Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp1207651pxy; Fri, 23 Apr 2021 02:56:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxjxPjZo7TH14Cib9RpLgK3doTBwCWWEgYszZmTmG+UiNGeqb0z+vKtaoif0FiYidDod3Ip X-Received: by 2002:a17:90b:1118:: with SMTP id gi24mr3439207pjb.30.1619171801849; Fri, 23 Apr 2021 02:56:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619171801; cv=none; d=google.com; s=arc-20160816; b=amSH2wd1JU1iJymXY/X4L55lwKzgonriCkzrYTZE2+lk1lXx1FIRA/uRVAVCEzX4BP bH+0INHCq1GdMIdhQ+UMS+eBXrW+8WyIuKGeU2+8Q0fESBsvE3vmBWDKPy6z85l5Bd6g PNnZ2ADADHh77oKUjpstxJzc8jGmKxo+Hv1gFSR9Xwu2XioeyrRecDj3+N2zMJWiebOc wHZIyirl2rfCAdcEjWp+FJjYRwXygddoMLc2Oa1PJMGtdGt2TeNZZbL/2On8OyCx6mVJ M5k6a+MoKSQ02LES97Yi2I+LP1MlFQ1eBlnraPFdvJIg6xhERo7HpncllgZGOE164L60 keXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature; bh=JaB74uX1sOUfm/eRHXqqx4yYwqVyXzxFI83O8XvyAF0=; b=XGE91SRHl76zMWt2k5umNhWAmhdLKTortdiyYEvpq47OQ+YwVFEH/ZQgfw8mfS8tV9 voyTLTbn3usyP5b2jaBTU2duXd93X4OGbVlUNIhJJK00Q2Y3Hy8u+mtY20/Qrh3dpEKM sqGWALpGPP4z5FeeY3FWnRLWK53ShDU7porieHLZL5foCBfy7ESKbxUA0yHpkPTMkfTg WpxeR1zRgtjLzdm7t+LX7t4cX3KGPwQvBaNlktrLh/c4CkiVFhBT2JKu45wK67qajeUv 97xiu0Rbsfi1zJSSmZiNYh65LjNQlW4BM4CLT58xYRQsS6qPvP3lwBliKrYp9D6dOJf0 +5mA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@t-2.net header.s=smtp-out-2 header.b=U49rOfLF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=t-2.net Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r8si6102775pfg.41.2021.04.23.02.56.29; Fri, 23 Apr 2021 02:56:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@t-2.net header.s=smtp-out-2 header.b=U49rOfLF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=t-2.net Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241184AbhDWJ42 (ORCPT + 99 others); Fri, 23 Apr 2021 05:56:28 -0400 Received: from smtp-good-out-4.t-2.net ([93.103.246.70]:33636 "EHLO smtp-good-out-4.t-2.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230036AbhDWJ41 (ORCPT ); Fri, 23 Apr 2021 05:56:27 -0400 Received: from smtp-1.t-2.net (smtp-1.t-2.net [IPv6:2a01:260:1:4::1e]) by smtp-good-out-4.t-2.net (Postfix) with ESMTP id 4FRV6B5HcXz2Tdb; Fri, 23 Apr 2021 11:55:46 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=t-2.net; s=smtp-out-2; t=1619171746; bh=CQLGBITPcURbn/+mYjBsa7GeWHDzDfJAEpyyNpMAAVU=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=U49rOfLFvvuFKYWoiGEJgpFFhTRkKVh1Z3KE71AybsQksPfJ/m9BKHGdt34226kiG povdlvhDHDYCUHVxKwaCfQjVry5d7UkLWGhYbDyQ9y5zmKdei2w9br+qVi4fQlYRLO vWX+NqfBhAHhgH+J2i68zbjCc4mSGin50/30WHpM= Received: from localhost (localhost [127.0.0.1]) by smtp-1.t-2.net (Postfix) with ESMTP id 4FRV6B54y1zTpmmy; Fri, 23 Apr 2021 11:55:46 +0200 (CEST) X-Virus-Scanned: amavisd-new at t-2.net Received: from smtp-1.t-2.net ([127.0.0.1]) by localhost (smtp-1.t-2.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oiqWVsDx0Tk5; Fri, 23 Apr 2021 11:55:45 +0200 (CEST) Received: from hpg3.u2up.net (89-212-91-172.static.t-2.net [89.212.91.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp-1.t-2.net (Postfix) with ESMTPS; Fri, 23 Apr 2021 11:55:09 +0200 (CEST) Message-ID: Subject: Re: [PATCH] ttyprintk: Add TTY hangup callback. From: Samo =?UTF-8?Q?Poga=C4=8Dnik?= To: Jiri Slaby , Tetsuo Handa , Greg Kroah-Hartman Cc: Petr Mladek , Sergey Senozhatsky , Steven Rostedt , John Ogness , linux-kernel@vger.kernel.org, syzkaller-bugs Date: Fri, 23 Apr 2021 11:55:09 +0200 In-Reply-To: <699d0312-ee68-8f05-db2d-07511eaad576@kernel.org> References: <20210403041444.4081-1-penguin-kernel@I-love.SAKURA.ne.jp> <3c15d32f-c568-7f6f-fa7e-af4deb9b49f9@i-love.sakura.ne.jp> <051b550c-1cdd-6503-d2b7-0877bf0578fc@i-love.sakura.ne.jp> <32e75be6-6e9f-b33f-d585-13db220519da@i-love.sakura.ne.jp> <095d5393-b212-c4d8-5d6d-666bd505cc3d@i-love.sakura.ne.jp> <31a4dec3d36ed131402244693cae180816ebd4d7.camel@t-2.net> <17e0652d-89b7-c8c0-fb53-e7566ac9add4@i-love.sakura.ne.jp> <8043d41d48a0f4f13bd891b4c3e9ad28c76b430e.camel@t-2.net> <699d0312-ee68-8f05-db2d-07511eaad576@kernel.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.2 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Dne 23.04.2021 (pet) ob 06:22 +0200 je Jiri Slaby napisal(a): > On 18. 04. 21, 13:16, Samo Pogačnik wrote: > > Dne 15.04.2021 (čet) ob 09:22 +0900 je Tetsuo Handa napisal(a): > > > syzbot is reporting hung task due to flood of > > > > > > tty_warn(tty, "%s: tty->count = 1 port count = %d\n", __func__, > > > port->count); > > > > > > message [1], for ioctl(TIOCVHANGUP) prevents tty_port_close() from > > > decrementing port->count due to tty_hung_up_p() == true. > > > > > > ---------- > > > #include > > > #include > > > #include > > > #include > > > #include > > > > > > int main(int argc, char *argv[]) > > > { > > > int i; > > > int fd[10]; > > > > > > for (i = 0; i < 10; i++) > > > fd[i] = open("/dev/ttyprintk", O_WRONLY); > > > ioctl(fd[0], TIOCVHANGUP); > > > for (i = 0; i < 10; i++) > > > close(fd[i]); > > > close(open("/dev/ttyprintk", O_WRONLY)); > > > return 0; > > > } > > > ---------- > > > > > > When TTY hangup happens, port->count needs to be reset via > > > "struct tty_operations"->hangup callback. > > > > > > [1] > > > https://syzkaller.appspot.com/bug?id=39ea6caa479af471183997376dc7e90bc7d64a6a > > > > > > Reported-by: syzbot > > > > > > Reported-by: syzbot > > > > > > Tested-by: syzbot > > > Signed-off-by: Tetsuo Handa > > > Fixes: 24b4b67d17c308aa ("add ttyprintk driver") > > > --- > > > drivers/char/ttyprintk.c | 11 +++++++++++ > > > 1 file changed, 11 insertions(+) > > > > > > diff --git a/drivers/char/ttyprintk.c b/drivers/char/ttyprintk.c > > > index 6a0059e508e3..93f5d11c830b 100644 > > > --- a/drivers/char/ttyprintk.c > > > +++ b/drivers/char/ttyprintk.c > > > @@ -158,12 +158,23 @@ static int tpk_ioctl(struct tty_struct *tty, > > > return 0; > > > } > > > > > > +/* > > > + * TTY operations hangup function. > > > + */ > > > +static void tpk_hangup(struct tty_struct *tty) > > > +{ > > > + struct ttyprintk_port *tpkp = tty->driver_data; > > > + > > > + tty_port_hangup(&tpkp->port); > > > +} > > > + > > > static const struct tty_operations ttyprintk_ops = { > > > .open = tpk_open, > > > .close = tpk_close, > > > .write = tpk_write, > > > .write_room = tpk_write_room, > > > .ioctl = tpk_ioctl, > > > + .hangup = tpk_hangup, > > > }; > > > > > > static const struct tty_port_operations null_ops = { }; > > > > Using the supplied test code, i've tested the patch on my desktop running > > the > > 5.4 kernel. After applying the patch, the kernel warnings like "ttyprintk: > > tty_port_close_start: tty->count = 1 port count = 11" do not appear any > > more, > > when the test code is run. > > I think the patch is ok. > > I wonder if the buffer shouldn't be flushed in hangup too? Or better, > the flush moved from tty_ops->close to tty_port->ops->shutdown? > > thanks, Good point. I tried the following additional change, which seems to do the trick. What do you think? thanks, Samo --- drivers/char/ttyprintk.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/drivers/char/ttyprintk.c b/drivers/char/ttyprintk.c index 93f5d11c8..420222a92 100644 --- a/drivers/char/ttyprintk.c +++ b/drivers/char/ttyprintk.c @@ -100,12 +100,6 @@ static int tpk_open(struct tty_struct *tty, struct file *filp) static void tpk_close(struct tty_struct *tty, struct file *filp) { struct ttyprintk_port *tpkp = tty->driver_data; - unsigned long flags; - - spin_lock_irqsave(&tpkp->spinlock, flags); - /* flush tpk_printk buffer */ - tpk_printk(NULL, 0); - spin_unlock_irqrestore(&tpkp->spinlock, flags); tty_port_close(&tpkp->port, tty, filp); } @@ -168,6 +162,20 @@ static void tpk_hangup(struct tty_struct *tty) tty_port_hangup(&tpkp->port); } +/* + * TTY port operations shutdown function. + */ +static void tpk_port_shutdown(struct tty_port *tport) +{ + struct ttyprintk_port *tpkp = + container_of(tport, struct ttyprintk_port, port); + unsigned long flags; + + spin_lock_irqsave(&tpkp->spinlock, flags); + tpk_flush(); + spin_unlock_irqrestore(&tpkp->spinlock, flags); +} + static const struct tty_operations ttyprintk_ops = { .open = tpk_open, .close = tpk_close, @@ -177,7 +185,9 @@ static const struct tty_operations ttyprintk_ops = { .hangup = tpk_hangup, }; -static const struct tty_port_operations null_ops = { }; +static const struct tty_port_operations tpk_port_ops = { + .shutdown = tpk_port_shutdown, +}; static struct tty_driver *ttyprintk_driver; @@ -195,7 +205,7 @@ static int __init ttyprintk_init(void) return PTR_ERR(ttyprintk_driver); tty_port_init(&tpk_port.port); - tpk_port.port.ops = &null_ops; + tpk_port.port.ops = &tpk_port_ops; ttyprintk_driver->driver_name = "ttyprintk"; ttyprintk_driver->name = "ttyprintk"; -- 2.17.1