Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp606033imm; Wed, 29 Aug 2018 07:47:05 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZG44hgVL3J8UrOajI37H0hwJDyQi2npsgRckL+ZUT5dpO9gx3PDkKA4GUCW/kCvL9loXy6 X-Received: by 2002:a63:e54b:: with SMTP id z11-v6mr5967894pgj.328.1535554025772; Wed, 29 Aug 2018 07:47:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535554025; cv=none; d=google.com; s=arc-20160816; b=jJNu/V9bsdx3y7o4zqoauxjwlce6ZB3VRmETRAa3MsJf9Dyqc88ikVzvV7vii+NZBS 0VaU/kcGU6TAw1mlbOzEPvWZnRx6vgFvqUUUGUmOfCjaQAOt6LX8HmjwIyHlK45FV60A 2AeZWi9n323kjqc0YpgIewl5KAlDWi4va8G1t31wwExwnrqAFG2d4clP2Q70OzLgocKO c2xgxKH0Oq4x3AnCGr2FIy0hz2lEn++1qxAJy0zotACsPodaMYTRIpcMVykGzKnDQ1W7 qp6k72KgTKmBehHGxVWreBEApmiV2opusVnc5aocLbEuFDLlRKGZk2haIVwzPN5sdRl1 YFVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:references:cc:to:from:subject :arc-authentication-results; bh=64WohJSXDJNJugpF46jR+nakO76M5Mm5Ei19zgkmbF8=; b=FLgWD5FVEQc1IST4zebCk+IKI/EE4rMgfFcKGKpUHLSmbCosvAbZ1AWwVXNrKR3gOz g9gT8sPjztatwocFTF7lBNcWVX3KUykASx+2g8RkEfRVr3QFEQGMPvzv0K3bvay2NNTW cT+nIlbMk5yP7G68UPfNi6DrDajaSkx/dhUzvUCYsVjV90Ohc7fKvZvMCtsD1svzLmdu 8JCXboclIVJClsvV/cJc5xlUa2EtH/mrJNL1hFPOdSO8lPoHO2Kr2xMuxPj6cXdbd60g oDzsiSM2AFIYNQ8AgeYP3FWJ+Bdeb0X4EgMRa6HELTqc0/sjdDxK2GjBS9tAfU52ykAd Js7w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r7-v6si4037996pfi.147.2018.08.29.07.46.50; Wed, 29 Aug 2018 07:47:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728837AbeH2SnA (ORCPT + 99 others); Wed, 29 Aug 2018 14:43:00 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:38847 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727204AbeH2Sm7 (ORCPT ); Wed, 29 Aug 2018 14:42:59 -0400 Received: by mail-wr1-f65.google.com with SMTP id w11-v6so5088619wrc.5; Wed, 29 Aug 2018 07:45:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:references:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=64WohJSXDJNJugpF46jR+nakO76M5Mm5Ei19zgkmbF8=; b=EWUBtZxWlKDaWacZtUg2hgHlUKDYdnH8G5Xa9GOOucPKWUyspyuiPz+AKISEVq+ZL5 IY5N39U2XnIH8W/vKQH1jwYEa80CM837CM7qhynJJVN3YJrjlor5Kb+Bi0FYnvK0oWrd Cy0I1cJhlO37vHAzKO1s7F/8tNvkbeBjBVH/GjRtvwtr82VyzifShH45UUJZVTT7oPJM iUu/hO01QDL/J3dtdWlbgmwnpb2SuaIFB1ddjk8RB45BGnTvcDhmBr/gLs3+TmrEcan5 cdiuxmBoOy+H9+B82vEFPLLTivgCQTFT7yHvQaEX/sYvzu3XsnFL9Yqg+mBPK2+7lLuN qP5w== X-Gm-Message-State: APzg51D7SZxD6Fb7NXQd3FdPSdtKMjVbo0N2PYbNzS9IyjtZxB2YJwh0 L9DKOgQSvU+68/OPRr/Vl6dt3n8Z X-Received: by 2002:adf:9b9b:: with SMTP id d27-v6mr4665639wrc.240.1535553940922; Wed, 29 Aug 2018 07:45:40 -0700 (PDT) Received: from ?IPv6:2a01:4240:2e27:ad85:aaaa::70f? ([2a01:4240:2e27:ad85:aaaa::70f]) by smtp.gmail.com with ESMTPSA id t70-v6sm3879796wmt.30.2018.08.29.07.45.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Aug 2018 07:45:40 -0700 (PDT) Subject: Re: [PATCH 2/4] tty: Hold tty_ldisc_lock() during tty_reopen() From: Jiri Slaby To: Dmitry Safonov , linux-kernel@vger.kernel.org Cc: Daniel Axtens , Dmitry Safonov <0x7f454c46@gmail.com>, Sergey Senozhatsky , Dmitry Vyukov , Tan Xiaojun , Peter Hurley , =?UTF-8?B?UGFzaSBLw6Rya2vDpGluZW4=?= , Greg Kroah-Hartman , Michael Neuling , Mikulas Patocka , stable@vger.kernel.org References: <20180829022353.23568-1-dima@arista.com> <20180829022353.23568-3-dima@arista.com> <914d8184-d5e6-519c-b355-7f1360cfa6a0@suse.cz> Openpgp: preference=signencrypt Autocrypt: addr=jslaby@suse.cz; prefer-encrypt=mutual; keydata= xsFNBE6S54YBEACzzjLwDUbU5elY4GTg/NdotjA0jyyJtYI86wdKraekbNE0bC4zV+ryvH4j rrcDwGs6tFVrAHvdHeIdI07s1iIx5R/ndcHwt4fvI8CL5PzPmn5J+h0WERR5rFprRh6axhOk rSD5CwQl19fm4AJCS6A9GJtOoiLpWn2/IbogPc71jQVrupZYYx51rAaHZ0D2KYK/uhfc6neJ i0WqPlbtIlIrpvWxckucNu6ZwXjFY0f3qIRg3Vqh5QxPkojGsq9tXVFVLEkSVz6FoqCHrUTx wr+aw6qqQVgvT/McQtsI0S66uIkQjzPUrgAEtWUv76rM4ekqL9stHyvTGw0Fjsualwb0Gwdx ReTZzMgheAyoy/umIOKrSEpWouVoBt5FFSZUyjuDdlPPYyPav+hpI6ggmCTld3u2hyiHji2H cDpcLM2LMhlHBipu80s9anNeZhCANDhbC5E+NZmuwgzHBcan8WC7xsPXPaiZSIm7TKaVoOcL 9tE5aN3jQmIlrT7ZUX52Ff/hSdx/JKDP3YMNtt4B0cH6ejIjtqTd+Ge8sSttsnNM0CQUkXps w98jwz+Lxw/bKMr3NSnnFpUZaxwji3BC9vYyxKMAwNelBCHEgS/OAa3EJoTfuYOK6wT6nadm YqYjwYbZE5V/SwzMbpWu7Jwlvuwyfo5mh7w5iMfnZE+vHFwp/wARAQABzSBKaXJpIFNsYWJ5 IDxqaXJpc2xhYnlAZ21haWwuY29tPsLBewQTAQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC HgECF4AFAk6S6P4CGQEACgkQvSWxBAa0cEl1Sg//UMXp//d4lP57onXMC2y8gafT1ap/xuss IvXR+3jSdJCHRaUFTPY2hN0ahCAyBQq8puUa6zaXco5jIzsVjLGVfO/s9qmvBTKw9aP6eTU7 77RLssLlQYhRzh7vapRRp4xDBLvBGBv9uvWORx6dtRjh+e0J0nKKce8VEY+jiXv1NipWf+RV vg1gVbAjBnT+5RbJYtIDhogyuBFg14ECKgvy1Do6tg9Hr/kU4ta6ZBEUTh18Io7f0vr1Mlh4 yl2ytuUNymUlkA/ExBNtOhOJq/B087SmGwSLmCRoo5VcRIYK29dLeX6BzDnmBG+mRE63IrKD kf/ZCIwZ7cSbZaGo+gqoEpIqu5spIe3n3JLZQGnF45MR+TfdAUxNQ4F1TrjWyg5Fo30blYYU z6+5tQbaDoBbcSEV9bDt6UOhCx033TrdToMLpee6bUAKehsUctBlfYXZP2huZ5gJxjINRnlI gKTATBAXF+7vMhgyZ9h7eARG6LOdVRwhIFUMGbRCCMXrLLnQf6oAHyVnsZU1+JWANGFBjsyy fRP2+d8TrlhzN9FoIGYiKjATR9CpJZoELFuKLfKOBsc7DfEBpsdusLT0vlzR6JaGae78Od5+ ljzt88OGNyjCRIb6Vso0IqEavtGOcYG8R5gPhMV9n9/bCIVqM5KWJf/4mRaySZp7kcHyJSb0 O6nOwU0ETpLnhgEQAM+cDWLL+Wvc9cLhA2OXZ/gMmu7NbYKjfth1UyOuBd5emIO+d4RfFM02 XFTIt4MxwhAryhsKQQcA4iQNldkbyeviYrPKWjLTjRXT5cD2lpWzr+Jx7mX7InV5JOz1Qq+P +nJWYIBjUKhI03ux89p58CYil24Zpyn2F5cX7U+inY8lJIBwLPBnc9Z0An/DVnUOD+0wIcYV nZAKDiIXODkGqTg3fhZwbbi+KAhtHPFM2fGw2VTUf62IHzV+eBSnamzPOBc1XsJYKRo3FHNe LuS8f4wUe7bWb9O66PPFK/RkeqNX6akkFBf9VfrZ1rTEKAyJ2uqf1EI1olYnENk4+00IBa+B avGQ8UW9dGW3nbPrfuOV5UUvbnsSQwj67pSdrBQqilr5N/5H9z7VCDQ0dhuJNtvDSlTf2iUF Bqgk3smln31PUYiVPrMP0V4ja0i9qtO/TB01rTfTyXTRtqz53qO5dGsYiliJO5aUmh8swVpo tgK4/57h3zGsaXO9PGgnnAdqeKVITaFTLY1ISg+Ptb4KoliiOjrBMmQUSJVtkUXMrCMCeuPD GHo739Xc75lcHlGuM3yEB//htKjyprbLeLf1y4xPyTeeF5zg/0ztRZNKZicgEmxyUNBHHnBK HQxz1j+mzH0HjZZtXjGu2KLJ18G07q0fpz2ZPk2D53Ww39VNI/J9ABEBAAHCwV8EGAECAAkF Ak6S54YCGwwACgkQvSWxBAa0cEk3tRAAgO+DFpbyIa4RlnfpcW17AfnpZi9VR5+zr496n2jH /1ldwRO/S+QNSA8qdABqMb9WI4BNaoANgcg0AS429Mq0taaWKkAjkkGAT7mD1Q5PiLr06Y/+ Kzdr90eUVneqM2TUQQbK+Kh7JwmGVrRGNqQrDk+gRNvKnGwFNeTkTKtJ0P8jYd7P1gZb9Fwj 9YLxjhn/sVIhNmEBLBoI7PL+9fbILqJPHgAwW35rpnq4f/EYTykbk1sa13Tav6btJ+4QOgbc ezWIwZ5w/JVfEJW9JXp3BFAVzRQ5nVrrLDAJZ8Y5ioWcm99JtSIIxXxt9FJaGc1Bgsi5K/+d yTKLwLMJgiBzbVx8G+fCJJ9YtlNOPWhbKPlrQ8+AY52Aagi9WNhe6XfJdh5g6ptiOILm330m kR4gW6nEgZVyIyTq3ekOuruftWL99qpP5zi+eNrMmLRQx9iecDNgFr342R9bTDlb1TLuRb+/ tJ98f/bIWIr0cqQmqQ33FgRhrG1+Xml6UXyJ2jExmlO8JljuOGeXYh6ZkIEyzqzffzBLXZCu jlYQDFXpyMNVJ2ZwPmX2mWEoYuaBU0JN7wM+/zWgOf2zRwhEuD3A2cO2PxoiIfyUEfB9SSmf faK/S4xXoB6wvGENZ85Hg37C7WDNdaAt6Xh2uQIly5grkgvWppkNy4ZHxE+jeNsU7tg= Message-ID: <1a3acb7c-5523-7b72-1468-682c429b56e6@suse.cz> Date: Wed, 29 Aug 2018 16:45:39 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <914d8184-d5e6-519c-b355-7f1360cfa6a0@suse.cz> Content-Type: text/plain; charset=iso-8859-2 Content-Language: en-GB Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 08/29/2018, 04:40 PM, Jiri Slaby wrote: > On 08/29/2018, 04:23 AM, Dmitry Safonov wrote: >> tty_ldisc_reinit() doesn't race with neither tty_ldisc_hangup() >> nor set_ldisc() nor tty_ldisc_release() as they use tty lock. >> But it races with anyone who expects line discipline to be the same >> after hoding read semaphore in tty_ldisc_ref(). >> >> We've seen the following crash on v4.9.108 stable: >> >> BUG: unable to handle kernel paging request at 0000000000002260 >> IP: [..] n_tty_receive_buf_common+0x5f/0x86d >> Workqueue: events_unbound flush_to_ldisc >> Call Trace: >> [..] n_tty_receive_buf2 >> [..] tty_ldisc_receive_buf >> [..] flush_to_ldisc >> [..] process_one_work >> [..] worker_thread >> [..] kthread >> [..] ret_from_fork >> >> I think, tty_ldisc_reinit() should be called with ldisc_sem hold for >> writing, which will protect any reader against line discipline changes. >> >> Note: I failed to reproduce the described crash, so obiviously can't >> guarantee that this is the place where line discipline was switched. ... > So what about: > tty_ldisc_lock(tty, MAX_SCHEDULE_TIMEOUT); > if (!tty->ldisc) > ret = tty_ldisc_reinit(tty, tty->termios.c_line); > tty_ldisc_unlock(tty); > > if (!ret) > tty->count++; > > return ret; I forgot to add that I debugged a different NULL ptr deref to this very same root cause today (set_termios called with NULL tty->disc_data). So really, tty_reinit's ldisc change must be protected by the ldisc_sem, otherwise other threads will see tty->ldisc, but not tty->disc_data. thanks, -- js suse labs