Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp5255884imm; Tue, 18 Sep 2018 06:48:44 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZr0IZ3QY6Om9O8n7BY0kOcrLWTonRhAdWI/B6vFbMG1A9bUy/sSA6p64DSwh3ZiyGbh1LG X-Received: by 2002:a62:384a:: with SMTP id f71-v6mr31009722pfa.48.1537278524604; Tue, 18 Sep 2018 06:48:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537278524; cv=none; d=google.com; s=arc-20160816; b=GW1Nct35TmVfAm5dE92GVQ7SO/jLSbrAIM2FzdRD7Jos2ZxhImHea/Eo8JPZG6tWH8 LN4QWEIcU2uTifZ9k5KVCsYI+zO6AbvC7rjH/jdZBQpn5GzSvmydug9Wa5koIrYAk80w VDYK18E0Y77gRH7C5dv9RqZ6c5xyGsqCnRhf5lzLaZdzypDohvThbbsiZMEchNYreGZ0 j/wPGoqlD9AE7FYswulki3i3k6E65IDt7wRdb9KCvTR9akwQ5gAPbbYBtVQ2po2KF+he CzYcadb7ZHoV/39vOCw1598siXrHcKH3Qk9ErNko0zMzfh+43FkWBfU9E541VkDslNNZ EzXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=DmQF8QISTnVItynry2Bfg5YWkAfwtpf/LvKTKVpHYdA=; b=ULeI4fVeXM9wp6ny5vZW4QGym5X2Uz6RYJkhxGCOoCpFUG/A/1j8FM/oSVJPg6pOm8 VUe2J81PAwov45jZU6nLKGG6TgYnijo0XTfEEPmWVmvkhXZYLbvpWpqR89tqNlJ6tJpK MUoo2Q0DYJFrXf/CInr0twVRRZkEU0VbJGtuz6rTvdk4DBDRE95QBpg0Z4w4NITpD5Ue jJEAxQel43MhNtCZGuBcdLnCriGk/JRFMiaSa3bouG3ysRBo4h0BAzFL+pihLubEK5zz E/DN81RwIR6r5kE+khInIZ5aXe7eKwXdKKdVDn9oLn7JFl+K8z97e3y7GJ77BmTPgD9l f98Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x24-v6si18941209pln.465.2018.09.18.06.48.29; Tue, 18 Sep 2018 06:48:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730101AbeIRTUS (ORCPT + 99 others); Tue, 18 Sep 2018 15:20:18 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:42466 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729837AbeIRTUS (ORCPT ); Tue, 18 Sep 2018 15:20:18 -0400 Received: from localhost (unknown [147.67.4.98]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 3D167C03; Tue, 18 Sep 2018 13:47:36 +0000 (UTC) Date: Tue, 18 Sep 2018 15:47:34 +0200 From: Greg Kroah-Hartman To: Dmitry Safonov Cc: linux-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com>, Daniel Axtens , Dmitry Vyukov , Mark Rutland , Michael Neuling , Mikulas Patocka , Nathan March , Pasi =?iso-8859-1?Q?K=E4rkk=E4inen?= , Peter Hurley , Peter Zijlstra , "Rong, Chen" , Sergey Senozhatsky , Tan Xiaojun , Tetsuo Handa , Jiri Slaby , syzbot+3aa9784721dfb90e984d@syzkaller.appspotmail.com, stable@vger.kernel.org, Jiri Slaby Subject: Re: [PATCHv5 3/7] tty: Hold tty_ldisc_lock() during tty_reopen() Message-ID: <20180918134734.GE23431@kroah.com> References: <20180917235258.5719-1-dima@arista.com> <20180917235258.5719-4-dima@arista.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180917235258.5719-4-dima@arista.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 18, 2018 at 12:52:54AM +0100, Dmitry Safonov wrote: > tty_ldisc_reinit() doesn't race with neither tty_ldisc_hangup() > nor set_ldisc() nor tty_ldisc_release() as they use tty lock. > But it races with anyone who expects line discipline to be the same > after hoding read semaphore in tty_ldisc_ref(). > > We've seen the following crash on v4.9.108 stable: > > BUG: unable to handle kernel paging request at 0000000000002260 > IP: [..] n_tty_receive_buf_common+0x5f/0x86d > Workqueue: events_unbound flush_to_ldisc > Call Trace: > [..] n_tty_receive_buf2 > [..] tty_ldisc_receive_buf > [..] flush_to_ldisc > [..] process_one_work > [..] worker_thread > [..] kthread > [..] ret_from_fork > > tty_ldisc_reinit() should be called with ldisc_sem hold for writing, > which will protect any reader against line discipline changes. > > Backport-first: b027e2298bd5 ("tty: fix data race between tty_init_dev > and flush of buf") What does this mean? Does this require that patch for a stable patch? If so, just do: Cc: stable@vger.kernel.org # b027e2298bd5 ("tty: fix data race between tty_init_dev and flush of buf") in the signed-off-by area. The stable documentation should describe this pretty well. If not, we can modify it to make it more obvious. can you fix this up for the next resend of this series? thanks, greg k-h