Received: by 2002:a05:7412:8d11:b0:fa:4934:9f with SMTP id bj17csp180480rdb; Sun, 14 Jan 2024 11:43:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IHvzv+f83DG0R5dJnuzOJTr+4hGg0ltxUxBfQ4PcxZKp16VwZj37AJLjCJowo6G3uzAVGfM X-Received: by 2002:ac8:5947:0:b0:429:cfd1:27f1 with SMTP id 7-20020ac85947000000b00429cfd127f1mr4779384qtz.19.1705261420289; Sun, 14 Jan 2024 11:43:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705261420; cv=none; d=google.com; s=arc-20160816; b=DKrx1WKsptKn6zNfSJ7cPXZI8pUlGOTueYHLoP7Y3AZMc1G8JcXiVsPB0at5Pkv+uG xpC7nxOTEG9OJWJMssdX96JlWJ/3DA+luTUlcEaVX61jxTTWkDwp1Zh6Ubad9ZqxoAqi An4L2UHSdO6ealuaM/pb1Q/eGRwlIF3YEKakvlmvi+Qp2wi5AyvaV8YoqYotZb6rQroy xwSWx//VjxwNxGNXP6pdj4MC1bKU48wzZye+ONQJyqMSBZzNQSXB5fGIEKwHreZOYce0 tR4oDVhcrQEqPlRx8/VDIEpnl0vRCxtI0eL+eAdrj/7abLIj9VLL57W44CRfVQ4eQxuG Q4dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=a75MRiqS9CjUQICmsOz6vLm4VvbBzhVgndG6jX7qNGk=; fh=7+O+avJcHkC4oW+2vQcftgTKgMh6FJAyLS1/MqSODAg=; b=HZzccuVQAae8tHesQk2w3NcEta7/HSppGVIECnj14vf7QZ7I8K7X35+gUQu+qg6xz9 ySEwoXoZ/MJZcoOvNmTRE88br1gPtVkh1i2Ih1zQUtz+HwbERo77Pak1/T79D3hrK7HV WJkPfM58OvJc03AoBqFHvub/Xu5bbWCIuiR3YYg2ftTq38fxiqOYlYakNCdm4PWXvYCt 6c3uGu2b6AOze0hYyd164456NQf/1tFatmTf2To4nL2PxUfQXBmkSxWuCo4bG94G7q6b Zvns+1DzSTkVzK6txjVLc+L4AAD76ksbXZDYJn6+j0Ez++OOA3JCcponI0Kmti28nBwv 4NcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mit.edu header.s=outgoing header.b=N01dN+PV; spf=pass (google.com: domain of linux-kernel+bounces-25532-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-25532-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id u20-20020a05622a011400b00429cc8cda03si5381660qtw.420.2024.01.14.11.43.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Jan 2024 11:43:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-25532-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@mit.edu header.s=outgoing header.b=N01dN+PV; spf=pass (google.com: domain of linux-kernel+bounces-25532-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-25532-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id ED3F71C20A37 for ; Sun, 14 Jan 2024 19:43:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3668E125A9; Sun, 14 Jan 2024 19:43:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=mit.edu header.i=@mit.edu header.b="N01dN+PV" Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A7A43F9D8 for ; Sun, 14 Jan 2024 19:43:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mit.edu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mit.edu Received: from cwcc.thunk.org (pool-173-48-115-247.bstnma.fios.verizon.net [173.48.115.247]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 40EJh2ka006080 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 14 Jan 2024 14:43:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1705261384; bh=a75MRiqS9CjUQICmsOz6vLm4VvbBzhVgndG6jX7qNGk=; h=Date:From:Subject:Message-ID:MIME-Version:Content-Type; b=N01dN+PVpl/brM0NjN29+9kPca7ppSxnfjf60nGIVY9NprZlJwjxjxKKMVC/nNp2+ B0rjauTe60PGS6437w0vG/rduGC6fSKZTnwckmKszNMq+KVTzJ4NCzHFnkz7DOgYeF bN6wT8RRl+pMMlnGhXPiiHqn1MMSOPqBOpg0/aDm4889x+vEuGyXKVCjkN1Lf1SsYP PFNxyT+dylCS77yrA1iJasIrTUW6/qYG7po3nnX9O+KAz2R6HcNUiMp199c4ClN++z IbX7KGnnQwMllq7FfbHfeyfFefhCywSpBXJdLPFg5pWAHecZNgF9kuZkEm5LRyXgTn WKLhstsa4HUtA== Received: by cwcc.thunk.org (Postfix, from userid 15806) id 170EB15C0278; Sun, 14 Jan 2024 14:43:02 -0500 (EST) Date: Sun, 14 Jan 2024 14:43:02 -0500 From: "Theodore Ts'o" To: Gui-Dong Han <2045gemini@gmail.com> Cc: Greg KH , jirislaby@kernel.org, linux-kernel@vger.kernel.org, linux-serial@vger.kernel.org, baijiaju1990@outlook.com, stable@vger.kernel.org Subject: Re: [PATCH] tty: fix atomicity violation in n_tty_read Message-ID: <20240114194302.GC911245@mit.edu> References: <20240112125801.2650-1-2045gemini@gmail.com> <2024011212-disbelief-respect-5230@gregkh> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Sat, Jan 13, 2024 at 12:59:11AM +0800, Gui-Dong Han wrote: > > I apologize for any confusion caused by my reference to Linux 5.17 in > the patch description. I'm currently working on a project involving > kernel static analysis to identify atomicity violations, and part of > this work involves comparison with a previous study that supports up > to Linux 5.17. Therefore, I initially ran my tool on 5.17 to filter > potential bugs that are still unaddressed in the upstream. I want to > clarify that the patch was developed and tested on linux-next. I > realize now that this may have led to misunderstandings, and I will > ensure clearer communication in future submissions. > My experience with Linux kernel contributions is still growing, and I > acknowledge that my recent submission might have been hasty and lacked > thorough consideration, especially regarding the critical nature of > n_tty_read and the potential impacts of the patch, like performance > concerns. I will take more care in future assessments before > submitting patches and continue to familiarize myself with the rules > and practices of the Linux kernel community. In general, static analysis tools need to be supplemented by an attempt to understand what the code is trying to do. This code is related to the packet mode, which is related to pseudo-tty's --- *not* the linux serial driver. From the man page for tty_ioctl: TIOCPKT Argument: const int *argp Enable (when *argp is nonzero) or disable packet mode. Can be applied to the master side of a pseudoterminal only (and will return ENOTTY otherwise). In packet mode, each subsequent read(2) will return a packet that either contains a single nonzero control byte, or has a single byte containing zero ('\0') followed by data written on the slave side of the pseudoterminal. If the first byte is not TI‐ OCPKT_DATA (0), it is an OR of one or more of the following bits: TIOCPKT_FLUSHREAD The read queue for the terminal is flushed. TIOCPKT_FLUSHWRITE The write queue for the terminal is flushed. TIOCPKT_STOP Output to the terminal is stopped. TIOCPKT_START Output to the terminal is restarted. TIOCPKT_DOSTOP The start and stop characters are ^S/^Q. TIOCPKT_NOSTOP The start and stop characters are not ^S/^Q. While packet mode is in use, the presence of control status informa‐ tion to be read from the master side may be detected by a select(2) for exceptional conditions or a poll(2) for the POLLPRI event. This mode is used by rlogin(1) and rlogind(8) to implement a remote- echoed, locally ^S/^Q flow-controlled remote login. The n_tty_read() function is called by the userspace program on the master side of the pty pair. This is not, strictly speaking a hot path; it's not on the interrupt service path of the serial driver, for example. So it's unliklely that "fixing" this problem is going to result an measurable performance impact. It's also the case that not taking the spinlock before checking the packet mode is not necessarily going to be disastrous. Yes, it might mean that when the user types ^S, sshd might not stop sending characters to the client right away, and the status report about the status of the pty gets delayed by a millisecond or two. So it's actually *not* a big deal. Now, if you want to make the argument that it would be nice if these sorts of "false positives" are suppressed so that it's easier to find real bugs, that's one thing. But if you're looking at proof that your static checker is actually fixing Real Bugs (tm), this is probably not the best example. Cheers, - Ted