Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp6917746imu; Thu, 31 Jan 2019 01:45:02 -0800 (PST) X-Google-Smtp-Source: ALg8bN4qyGoWkNl8Z7l0JkIpLxUn3I4Ju13W5fDzTtgBkFglNEDkUhFrRZRSvYKWLiDaj27E6BuM X-Received: by 2002:a62:dbc2:: with SMTP id f185mr33856325pfg.235.1548927902727; Thu, 31 Jan 2019 01:45:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548927902; cv=none; d=google.com; s=arc-20160816; b=zGVNJ0jNcytfCyxRmbZcIO5dnwRetaenA7Zdvu1A6Mkzgg1KvK3LejNjxiRVfPdi+m 9bAXOTvpasqWEIQZgmn47LlA3OdlzY+yrfeMHlDo7IPi7QlbR+W1+k/P4nmeCqijTaRY IzO5OEPgQbcGfSc0YiJr21sXw/MSkJJd0Aoli5NnEXsZsypDqiu+h4pihhgSAyD7W/8X DhP8NVc1FVr4Op3kz2AySofzj/vdxGZF6M0IKvt8Rj9y7wfxsvNdTydBKABFgETNvFsf Bew7MQpmBnIu36FdqS/K7wrJp6OvDLeHPo1AUSamJHRmJspzK7r8HoNBpMHx9gaXqPtx WkPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:to:from; bh=HinvJO51UVr6F/X6vfFVba30sgJHD+0MIy8a+gW53ls=; b=zWMBRCUZ6GdaC/0zQI7MoXmgqWMF6NlUoIAI0iqjPuSU9QemcB6uq1v65+8AzMQEeP Es+vGXvGW0uvsc/Lez2LEWw2jCHbKBvLNLlha6d+hzq7EbrK0UapG+01Ft1IbTZAJl4L ZR8urAM5HhAb6LIinqW/NiUxrIGeWTLRAt1Rk/sLHlrCYO1Ak5iNP+XRvdOAbrE9V5+H mq/fO0g5/2AfnFzgKoHNEdVTjeFaJfOU248scwwDcq3N7qMp3Xpbg78L0RbQ9bOKv8f8 pXkhGQszCRtMpLMiAtuGe8xs/maU2dcPeEwxn/jiR4MYxR8wOwGD3Pw5HyD4jax4Oeqe fz3w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 31si4195154plh.274.2019.01.31.01.44.47; Thu, 31 Jan 2019 01:45:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730172AbfAaJna (ORCPT + 99 others); Thu, 31 Jan 2019 04:43:30 -0500 Received: from mx133-tc.baidu.com ([61.135.168.133]:24247 "EHLO tc-sys-mailedm02.tc.baidu.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726316AbfAaJn3 (ORCPT ); Thu, 31 Jan 2019 04:43:29 -0500 Received: from localhost (cp01-cos-dev01.cp01.baidu.com [10.92.119.46]) by tc-sys-mailedm02.tc.baidu.com (Postfix) with ESMTP id 558D411C0042; Thu, 31 Jan 2019 17:43:16 +0800 (CST) From: Li RongQing To: linux-serial@vger.kernel.org, linux-kernel@vger.kernel.org, jslaby@suse.com, Greg Kroah-Hartman , gkohli@codeaurora.org Subject: [PATCH][V5] tty: fix race between flush_to_ldisc and tty_open Date: Thu, 31 Jan 2019 17:43:16 +0800 Message-Id: <1548927796-11348-1-git-send-email-lirongqing@baidu.com> X-Mailer: git-send-email 1.7.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There still is a race window after the commit b027e2298bd588 ("tty: fix data race between tty_init_dev and flush of buf"), and we encountered this crash issue if receive_buf call comes before tty initialization completes in tty_open and tty->driver_data may be NULL. CPU0 CPU1 ---- ---- tty_open tty_init_dev tty_ldisc_unlock schedule flush_to_ldisc receive_buf tty_port_default_receive_buf tty_ldisc_receive_buf n_tty_receive_buf_common __receive_buf uart_flush_chars uart_start /*tty->driver_data is NULL*/ tty->ops->open /*init tty->driver_data*/ it can be fixed by extending ldisc semaphore lock in tty_init_dev to driver_data initialized completely after tty->ops->open(), but this will lead to get lock on one function and unlock in some other function, and hard to maintain, so fix this race only by checking tty->driver_data when receiving, and return if tty->driver_data is NULL, and n_tty_receive_buf_common maybe calls uart_unthrottle, so add the same check Signed-off-by: Wang Li Signed-off-by: Zhang Yu Signed-off-by: Li RongQing --- V5: move check into uart_start from n_tty_receive_buf_common V4: add version information V3: not used ldisc semaphore lock, only checking tty->driver_data with NULL V2: fix building error by EXPORT_SYMBOL tty_ldisc_unlock V1: extend ldisc lock to protect that tty->driver_data is inited drivers/tty/serial/serial_core.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 5c01bb6d1c24..556f50aa1b58 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -130,6 +130,9 @@ static void uart_start(struct tty_struct *tty) struct uart_port *port; unsigned long flags; + if (!state) + return; + port = uart_port_lock(state, flags); __uart_start(tty); uart_port_unlock(port, flags); @@ -727,6 +730,9 @@ static void uart_unthrottle(struct tty_struct *tty) upstat_t mask = UPSTAT_SYNC_FIFO; struct uart_port *port; + if (!state) + return; + port = uart_port_ref(state); if (!port) return; -- 2.16.2