Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2921805imu; Fri, 18 Jan 2019 01:30:35 -0800 (PST) X-Google-Smtp-Source: ALg8bN5OxWqjCnqdoi6eXcrm3/j3LGCeqb1BTrFh/lwPGVoch1okAfl+tRogSpFd0pTDPiHvWrks X-Received: by 2002:aa7:8802:: with SMTP id c2mr18565403pfo.20.1547803835894; Fri, 18 Jan 2019 01:30:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547803835; cv=none; d=google.com; s=arc-20160816; b=bPyppa8Q19pYutIfE3jjQCF0xECZHZKF5+8z1cHZzRW8acYxx8wqLIiQuw3QY5i+Od uC+AEucpG2C7uz9U74U9bAfa1L3yv5ochzwq9vPOLa4mgVu0FW0dkvgnnIxQyVDwXyJ9 BO9v9K6FwxQoYAOifWh+axlf2aXCdaHr23GDTKNCBpyMTQ4lGujdg9m9WliI2QLx1ZzP Q9Sd99zgFMu93WrEAlDgYcCop9G2OOxxo1adAeWDafhAOF7DMh2KQXd60OkxgbhfaI1i GwQ/kSklUosgD8h0jjazQgq5RXjdsNe8SUApKelSCM+LV50gg8V5K/9BN+YO1r9fm5qC SzFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:to:from; bh=x5MZM/UMq97+H2diSmHVNz9o75qTbl9+fPDZjL9MFSU=; b=LrK/bgg96D+tANhM4/oXbQGv68s2r9Zdt3iM5gyTKCavphZJF220Wpg0NZgUzTxIq5 3zWfWqCQeDys00Aqj8xHj23EsbdDhV/N1/UAfZqed00JBb+lQcnNhwdFTE1eImALyI9o PPkoJDMxVuhj1jQ9nkVhrjpRtqyZDYOUYngJopL/jl9PLcPrDC0Nft/+Fm5vBlPrDBra a4OVwCjbhvGbzga3hLVsq3R58z5NOyShEB8ripl6y6y3g/fMxuLsvsacPwECuo53Y/0U RkJVTIMxu+Z+UPXf3fyu+FbcQj2xYOH3q2+5COLy+l+CmOGHfNyNJgXVjcdc5ahh3uzr 0BZQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y6si3917532plr.186.2019.01.18.01.30.16; Fri, 18 Jan 2019 01:30:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726892AbfARJ1a (ORCPT + 99 others); Fri, 18 Jan 2019 04:27:30 -0500 Received: from mx132-tc.baidu.com ([61.135.168.132]:58816 "EHLO tc-sys-mailedm01.tc.baidu.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725856AbfARJ1a (ORCPT ); Fri, 18 Jan 2019 04:27:30 -0500 Received: from localhost (cp01-cos-dev01.cp01.baidu.com [10.92.119.46]) by tc-sys-mailedm01.tc.baidu.com (Postfix) with ESMTP id 8F915204004B; Fri, 18 Jan 2019 17:27:17 +0800 (CST) From: Li RongQing To: gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, gkohli@codeaurora.org Subject: [PATCH][v4] tty: fix race between flush_to_ldisc and tty_open Date: Fri, 18 Jan 2019 17:27:17 +0800 Message-Id: <1547803637-29135-1-git-send-email-lirongqing@baidu.com> X-Mailer: git-send-email 1.7.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There still is a race window after the commit b027e2298bd588 ("tty: fix data race between tty_init_dev and flush of buf"), and we encountered this crash issue if receive_buf call comes before tty initialization completes in n_tty_open and tty->driver_data may be NULL. CPU0 CPU1 ---- ---- n_tty_open tty_init_dev tty_ldisc_unlock schedule flush_to_ldisc receive_buf tty_port_default_receive_buf tty_ldisc_receive_buf n_tty_receive_buf_common __receive_buf uart_flush_chars uart_start /*tty->driver_data is NULL*/ tty->ops->open /*init tty->driver_data*/ it can be fixed by extending ldisc semaphore lock in tty_init_dev to driver_data initialized completely after tty->ops->open(), but this will lead to put lock on one function and unlock in some other function, and hard to maintain, so fix this race only by checking tty->driver_data when receiving, and return if tty->driver_data is NULL Signed-off-by: Wang Li Signed-off-by: Zhang Yu Signed-off-by: Li RongQing --- V4: add version information V3: not used ldisc semaphore lock, only checking tty->driver_data with NULL V2: fix building error by EXPORT_SYMBOL tty_ldisc_unlock V1: extend ldisc lock to protect that tty->driver_data is inited drivers/tty/tty_port.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c index 044c3cbdcfa4..86d0bec38322 100644 --- a/drivers/tty/tty_port.c +++ b/drivers/tty/tty_port.c @@ -31,6 +31,9 @@ static int tty_port_default_receive_buf(struct tty_port *port, if (!tty) return 0; + if (!tty->driver_data) + return 0; + disc = tty_ldisc_ref(tty); if (!disc) return 0; -- 2.16.2