Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Date:   Tue, 4 Jul 2023 11:01:31 +0800
From:   joeyli <jlee@suse.com>
To:     Yu Hao <yhao016@ucr.edu>
Cc:     Weiteng Chen <wchen130@ucr.edu>, linux-bluetooth@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: How to reproduce the BUG general protection fault in
 hci_uart_tty_ioctl?
Message-ID: <20230704030131.GY5866@linux-l9pv.suse>
References: <20230628150140.GU21539@linux-l9pv.suse>
 <CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4Keh2ow@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4Keh2ow@mail.gmail.com>
User-Agent: Mutt/1.11.4 (2019-03-13)
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MTJzbXc0MUEvSkJvdkMwMkhIRmlCM20rRW14aFR6T0dvcmU5NWI5VFNZKzVY?=
 =?utf-8?B?eEhYaXMwc0FZaXlyTmpYWHZuUGhlb1BONHNTRVdLbXpLK2VUZ0x0RWIxTUVy?=
 =?utf-8?B?b2tBZ0tXK01jbEhFYVlidkVJTjBLOW9GczdnaHBTVGVFVFlzTXlua2E4amJl?=
 =?utf-8?B?Ny9wWGJIN0h4cE0wMDRRM3p4ZUNpeW5oNU5RcFFLMlpadzhQV3RxZm4waDNN?=
 =?utf-8?B?Sk1BaW5DNTVZaU8xYllaVjRNaitIMWR2bnA0VUhISkFrVUtPQXNSaHc0RUt3?=
 =?utf-8?B?VEJjVjhZbytlOXk3ZHl4cWFuVVFNQ1owTjNWcy8yL0VhMzBobDV2V2tDNGxz?=
 =?utf-8?B?WHJUaFhNQjVPQkhmRjJQdDUyZE5ubHl4YTU4WFNJMFdXckNYMDZPZE9TYzBm?=
 =?utf-8?B?QWVVL1V1Zyt6djg3SW45akxpTEdXUzNvWEhFUEVrSGppR0NhSlg1ZXVZc25R?=
 =?utf-8?B?Q0xlMXc0ZVJQRUJaQzh2REhRKy9qaFJvQnFGSVNVeTdxOHJ0ZVZPZ09pTVFj?=
 =?utf-8?B?QVVJNTh2N3RRdlhRaGJCa0lXYzh6MitsZ0FiM2RKMm5CeDQ4UVlRRDZkK05X?=
 =?utf-8?B?b1luZWVtNzdrTVBzb0JtS01ub25oc0poWS9UbXFFYnJiWXVUeHUrU0dmS3M4?=
 =?utf-8?B?WFRIMlJtU01icERBVFg5MmlJeXRqc1U1VXRhOVhpSVBCVTdjek5jWXRsM2FJ?=
 =?utf-8?B?SmlLeDluenVoZ1ZGMFFyZjkxTDlNUjlFMHJSOFN3Z25DQWMvU21DblBkM3Zi?=
 =?utf-8?B?OWh3TTVuU2d4UW9KQjRUUE9nbWNMa0MrQ2k2c1lBRFFwYmZiTVQ5QzU5WWNJ?=
 =?utf-8?B?M1l5aE43STZLblhlTDlxVGdHdVhzbXVPdmpNb2Z5L1hPQU1WNWVZU3VabitY?=
 =?utf-8?B?QnhYRzhxQ2dwa0lNNTJOWnRscDVTbllRZzlrS3RaN2k1aklTc25KbkI2MXFI?=
 =?utf-8?B?bmZFSFhXTjVmOVJROVZaQm1XbktzRGp0YzZnUktTV1UzcDBqVG9uWEFZa2I0?=
 =?utf-8?B?MXQ0WWJ3bytBR3I5dnRxWnFHeE1vNzNMVnRiWFNGckRSWHMzSkwya25COVlq?=
 =?utf-8?B?djNjQXdVNXRyeW14WG5PYnNTNm9iNm5DWkNyay9CdXBZYVRzUjlNaEd5NUpK?=
 =?utf-8?B?eGllTk1VVWRVd1RrblZpQkNDM1N2eHhDL2RpbkdCODU1OGNNK01uUXdBYzZS?=
 =?utf-8?B?SUFWTnIwMERMQWFaRDRpN2c3ZnNLTWU3bjFORENlOUtnYVlaNnZacHo3d0d4?=
 =?utf-8?B?djJ2UElyL3l1by8xZURzQWk4Ni9lYnlXS05CbkNoK2FkK3dzenJrb1hPRGpz?=
 =?utf-8?B?ZVJ6ajhaeCtocFNFcGdLNWowVmtuejZ6Z1ZqYU5TWjR1c1g0WFAvVjJwUFJO?=
 =?utf-8?B?S3N2d0xXMHVuMTdyNEpqdHN6aVNRUGxsMmdPRCtCbHBQVHloNlI4OTZubjdB?=
 =?utf-8?B?MjZ4QW03WHFWZ3I2STByMUY5ZTNDbWhKa0VaL1J0WlQ4YmNKYURWUGQvcWt3?=
 =?utf-8?B?cG1GZHp1Y0Ruc1Z5VUczNndYL1ZiRGs1a1RPamZpQWxzcUYrcWF4Wm96ak9r?=
 =?utf-8?B?V2J5cExLR2tadG1YeUZ1UU5uWFMveXRqdVpxRUJKWFgzdG5LbkNTMzF2dWpj?=
 =?utf-8?B?TnMxMHhRWFQ5bVpESG1WUGZZbVd6cjM2MGoyZ21ReGthMUI0QUVnTUhiL2V1?=
 =?utf-8?B?THYrb3haTThEaXlHSkF6YkFTL0pTNlc4ZzgrRXR1cmJ2NkhzY3JkRDFLWmxz?=
 =?utf-8?B?Wjlia3FxZG9VZ2h3NGJhNWlodGFnNVRjMHQxUXVURy9ZeGNLNk1YVkxSM0hX?=
 =?utf-8?B?eVBxTjRIWjFtZDZ4d25yQ1owNElUaXNwN2lyQldSVXBaUklGOC8zU3ZzOGFy?=
 =?utf-8?B?ZDRMV2lTUUtOK0xIL3V1ZzJ1Lzg2azE0blp4dDhJcnZoc2ZJMEJIdXcyVExh?=
 =?utf-8?B?c0lieStsYlhvaTQ2RkdSQXlxK0tHVkhBSUNvZzVkQ2ZDSUVLaUxkUlg0YVIw?=
 =?utf-8?B?SjIwOVlXbDVQY3gweVdtRHFUbHJQOEh3MDdmQVp6dlNsUmNGRjBvTlJ1UUJv?=
 =?utf-8?B?WHFBbnVpa3d5SW5iQklSanpBMVlvUTllajVJWVdtUXVkT3ZSVG01ZWFkdTIx?=
 =?utf-8?Q?tKaE=3D?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 64ff61de-de22-4eee-8c4f-08db7c3afdf5
X-MS-Exchange-CrossTenant-AuthSource: DB8PR04MB7164.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jul 2023 03:01:41.5941
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: PyrTZDVtqSS349HNHUHIlnurWite8sG+HJdz1W3GoL4eSMEYNXI7axQEe0XTf97Q
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8498
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE,
        URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

On Wed, Jun 28, 2023 at 06:57:47PM -0700, Yu Hao wrote:
> Hi Weiteng,
> 
> Could you give more info about the bug, e.g., kernel configuration,
> qemu arguments.
> 

Base on kernel code, looks that the HCIUARTSETPROTO and HCIUARTGETPROTO
blocks in hci_uart_tty_ioctl() should use hci_uart->proto_lock. 

I have run the C reproducer a couple of days in qemu, but it did not
reproduce issue until now.

Does anyone know how to reproduce this issue easily?

Thanks
Joey Lee
> 
> On Wed, Jun 28, 2023 at 8:02 AM joeyli <jlee@suse.com> wrote:
> >
> > Hi Yu Hao,
> >
> > I am looking at your "BUG: general protection fault in hci_uart_tty_ioctl":
> >
> > https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/
> >
> > I am trying the C reproducer in your URL, but it is not success yet:
> > https://gist.github.com/ZHYfeng/a3e3ff2bdfea5ed5de5475f0b54d55cb
> >
> > I am using v6.2 mainline kernel to run the C reproducer.
> >
> > Could you please provide suggestions for how to reproduce this issue?
> > And what is your qemu environment for reproducing issue?
> >
> > Thanks a lot!
> > Joey Lee