMD 0 >> > Oops: 0000 [#1] PREEMPT SMP >> > Modules linked in: nls_iso8859_1 ip6table_filter [.....] >> > CPU: 2 PID: 103 Comm: kworker/u16:1 Not tainted 4.6.0-rc7+wip-xeon+debug #rc7+wip >> > Hardware name: Dell Inc. Precision WorkStation T5400 /0RW203, BIOS A11 04/30/2012 >> > Workqueue: events_unbound flush_to_ldisc >> > task: ffff8802ad16d100 ti: ffff8802ad31c000 task.ti: ffff8802ad31c000 >> > RIP: 0010:[] [] n_tty_receive_buf_common+0x6d/0xb80 >> > RSP: 0018:ffff8802ad31fc70 EFLAGS: 00010296 >> > RAX: 0000000000000000 RBX: ffff8802aaddd800 RCX: 0000000000000001 >> > RDX: 00000000ffffffff RSI: ffffffff810db48f RDI: 0000000000000246 >> > RBP: ffff8802ad31fd08 R08: 0000000000000000 R09: 0000000000000001 >> > R10: ffff8802aadddb28 R11: 0000000000000001 R12: ffff8800ba6da808 >> > R13: ffff8802ad18be80 R14: ffff8800ba6da858 R15: ffff8800ba6da800 >> > FS: 0000000000000000(0000) GS:ffff8802b0a00000(0000) knlGS:0000000000000000 >> > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >> > CR2: 0000000000002260 CR3: 000000028ee5d000 CR4: 00000000000006e0 >> > Stack: >> > ffffffff81531219 ffff8802aadddab8 ffff8802aadddde0 ffff8802aadddd78 >> > ffffffff00000001 ffff8800ba6da858 ffff8800ba6da860 ffff8802ad31fd30 >> > ffffffff81885f78 ffffffff81531219 0000000000000000 0000000200000000 >> > Call Trace: >> > [] ? flush_to_ldisc+0x49/0xd0 >> > [] ? mutex_lock_nested+0x2c8/0x430 >> > [] ? flush_to_ldisc+0x49/0xd0 >> > [] n_tty_receive_buf2+0x14/0x20 >> > [] tty_ldisc_receive_buf+0x22/0x50 >> > [] flush_to_ldisc+0xbe/0xd0 >> > [] process_one_work+0x1ed/0x6e0 >> > [] ? process_one_work+0x16f/0x6e0 >> > [] worker_thread+0x4e/0x490 >> > [] ? process_one_work+0x6e0/0x6e0 >> > [] kthread+0xf2/0x110 >> > [] ? preempt_count_sub+0x4c/0x80 >> > [] ret_from_fork+0x22/0x50 >> > [] ? kthread_create_on_node+0x220/0x220 >> > Code: ff ff e8 27 a0 35 00 48 8d 83 78 05 00 00 c7 45 c0 00 00 00 00 48 89 45 80 48 >> > 8d 83 e0 05 00 00 48 89 85 78 ff ff ff 48 8b 45 b8 <48> 8b b8 60 22 00 00 48 >> > 8b 30 89 f8 8b 8b 88 04 00 00 29 f0 8d >> > RIP [] n_tty_receive_buf_common+0x6d/0xb80 >> > RSP >> > CR2: 0000000000002260 >> > >> > Ensure the kworker cannot obtain the ldisc reference until the new ldisc >> > is completely initialized. >> > >> > Fixes: 892d1fa7eaae ("tty: Destroy ldisc instance on hangup") >> > Reported-by: Mikulas Patocka >> > Signed-off-by: Peter Hurley >> > --- >> > drivers/tty/tty_ldisc.c | 11 ++++++----- >> > 1 file changed, 6 insertions(+), 5 deletions(-) >> > >> > diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c >> > index cdd063f..bda0c85 100644 >> > --- a/drivers/tty/tty_ldisc.c >> > +++ b/drivers/tty/tty_ldisc.c >> > @@ -669,16 +669,17 @@ int tty_ldisc_reinit(struct tty_struct *tty, int disc) >> > tty_ldisc_put(tty->ldisc); >> > } >> > >> > - /* switch the line discipline */ >> > - tty->ldisc = ld; >> > tty_set_termios_ldisc(tty, disc); >> > - retval = tty_ldisc_open(tty, tty->ldisc); >> > + retval = tty_ldisc_open(tty, ld); >> > if (retval) { >> > if (!WARN_ON(disc == N_TTY)) { >> > - tty_ldisc_put(tty->ldisc); >> > - tty->ldisc = NULL; >> > + tty_ldisc_put(ld); >> > + ld = NULL; >> > } >> > } >> > + >> > + /* switch the line discipline */ >> > + smp_store_release(&tty->ldisc, ld); >> > return retval; >> > } >> > >> > -- >> > 2.8.2 >> > >>