* tty crash in Linux 4.6 @ 2016-05-16 20:12 Mikulas Patocka 2016-05-16 23:36 ` Peter Hurley 0 siblings, 1 reply; 15+ messages in thread From: Mikulas Patocka @ 2016-05-16 20:12 UTC (permalink / raw) To: Peter Hurley; +Cc: Greg Kroah-Hartman, Jiri Slaby, linux-kernel Hi In the kernel 4.6 I get crashes in the tty layer. I can reproduce the crash by logging into the machine with ssh and typing before the prompt appears. The crash is caused by the pointer tty->disc_data being NULL in the function n_tty_receive_buf_common. The crash happens on the statement smp_load_acquire(&ldata->read_tail). Bisecting shows that the crashes are caused by the patch 892d1fa7eaaed9d3c04954cb140c34ebc3393932 ("tty: Destroy ldisc instance on hangup"). Kernel Fault: Code=15 regs=000000007d9e0720 (Addr=0000000000002260) CPU: 0 PID: 3319 Comm: kworker/u8:0 Not tainted 4.6.0 #1 Workqueue: events_unbound flush_to_ldisc task: 000000007c25ea80 ti: 000000007d9e0000 task.ti: 000000007d9e0000 YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI PSW: 00001000000001000000000000001111 Not tainted r00-03 000000000804000f 000000004076cd10 0000000040475fb4 000000007f761800 r04-07 0000000040749510 0000000000000001 000000007f761800 000000007d9e0490 r08-11 000000007e722890 0000000000000000 000000007da4ec00 000000007f763823 r12-15 0000000000000000 000000007fc08ea8 000000007fc08c78 000000004080e080 r16-19 000000007fc08c00 0000000000000001 0000000000000000 0000000000002260 r20-23 000000007f7618b0 000000007c25ea80 0000000000000001 0000000000000001 r24-27 0000000000000000 000000000800000f 000000007f7618ac 0000000040749510 r28-31 0000000000000001 000000007d9e0840 000000007d9e0720 0000000000000001 sr00-03 00000000086c8800 0000000000000000 0000000000000000 00000000086c8800 sr04-07 0000000000000000 0000000000000000 0000000000000000 0000000000000000 IASQ: 0000000000000000 0000000000000000 IAOQ: 0000000040475fd4 0000000040475fd8 IIR: 0e6c00d5 ISR: 0000000000000000 IOR: 0000000000002260 CPU: 0 CR30: 000000007d9e0000 CR31: ff87e7ffbc9ffffe ORIG_R28: 000000004080a180 IAOQ[0]: n_tty_receive_buf_common+0xb4/0xbe0 IAOQ[1]: n_tty_receive_buf_common+0xb8/0xbe0 RP(r2): n_tty_receive_buf_common+0x94/0xbe0 Backtrace: [<0000000040476b14>] n_tty_receive_buf2+0x14/0x20 [<000000004047a208>] tty_ldisc_receive_buf+0x30/0x90 [<000000004047a544>] flush_to_ldisc+0x144/0x1c8 [<00000000402556bc>] process_one_work+0x1b4/0x460 [<0000000040255bbc>] worker_thread+0x1e4/0x5e0 [<000000004025d454>] kthread+0x134/0x168 Mikulas ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2016-05-16 20:12 tty crash in Linux 4.6 Mikulas Patocka @ 2016-05-16 23:36 ` Peter Hurley 2016-05-17 15:57 ` Peter Hurley 0 siblings, 1 reply; 15+ messages in thread From: Peter Hurley @ 2016-05-16 23:36 UTC (permalink / raw) To: Mikulas Patocka; +Cc: Greg Kroah-Hartman, Jiri Slaby, linux-kernel Hi Mikulas, On 05/16/2016 01:12 PM, Mikulas Patocka wrote: > Hi > > In the kernel 4.6 I get crashes in the tty layer. I can reproduce the > crash by logging into the machine with ssh and typing before the prompt > appears. Thanks for the report. I tried to reproduce this a number of times on different machines with no luck. > The crash is caused by the pointer tty->disc_data being NULL in the > function n_tty_receive_buf_common. The crash happens on the statement > smp_load_acquire(&ldata->read_tail). > > Bisecting shows that the crashes are caused by the patch > 892d1fa7eaaed9d3c04954cb140c34ebc3393932 ("tty: Destroy ldisc instance on > hangup"). Can you try the test patch below? Regards, Peter Hurley > Kernel Fault: Code=15 regs=000000007d9e0720 (Addr=0000000000002260) > CPU: 0 PID: 3319 Comm: kworker/u8:0 Not tainted 4.6.0 #1 > Workqueue: events_unbound flush_to_ldisc > task: 000000007c25ea80 ti: 000000007d9e0000 task.ti: 000000007d9e0000 > > YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI > PSW: 00001000000001000000000000001111 Not tainted > r00-03 000000000804000f 000000004076cd10 0000000040475fb4 000000007f761800 > r04-07 0000000040749510 0000000000000001 000000007f761800 000000007d9e0490 > r08-11 000000007e722890 0000000000000000 000000007da4ec00 000000007f763823 > r12-15 0000000000000000 000000007fc08ea8 000000007fc08c78 000000004080e080 > r16-19 000000007fc08c00 0000000000000001 0000000000000000 0000000000002260 > r20-23 000000007f7618b0 000000007c25ea80 0000000000000001 0000000000000001 > r24-27 0000000000000000 000000000800000f 000000007f7618ac 0000000040749510 > r28-31 0000000000000001 000000007d9e0840 000000007d9e0720 0000000000000001 > sr00-03 00000000086c8800 0000000000000000 0000000000000000 00000000086c8800 > sr04-07 0000000000000000 0000000000000000 0000000000000000 0000000000000000 > > IASQ: 0000000000000000 0000000000000000 IAOQ: 0000000040475fd4 0000000040475fd8 > IIR: 0e6c00d5 ISR: 0000000000000000 IOR: 0000000000002260 > CPU: 0 CR30: 000000007d9e0000 CR31: ff87e7ffbc9ffffe > ORIG_R28: 000000004080a180 > IAOQ[0]: n_tty_receive_buf_common+0xb4/0xbe0 > IAOQ[1]: n_tty_receive_buf_common+0xb8/0xbe0 > RP(r2): n_tty_receive_buf_common+0x94/0xbe0 > Backtrace: > [<0000000040476b14>] n_tty_receive_buf2+0x14/0x20 > [<000000004047a208>] tty_ldisc_receive_buf+0x30/0x90 > [<000000004047a544>] flush_to_ldisc+0x144/0x1c8 > [<00000000402556bc>] process_one_work+0x1b4/0x460 > [<0000000040255bbc>] worker_thread+0x1e4/0x5e0 > [<000000004025d454>] kthread+0x134/0x168 --- >% --- diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c index 68947f6..f271832 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -653,7 +653,7 @@ static void tty_reset_termios(struct tty_struct *tty) * Returns 0 if successful, otherwise error code < 0 */ -int tty_ldisc_reinit(struct tty_struct *tty, int disc) +static int __tty_ldisc_reinit(struct tty_struct *tty, int disc) { struct tty_ldisc *ld; int retval; @@ -682,6 +682,16 @@ int tty_ldisc_reinit(struct tty_struct *tty, int disc) return retval; } +int tty_ldisc_reinit(struct tty_struct *tty, int disc) +{ + int retval; + + tty_ldisc_lock(tty, MAX_SCHEDULE_TIMEOUT); + retval = __tty_ldisc_reinit(tty, disc); + tty_ldisc_unlock(tty); + return retval; +} + /** * tty_ldisc_hangup - hangup ldisc reset * @tty: tty being hung up @@ -732,8 +742,8 @@ void tty_ldisc_hangup(struct tty_struct *tty, bool reinit) if (tty->ldisc) { if (reinit) { - if (tty_ldisc_reinit(tty, tty->termios.c_line) < 0) - tty_ldisc_reinit(tty, N_TTY); + if (__tty_ldisc_reinit(tty, tty->termios.c_line) < 0) + __tty_ldisc_reinit(tty, N_TTY); } else tty_ldisc_kill(tty); } ^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2016-05-16 23:36 ` Peter Hurley @ 2016-05-17 15:57 ` Peter Hurley 2016-05-17 18:09 ` Peter Hurley 0 siblings, 1 reply; 15+ messages in thread From: Peter Hurley @ 2016-05-17 15:57 UTC (permalink / raw) To: Mikulas Patocka; +Cc: Greg Kroah-Hartman, Jiri Slaby, linux-kernel On 05/16/2016 04:36 PM, Peter Hurley wrote: > Hi Mikulas, > > On 05/16/2016 01:12 PM, Mikulas Patocka wrote: >> Hi >> >> In the kernel 4.6 I get crashes in the tty layer. I can reproduce the >> crash by logging into the machine with ssh and typing before the prompt >> appears. > > Thanks for the report. > I tried to reproduce this a number of times on different machines > with no luck. I was able to reproduce this crash with a test jig. The patch below fixed it, but I'm testing a better patch now, which I'll get to you asap. Regards, Peter Hurley >> The crash is caused by the pointer tty->disc_data being NULL in the >> function n_tty_receive_buf_common. The crash happens on the statement >> smp_load_acquire(&ldata->read_tail). >> >> Bisecting shows that the crashes are caused by the patch >> 892d1fa7eaaed9d3c04954cb140c34ebc3393932 ("tty: Destroy ldisc instance on >> hangup"). > > > Can you try the test patch below? > > Regards, > Peter Hurley > > >> Kernel Fault: Code=15 regs=000000007d9e0720 (Addr=0000000000002260) >> CPU: 0 PID: 3319 Comm: kworker/u8:0 Not tainted 4.6.0 #1 >> Workqueue: events_unbound flush_to_ldisc >> task: 000000007c25ea80 ti: 000000007d9e0000 task.ti: 000000007d9e0000 >> >> YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI >> PSW: 00001000000001000000000000001111 Not tainted >> r00-03 000000000804000f 000000004076cd10 0000000040475fb4 000000007f761800 >> r04-07 0000000040749510 0000000000000001 000000007f761800 000000007d9e0490 >> r08-11 000000007e722890 0000000000000000 000000007da4ec00 000000007f763823 >> r12-15 0000000000000000 000000007fc08ea8 000000007fc08c78 000000004080e080 >> r16-19 000000007fc08c00 0000000000000001 0000000000000000 0000000000002260 >> r20-23 000000007f7618b0 000000007c25ea80 0000000000000001 0000000000000001 >> r24-27 0000000000000000 000000000800000f 000000007f7618ac 0000000040749510 >> r28-31 0000000000000001 000000007d9e0840 000000007d9e0720 0000000000000001 >> sr00-03 00000000086c8800 0000000000000000 0000000000000000 00000000086c8800 >> sr04-07 0000000000000000 0000000000000000 0000000000000000 0000000000000000 >> >> IASQ: 0000000000000000 0000000000000000 IAOQ: 0000000040475fd4 0000000040475fd8 >> IIR: 0e6c00d5 ISR: 0000000000000000 IOR: 0000000000002260 >> CPU: 0 CR30: 000000007d9e0000 CR31: ff87e7ffbc9ffffe >> ORIG_R28: 000000004080a180 >> IAOQ[0]: n_tty_receive_buf_common+0xb4/0xbe0 >> IAOQ[1]: n_tty_receive_buf_common+0xb8/0xbe0 >> RP(r2): n_tty_receive_buf_common+0x94/0xbe0 >> Backtrace: >> [<0000000040476b14>] n_tty_receive_buf2+0x14/0x20 >> [<000000004047a208>] tty_ldisc_receive_buf+0x30/0x90 >> [<000000004047a544>] flush_to_ldisc+0x144/0x1c8 >> [<00000000402556bc>] process_one_work+0x1b4/0x460 >> [<0000000040255bbc>] worker_thread+0x1e4/0x5e0 >> [<000000004025d454>] kthread+0x134/0x168 > > --- >% --- > diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c > index 68947f6..f271832 100644 > --- a/drivers/tty/tty_ldisc.c > +++ b/drivers/tty/tty_ldisc.c > @@ -653,7 +653,7 @@ static void tty_reset_termios(struct tty_struct *tty) > * Returns 0 if successful, otherwise error code < 0 > */ > > -int tty_ldisc_reinit(struct tty_struct *tty, int disc) > +static int __tty_ldisc_reinit(struct tty_struct *tty, int disc) > { > struct tty_ldisc *ld; > int retval; > @@ -682,6 +682,16 @@ int tty_ldisc_reinit(struct tty_struct *tty, int disc) > return retval; > } > > +int tty_ldisc_reinit(struct tty_struct *tty, int disc) > +{ > + int retval; > + > + tty_ldisc_lock(tty, MAX_SCHEDULE_TIMEOUT); > + retval = __tty_ldisc_reinit(tty, disc); > + tty_ldisc_unlock(tty); > + return retval; > +} > + > /** > * tty_ldisc_hangup - hangup ldisc reset > * @tty: tty being hung up > @@ -732,8 +742,8 @@ void tty_ldisc_hangup(struct tty_struct *tty, bool reinit) > > if (tty->ldisc) { > if (reinit) { > - if (tty_ldisc_reinit(tty, tty->termios.c_line) < 0) > - tty_ldisc_reinit(tty, N_TTY); > + if (__tty_ldisc_reinit(tty, tty->termios.c_line) < 0) > + __tty_ldisc_reinit(tty, N_TTY); > } else > tty_ldisc_kill(tty); > } > ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2016-05-17 15:57 ` Peter Hurley @ 2016-05-17 18:09 ` Peter Hurley 2016-05-17 21:26 ` Mikulas Patocka 2016-07-07 22:57 ` Mikulas Patocka 0 siblings, 2 replies; 15+ messages in thread From: Peter Hurley @ 2016-05-17 18:09 UTC (permalink / raw) To: Mikulas Patocka, Greg Kroah-Hartman; +Cc: Jiri Slaby, linux-kernel On 05/17/2016 08:57 AM, Peter Hurley wrote: > On 05/16/2016 04:36 PM, Peter Hurley wrote: >> > Hi Mikulas, >> > >> > On 05/16/2016 01:12 PM, Mikulas Patocka wrote: >>> >> Hi >>> >> >>> >> In the kernel 4.6 I get crashes in the tty layer. I can reproduce the >>> >> crash by logging into the machine with ssh and typing before the prompt >>> >> appears. >> > >> > Thanks for the report. >> > I tried to reproduce this a number of times on different machines >> > with no luck. > > I was able to reproduce this crash with a test jig. > The patch below fixed it, but I'm testing a better patch now, which > I'll get to you asap. --- >% --- Subject: [PATCH] tty: Fix ldisc crash on reopened tty If the tty has been hungup, the ldisc instance may have been destroyed. Continued input to the tty will be ignored as long as the ldisc instance is not visible to the flush_to_ldisc kworker. However, when the tty is reopened and a new ldisc instance is created, the flush_to_ldisc kworker can obtain an ldisc reference before the new ldisc is completely initialized. This will likely crash: BUG: unable to handle kernel paging request at 0000000000002260 IP: [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 PGD 2ab581067 PUD 290c11067 PMD 0 Oops: 0000 [#1] PREEMPT SMP Modules linked in: nls_iso8859_1 ip6table_filter [.....] CPU: 2 PID: 103 Comm: kworker/u16:1 Not tainted 4.6.0-rc7+wip-xeon+debug #rc7+wip Hardware name: Dell Inc. Precision WorkStation T5400 /0RW203, BIOS A11 04/30/2012 Workqueue: events_unbound flush_to_ldisc task: ffff8802ad16d100 ti: ffff8802ad31c000 task.ti: ffff8802ad31c000 RIP: 0010:[<ffffffff8152dc5d>] [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 RSP: 0018:ffff8802ad31fc70 EFLAGS: 00010296 RAX: 0000000000000000 RBX: ffff8802aaddd800 RCX: 0000000000000001 RDX: 00000000ffffffff RSI: ffffffff810db48f RDI: 0000000000000246 RBP: ffff8802ad31fd08 R08: 0000000000000000 R09: 0000000000000001 R10: ffff8802aadddb28 R11: 0000000000000001 R12: ffff8800ba6da808 R13: ffff8802ad18be80 R14: ffff8800ba6da858 R15: ffff8800ba6da800 FS: 0000000000000000(0000) GS:ffff8802b0a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000002260 CR3: 000000028ee5d000 CR4: 00000000000006e0 Stack: ffffffff81531219 ffff8802aadddab8 ffff8802aadddde0 ffff8802aadddd78 ffffffff00000001 ffff8800ba6da858 ffff8800ba6da860 ffff8802ad31fd30 ffffffff81885f78 ffffffff81531219 0000000000000000 0000000200000000 Call Trace: [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0 [<ffffffff81885f78>] ? mutex_lock_nested+0x2c8/0x430 [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0 [<ffffffff8152e784>] n_tty_receive_buf2+0x14/0x20 [<ffffffff81530cb2>] tty_ldisc_receive_buf+0x22/0x50 [<ffffffff8153128e>] flush_to_ldisc+0xbe/0xd0 [<ffffffff810a0ebd>] process_one_work+0x1ed/0x6e0 [<ffffffff810a0e3f>] ? process_one_work+0x16f/0x6e0 [<ffffffff810a13fe>] worker_thread+0x4e/0x490 [<ffffffff810a13b0>] ? process_one_work+0x6e0/0x6e0 [<ffffffff810a7ef2>] kthread+0xf2/0x110 [<ffffffff810ae68c>] ? preempt_count_sub+0x4c/0x80 [<ffffffff8188ab52>] ret_from_fork+0x22/0x50 [<ffffffff810a7e00>] ? kthread_create_on_node+0x220/0x220 Code: ff ff e8 27 a0 35 00 48 8d 83 78 05 00 00 c7 45 c0 00 00 00 00 48 89 45 80 48 8d 83 e0 05 00 00 48 89 85 78 ff ff ff 48 8b 45 b8 <48> 8b b8 60 22 00 00 48 8b 30 89 f8 8b 8b 88 04 00 00 29 f0 8d RIP [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 RSP <ffff8802ad31fc70> CR2: 0000000000002260 Ensure the kworker cannot obtain the ldisc reference until the new ldisc is completely initialized. Fixes: 892d1fa7eaae ("tty: Destroy ldisc instance on hangup") Reported-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> --- drivers/tty/tty_ldisc.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c index cdd063f..bda0c85 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -669,16 +669,17 @@ int tty_ldisc_reinit(struct tty_struct *tty, int disc) tty_ldisc_put(tty->ldisc); } - /* switch the line discipline */ - tty->ldisc = ld; tty_set_termios_ldisc(tty, disc); - retval = tty_ldisc_open(tty, tty->ldisc); + retval = tty_ldisc_open(tty, ld); if (retval) { if (!WARN_ON(disc == N_TTY)) { - tty_ldisc_put(tty->ldisc); - tty->ldisc = NULL; + tty_ldisc_put(ld); + ld = NULL; } } + + /* switch the line discipline */ + smp_store_release(&tty->ldisc, ld); return retval; } -- 2.8.2 ^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2016-05-17 18:09 ` Peter Hurley @ 2016-05-17 21:26 ` Mikulas Patocka 2016-07-07 22:57 ` Mikulas Patocka 1 sibling, 0 replies; 15+ messages in thread From: Mikulas Patocka @ 2016-05-17 21:26 UTC (permalink / raw) To: Peter Hurley; +Cc: Greg Kroah-Hartman, Jiri Slaby, linux-kernel On Tue, 17 May 2016, Peter Hurley wrote: > On 05/17/2016 08:57 AM, Peter Hurley wrote: > > On 05/16/2016 04:36 PM, Peter Hurley wrote: > >> > Hi Mikulas, > >> > > >> > On 05/16/2016 01:12 PM, Mikulas Patocka wrote: > >>> >> Hi > >>> >> > >>> >> In the kernel 4.6 I get crashes in the tty layer. I can reproduce the > >>> >> crash by logging into the machine with ssh and typing before the prompt > >>> >> appears. > >> > > >> > Thanks for the report. > >> > I tried to reproduce this a number of times on different machines > >> > with no luck. > > > > I was able to reproduce this crash with a test jig. > > The patch below fixed it, but I'm testing a better patch now, which > > I'll get to you asap. > > --- >% --- Hi I confirm that this patch fixes it. (your previous patch also fixed it). Mikulas > Subject: [PATCH] tty: Fix ldisc crash on reopened tty > > If the tty has been hungup, the ldisc instance may have been destroyed. > Continued input to the tty will be ignored as long as the ldisc instance > is not visible to the flush_to_ldisc kworker. However, when the tty > is reopened and a new ldisc instance is created, the flush_to_ldisc > kworker can obtain an ldisc reference before the new ldisc is > completely initialized. This will likely crash: > > BUG: unable to handle kernel paging request at 0000000000002260 > IP: [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 > PGD 2ab581067 PUD 290c11067 PMD 0 > Oops: 0000 [#1] PREEMPT SMP > Modules linked in: nls_iso8859_1 ip6table_filter [.....] > CPU: 2 PID: 103 Comm: kworker/u16:1 Not tainted 4.6.0-rc7+wip-xeon+debug #rc7+wip > Hardware name: Dell Inc. Precision WorkStation T5400 /0RW203, BIOS A11 04/30/2012 > Workqueue: events_unbound flush_to_ldisc > task: ffff8802ad16d100 ti: ffff8802ad31c000 task.ti: ffff8802ad31c000 > RIP: 0010:[<ffffffff8152dc5d>] [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 > RSP: 0018:ffff8802ad31fc70 EFLAGS: 00010296 > RAX: 0000000000000000 RBX: ffff8802aaddd800 RCX: 0000000000000001 > RDX: 00000000ffffffff RSI: ffffffff810db48f RDI: 0000000000000246 > RBP: ffff8802ad31fd08 R08: 0000000000000000 R09: 0000000000000001 > R10: ffff8802aadddb28 R11: 0000000000000001 R12: ffff8800ba6da808 > R13: ffff8802ad18be80 R14: ffff8800ba6da858 R15: ffff8800ba6da800 > FS: 0000000000000000(0000) GS:ffff8802b0a00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000000000002260 CR3: 000000028ee5d000 CR4: 00000000000006e0 > Stack: > ffffffff81531219 ffff8802aadddab8 ffff8802aadddde0 ffff8802aadddd78 > ffffffff00000001 ffff8800ba6da858 ffff8800ba6da860 ffff8802ad31fd30 > ffffffff81885f78 ffffffff81531219 0000000000000000 0000000200000000 > Call Trace: > [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0 > [<ffffffff81885f78>] ? mutex_lock_nested+0x2c8/0x430 > [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0 > [<ffffffff8152e784>] n_tty_receive_buf2+0x14/0x20 > [<ffffffff81530cb2>] tty_ldisc_receive_buf+0x22/0x50 > [<ffffffff8153128e>] flush_to_ldisc+0xbe/0xd0 > [<ffffffff810a0ebd>] process_one_work+0x1ed/0x6e0 > [<ffffffff810a0e3f>] ? process_one_work+0x16f/0x6e0 > [<ffffffff810a13fe>] worker_thread+0x4e/0x490 > [<ffffffff810a13b0>] ? process_one_work+0x6e0/0x6e0 > [<ffffffff810a7ef2>] kthread+0xf2/0x110 > [<ffffffff810ae68c>] ? preempt_count_sub+0x4c/0x80 > [<ffffffff8188ab52>] ret_from_fork+0x22/0x50 > [<ffffffff810a7e00>] ? kthread_create_on_node+0x220/0x220 > Code: ff ff e8 27 a0 35 00 48 8d 83 78 05 00 00 c7 45 c0 00 00 00 00 48 89 45 80 48 > 8d 83 e0 05 00 00 48 89 85 78 ff ff ff 48 8b 45 b8 <48> 8b b8 60 22 00 00 48 > 8b 30 89 f8 8b 8b 88 04 00 00 29 f0 8d > RIP [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 > RSP <ffff8802ad31fc70> > CR2: 0000000000002260 > > Ensure the kworker cannot obtain the ldisc reference until the new ldisc > is completely initialized. > > Fixes: 892d1fa7eaae ("tty: Destroy ldisc instance on hangup") > Reported-by: Mikulas Patocka <mpatocka@redhat.com> > Signed-off-by: Peter Hurley <peter@hurleysoftware.com> > --- > drivers/tty/tty_ldisc.c | 11 ++++++----- > 1 file changed, 6 insertions(+), 5 deletions(-) > > diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c > index cdd063f..bda0c85 100644 > --- a/drivers/tty/tty_ldisc.c > +++ b/drivers/tty/tty_ldisc.c > @@ -669,16 +669,17 @@ int tty_ldisc_reinit(struct tty_struct *tty, int disc) > tty_ldisc_put(tty->ldisc); > } > > - /* switch the line discipline */ > - tty->ldisc = ld; > tty_set_termios_ldisc(tty, disc); > - retval = tty_ldisc_open(tty, tty->ldisc); > + retval = tty_ldisc_open(tty, ld); > if (retval) { > if (!WARN_ON(disc == N_TTY)) { > - tty_ldisc_put(tty->ldisc); > - tty->ldisc = NULL; > + tty_ldisc_put(ld); > + ld = NULL; > } > } > + > + /* switch the line discipline */ > + smp_store_release(&tty->ldisc, ld); > return retval; > } > > -- > 2.8.2 > ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2016-05-17 18:09 ` Peter Hurley 2016-05-17 21:26 ` Mikulas Patocka @ 2016-07-07 22:57 ` Mikulas Patocka 2017-03-11 0:31 ` Michael Neuling 1 sibling, 1 reply; 15+ messages in thread From: Mikulas Patocka @ 2016-07-07 22:57 UTC (permalink / raw) To: Peter Hurley; +Cc: Greg Kroah-Hartman, Jiri Slaby, linux-kernel Hi This patch works, I've had no tty crashes since applying it. I've seen that you haven't sent this patch yet to Linux-4.7-rc and Linux-4.6-stable. Will you? Or did you create a different patch? Mikulas On Tue, 17 May 2016, Peter Hurley wrote: > On 05/17/2016 08:57 AM, Peter Hurley wrote: > > On 05/16/2016 04:36 PM, Peter Hurley wrote: > >> > Hi Mikulas, > >> > > >> > On 05/16/2016 01:12 PM, Mikulas Patocka wrote: > >>> >> Hi > >>> >> > >>> >> In the kernel 4.6 I get crashes in the tty layer. I can reproduce the > >>> >> crash by logging into the machine with ssh and typing before the prompt > >>> >> appears. > >> > > >> > Thanks for the report. > >> > I tried to reproduce this a number of times on different machines > >> > with no luck. > > > > I was able to reproduce this crash with a test jig. > > The patch below fixed it, but I'm testing a better patch now, which > > I'll get to you asap. > > --- >% --- > Subject: [PATCH] tty: Fix ldisc crash on reopened tty > > If the tty has been hungup, the ldisc instance may have been destroyed. > Continued input to the tty will be ignored as long as the ldisc instance > is not visible to the flush_to_ldisc kworker. However, when the tty > is reopened and a new ldisc instance is created, the flush_to_ldisc > kworker can obtain an ldisc reference before the new ldisc is > completely initialized. This will likely crash: > > BUG: unable to handle kernel paging request at 0000000000002260 > IP: [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 > PGD 2ab581067 PUD 290c11067 PMD 0 > Oops: 0000 [#1] PREEMPT SMP > Modules linked in: nls_iso8859_1 ip6table_filter [.....] > CPU: 2 PID: 103 Comm: kworker/u16:1 Not tainted 4.6.0-rc7+wip-xeon+debug #rc7+wip > Hardware name: Dell Inc. Precision WorkStation T5400 /0RW203, BIOS A11 04/30/2012 > Workqueue: events_unbound flush_to_ldisc > task: ffff8802ad16d100 ti: ffff8802ad31c000 task.ti: ffff8802ad31c000 > RIP: 0010:[<ffffffff8152dc5d>] [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 > RSP: 0018:ffff8802ad31fc70 EFLAGS: 00010296 > RAX: 0000000000000000 RBX: ffff8802aaddd800 RCX: 0000000000000001 > RDX: 00000000ffffffff RSI: ffffffff810db48f RDI: 0000000000000246 > RBP: ffff8802ad31fd08 R08: 0000000000000000 R09: 0000000000000001 > R10: ffff8802aadddb28 R11: 0000000000000001 R12: ffff8800ba6da808 > R13: ffff8802ad18be80 R14: ffff8800ba6da858 R15: ffff8800ba6da800 > FS: 0000000000000000(0000) GS:ffff8802b0a00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000000000002260 CR3: 000000028ee5d000 CR4: 00000000000006e0 > Stack: > ffffffff81531219 ffff8802aadddab8 ffff8802aadddde0 ffff8802aadddd78 > ffffffff00000001 ffff8800ba6da858 ffff8800ba6da860 ffff8802ad31fd30 > ffffffff81885f78 ffffffff81531219 0000000000000000 0000000200000000 > Call Trace: > [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0 > [<ffffffff81885f78>] ? mutex_lock_nested+0x2c8/0x430 > [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0 > [<ffffffff8152e784>] n_tty_receive_buf2+0x14/0x20 > [<ffffffff81530cb2>] tty_ldisc_receive_buf+0x22/0x50 > [<ffffffff8153128e>] flush_to_ldisc+0xbe/0xd0 > [<ffffffff810a0ebd>] process_one_work+0x1ed/0x6e0 > [<ffffffff810a0e3f>] ? process_one_work+0x16f/0x6e0 > [<ffffffff810a13fe>] worker_thread+0x4e/0x490 > [<ffffffff810a13b0>] ? process_one_work+0x6e0/0x6e0 > [<ffffffff810a7ef2>] kthread+0xf2/0x110 > [<ffffffff810ae68c>] ? preempt_count_sub+0x4c/0x80 > [<ffffffff8188ab52>] ret_from_fork+0x22/0x50 > [<ffffffff810a7e00>] ? kthread_create_on_node+0x220/0x220 > Code: ff ff e8 27 a0 35 00 48 8d 83 78 05 00 00 c7 45 c0 00 00 00 00 48 89 45 80 48 > 8d 83 e0 05 00 00 48 89 85 78 ff ff ff 48 8b 45 b8 <48> 8b b8 60 22 00 00 48 > 8b 30 89 f8 8b 8b 88 04 00 00 29 f0 8d > RIP [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 > RSP <ffff8802ad31fc70> > CR2: 0000000000002260 > > Ensure the kworker cannot obtain the ldisc reference until the new ldisc > is completely initialized. > > Fixes: 892d1fa7eaae ("tty: Destroy ldisc instance on hangup") > Reported-by: Mikulas Patocka <mpatocka@redhat.com> > Signed-off-by: Peter Hurley <peter@hurleysoftware.com> > --- > drivers/tty/tty_ldisc.c | 11 ++++++----- > 1 file changed, 6 insertions(+), 5 deletions(-) > > diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c > index cdd063f..bda0c85 100644 > --- a/drivers/tty/tty_ldisc.c > +++ b/drivers/tty/tty_ldisc.c > @@ -669,16 +669,17 @@ int tty_ldisc_reinit(struct tty_struct *tty, int disc) > tty_ldisc_put(tty->ldisc); > } > > - /* switch the line discipline */ > - tty->ldisc = ld; > tty_set_termios_ldisc(tty, disc); > - retval = tty_ldisc_open(tty, tty->ldisc); > + retval = tty_ldisc_open(tty, ld); > if (retval) { > if (!WARN_ON(disc == N_TTY)) { > - tty_ldisc_put(tty->ldisc); > - tty->ldisc = NULL; > + tty_ldisc_put(ld); > + ld = NULL; > } > } > + > + /* switch the line discipline */ > + smp_store_release(&tty->ldisc, ld); > return retval; > } > > -- > 2.8.2 > ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2016-07-07 22:57 ` Mikulas Patocka @ 2017-03-11 0:31 ` Michael Neuling 2018-03-22 13:48 ` Daniel Axtens 0 siblings, 1 reply; 15+ messages in thread From: Michael Neuling @ 2017-03-11 0:31 UTC (permalink / raw) To: Mikulas Patocka, Peter Hurley Cc: Greg Kroah-Hartman, Jiri Slaby, Linux Kernel Mailing List, Michael Neuling > This patch works, I've had no tty crashes since applying it. > > I've seen that you haven't sent this patch yet to Linux-4.7-rc and > Linux-4.6-stable. Will you? Or did you create a different patch? We are hitting this now on powerpc. This patch never seemed to make it upstream (drivers/tty/tty_ldisc.c hasn't been touched in 1 year). Peter, can we take this patch as is, or do you have an updated version? Mikey > Mikulas > > > On Tue, 17 May 2016, Peter Hurley wrote: > > > On 05/17/2016 08:57 AM, Peter Hurley wrote: > > > On 05/16/2016 04:36 PM, Peter Hurley wrote: > > >> > Hi Mikulas, > > >> > > > >> > On 05/16/2016 01:12 PM, Mikulas Patocka wrote: > > >>> >> Hi > > >>> >> > > >>> >> In the kernel 4.6 I get crashes in the tty layer. I can reproduce the > > >>> >> crash by logging into the machine with ssh and typing before the prompt > > >>> >> appears. > > >> > > > >> > Thanks for the report. > > >> > I tried to reproduce this a number of times on different machines > > >> > with no luck. > > > > > > I was able to reproduce this crash with a test jig. > > > The patch below fixed it, but I'm testing a better patch now, which > > > I'll get to you asap. > > > > --- >% --- > > Subject: [PATCH] tty: Fix ldisc crash on reopened tty > > > > If the tty has been hungup, the ldisc instance may have been destroyed. > > Continued input to the tty will be ignored as long as the ldisc instance > > is not visible to the flush_to_ldisc kworker. However, when the tty > > is reopened and a new ldisc instance is created, the flush_to_ldisc > > kworker can obtain an ldisc reference before the new ldisc is > > completely initialized. This will likely crash: > > > > BUG: unable to handle kernel paging request at 0000000000002260 > > IP: [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 > > PGD 2ab581067 PUD 290c11067 PMD 0 > > Oops: 0000 [#1] PREEMPT SMP > > Modules linked in: nls_iso8859_1 ip6table_filter [.....] > > CPU: 2 PID: 103 Comm: kworker/u16:1 Not tainted 4.6.0-rc7+wip-xeon+debug #rc7+wip > > Hardware name: Dell Inc. Precision WorkStation T5400 /0RW203, BIOS A11 04/30/2012 > > Workqueue: events_unbound flush_to_ldisc > > task: ffff8802ad16d100 ti: ffff8802ad31c000 task.ti: ffff8802ad31c000 > > RIP: 0010:[<ffffffff8152dc5d>] [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 > > RSP: 0018:ffff8802ad31fc70 EFLAGS: 00010296 > > RAX: 0000000000000000 RBX: ffff8802aaddd800 RCX: 0000000000000001 > > RDX: 00000000ffffffff RSI: ffffffff810db48f RDI: 0000000000000246 > > RBP: ffff8802ad31fd08 R08: 0000000000000000 R09: 0000000000000001 > > R10: ffff8802aadddb28 R11: 0000000000000001 R12: ffff8800ba6da808 > > R13: ffff8802ad18be80 R14: ffff8800ba6da858 R15: ffff8800ba6da800 > > FS: 0000000000000000(0000) GS:ffff8802b0a00000(0000) knlGS:0000000000000000 > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > CR2: 0000000000002260 CR3: 000000028ee5d000 CR4: 00000000000006e0 > > Stack: > > ffffffff81531219 ffff8802aadddab8 ffff8802aadddde0 ffff8802aadddd78 > > ffffffff00000001 ffff8800ba6da858 ffff8800ba6da860 ffff8802ad31fd30 > > ffffffff81885f78 ffffffff81531219 0000000000000000 0000000200000000 > > Call Trace: > > [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0 > > [<ffffffff81885f78>] ? mutex_lock_nested+0x2c8/0x430 > > [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0 > > [<ffffffff8152e784>] n_tty_receive_buf2+0x14/0x20 > > [<ffffffff81530cb2>] tty_ldisc_receive_buf+0x22/0x50 > > [<ffffffff8153128e>] flush_to_ldisc+0xbe/0xd0 > > [<ffffffff810a0ebd>] process_one_work+0x1ed/0x6e0 > > [<ffffffff810a0e3f>] ? process_one_work+0x16f/0x6e0 > > [<ffffffff810a13fe>] worker_thread+0x4e/0x490 > > [<ffffffff810a13b0>] ? process_one_work+0x6e0/0x6e0 > > [<ffffffff810a7ef2>] kthread+0xf2/0x110 > > [<ffffffff810ae68c>] ? preempt_count_sub+0x4c/0x80 > > [<ffffffff8188ab52>] ret_from_fork+0x22/0x50 > > [<ffffffff810a7e00>] ? kthread_create_on_node+0x220/0x220 > > Code: ff ff e8 27 a0 35 00 48 8d 83 78 05 00 00 c7 45 c0 00 00 00 00 48 89 45 80 48 > > 8d 83 e0 05 00 00 48 89 85 78 ff ff ff 48 8b 45 b8 <48> 8b b8 60 22 00 00 48 > > 8b 30 89 f8 8b 8b 88 04 00 00 29 f0 8d > > RIP [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 > > RSP <ffff8802ad31fc70> > > CR2: 0000000000002260 > > > > Ensure the kworker cannot obtain the ldisc reference until the new ldisc > > is completely initialized. > > > > Fixes: 892d1fa7eaae ("tty: Destroy ldisc instance on hangup") > > Reported-by: Mikulas Patocka <mpatocka@redhat.com> > > Signed-off-by: Peter Hurley <peter@hurleysoftware.com> > > --- > > drivers/tty/tty_ldisc.c | 11 ++++++----- > > 1 file changed, 6 insertions(+), 5 deletions(-) > > > > diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c > > index cdd063f..bda0c85 100644 > > --- a/drivers/tty/tty_ldisc.c > > +++ b/drivers/tty/tty_ldisc.c > > @@ -669,16 +669,17 @@ int tty_ldisc_reinit(struct tty_struct *tty, int disc) > > tty_ldisc_put(tty->ldisc); > > } > > > > - /* switch the line discipline */ > > - tty->ldisc = ld; > > tty_set_termios_ldisc(tty, disc); > > - retval = tty_ldisc_open(tty, tty->ldisc); > > + retval = tty_ldisc_open(tty, ld); > > if (retval) { > > if (!WARN_ON(disc == N_TTY)) { > > - tty_ldisc_put(tty->ldisc); > > - tty->ldisc = NULL; > > + tty_ldisc_put(ld); > > + ld = NULL; > > } > > } > > + > > + /* switch the line discipline */ > > + smp_store_release(&tty->ldisc, ld); > > return retval; > > } > > > > -- > > 2.8.2 > > > ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2017-03-11 0:31 ` Michael Neuling @ 2018-03-22 13:48 ` Daniel Axtens 2018-03-22 14:05 ` Greg Kroah-Hartman 0 siblings, 1 reply; 15+ messages in thread From: Daniel Axtens @ 2018-03-22 13:48 UTC (permalink / raw) To: Michael Neuling, Mikulas Patocka, Peter Hurley Cc: Greg Kroah-Hartman, Jiri Slaby, Linux Kernel Mailing List, Michael Neuling Hi, >> This patch works, I've had no tty crashes since applying it. >> >> I've seen that you haven't sent this patch yet to Linux-4.7-rc and >> Linux-4.6-stable. Will you? Or did you create a different patch? > > We are hitting this now on powerpc. This patch never seemed to make > it upstream (drivers/tty/tty_ldisc.c hasn't been touched in 1 year). I seem to be hitting this too on a kernel that has the 4.6 changes backported to 4.4. Has there been any further progress on getting this accepted? Regards, Daniel > > Peter, can we take this patch as is, or do you have an updated version? > > Mikey > >> Mikulas >> >> >> On Tue, 17 May 2016, Peter Hurley wrote: >> >> > On 05/17/2016 08:57 AM, Peter Hurley wrote: >> > > On 05/16/2016 04:36 PM, Peter Hurley wrote: >> > >> > Hi Mikulas, >> > >> > >> > >> > On 05/16/2016 01:12 PM, Mikulas Patocka wrote: >> > >>> >> Hi >> > >>> >> >> > >>> >> In the kernel 4.6 I get crashes in the tty layer. I can reproduce the >> > >>> >> crash by logging into the machine with ssh and typing before the prompt >> > >>> >> appears. >> > >> > >> > >> > Thanks for the report. >> > >> > I tried to reproduce this a number of times on different machines >> > >> > with no luck. >> > > >> > > I was able to reproduce this crash with a test jig. >> > > The patch below fixed it, but I'm testing a better patch now, which >> > > I'll get to you asap. >> > >> > --- >% --- >> > Subject: [PATCH] tty: Fix ldisc crash on reopened tty >> > >> > If the tty has been hungup, the ldisc instance may have been destroyed. >> > Continued input to the tty will be ignored as long as the ldisc instance >> > is not visible to the flush_to_ldisc kworker. However, when the tty >> > is reopened and a new ldisc instance is created, the flush_to_ldisc >> > kworker can obtain an ldisc reference before the new ldisc is >> > completely initialized. This will likely crash: >> > >> > BUG: unable to handle kernel paging request at 0000000000002260 >> > IP: [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 >> > PGD 2ab581067 PUD 290c11067 PMD 0 >> > Oops: 0000 [#1] PREEMPT SMP >> > Modules linked in: nls_iso8859_1 ip6table_filter [.....] >> > CPU: 2 PID: 103 Comm: kworker/u16:1 Not tainted 4.6.0-rc7+wip-xeon+debug #rc7+wip >> > Hardware name: Dell Inc. Precision WorkStation T5400 /0RW203, BIOS A11 04/30/2012 >> > Workqueue: events_unbound flush_to_ldisc >> > task: ffff8802ad16d100 ti: ffff8802ad31c000 task.ti: ffff8802ad31c000 >> > RIP: 0010:[<ffffffff8152dc5d>] [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 >> > RSP: 0018:ffff8802ad31fc70 EFLAGS: 00010296 >> > RAX: 0000000000000000 RBX: ffff8802aaddd800 RCX: 0000000000000001 >> > RDX: 00000000ffffffff RSI: ffffffff810db48f RDI: 0000000000000246 >> > RBP: ffff8802ad31fd08 R08: 0000000000000000 R09: 0000000000000001 >> > R10: ffff8802aadddb28 R11: 0000000000000001 R12: ffff8800ba6da808 >> > R13: ffff8802ad18be80 R14: ffff8800ba6da858 R15: ffff8800ba6da800 >> > FS: 0000000000000000(0000) GS:ffff8802b0a00000(0000) knlGS:0000000000000000 >> > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >> > CR2: 0000000000002260 CR3: 000000028ee5d000 CR4: 00000000000006e0 >> > Stack: >> > ffffffff81531219 ffff8802aadddab8 ffff8802aadddde0 ffff8802aadddd78 >> > ffffffff00000001 ffff8800ba6da858 ffff8800ba6da860 ffff8802ad31fd30 >> > ffffffff81885f78 ffffffff81531219 0000000000000000 0000000200000000 >> > Call Trace: >> > [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0 >> > [<ffffffff81885f78>] ? mutex_lock_nested+0x2c8/0x430 >> > [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0 >> > [<ffffffff8152e784>] n_tty_receive_buf2+0x14/0x20 >> > [<ffffffff81530cb2>] tty_ldisc_receive_buf+0x22/0x50 >> > [<ffffffff8153128e>] flush_to_ldisc+0xbe/0xd0 >> > [<ffffffff810a0ebd>] process_one_work+0x1ed/0x6e0 >> > [<ffffffff810a0e3f>] ? process_one_work+0x16f/0x6e0 >> > [<ffffffff810a13fe>] worker_thread+0x4e/0x490 >> > [<ffffffff810a13b0>] ? process_one_work+0x6e0/0x6e0 >> > [<ffffffff810a7ef2>] kthread+0xf2/0x110 >> > [<ffffffff810ae68c>] ? preempt_count_sub+0x4c/0x80 >> > [<ffffffff8188ab52>] ret_from_fork+0x22/0x50 >> > [<ffffffff810a7e00>] ? kthread_create_on_node+0x220/0x220 >> > Code: ff ff e8 27 a0 35 00 48 8d 83 78 05 00 00 c7 45 c0 00 00 00 00 48 89 45 80 48 >> > 8d 83 e0 05 00 00 48 89 85 78 ff ff ff 48 8b 45 b8 <48> 8b b8 60 22 00 00 48 >> > 8b 30 89 f8 8b 8b 88 04 00 00 29 f0 8d >> > RIP [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80 >> > RSP <ffff8802ad31fc70> >> > CR2: 0000000000002260 >> > >> > Ensure the kworker cannot obtain the ldisc reference until the new ldisc >> > is completely initialized. >> > >> > Fixes: 892d1fa7eaae ("tty: Destroy ldisc instance on hangup") >> > Reported-by: Mikulas Patocka <mpatocka@redhat.com> >> > Signed-off-by: Peter Hurley <peter@hurleysoftware.com> >> > --- >> > drivers/tty/tty_ldisc.c | 11 ++++++----- >> > 1 file changed, 6 insertions(+), 5 deletions(-) >> > >> > diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c >> > index cdd063f..bda0c85 100644 >> > --- a/drivers/tty/tty_ldisc.c >> > +++ b/drivers/tty/tty_ldisc.c >> > @@ -669,16 +669,17 @@ int tty_ldisc_reinit(struct tty_struct *tty, int disc) >> > tty_ldisc_put(tty->ldisc); >> > } >> > >> > - /* switch the line discipline */ >> > - tty->ldisc = ld; >> > tty_set_termios_ldisc(tty, disc); >> > - retval = tty_ldisc_open(tty, tty->ldisc); >> > + retval = tty_ldisc_open(tty, ld); >> > if (retval) { >> > if (!WARN_ON(disc == N_TTY)) { >> > - tty_ldisc_put(tty->ldisc); >> > - tty->ldisc = NULL; >> > + tty_ldisc_put(ld); >> > + ld = NULL; >> > } >> > } >> > + >> > + /* switch the line discipline */ >> > + smp_store_release(&tty->ldisc, ld); >> > return retval; >> > } >> > >> > -- >> > 2.8.2 >> > >> ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2018-03-22 13:48 ` Daniel Axtens @ 2018-03-22 14:05 ` Greg Kroah-Hartman 2018-03-27 12:18 ` Mikulas Patocka 0 siblings, 1 reply; 15+ messages in thread From: Greg Kroah-Hartman @ 2018-03-22 14:05 UTC (permalink / raw) To: Daniel Axtens Cc: Michael Neuling, Mikulas Patocka, Peter Hurley, Jiri Slaby, Linux Kernel Mailing List On Fri, Mar 23, 2018 at 12:48:06AM +1100, Daniel Axtens wrote: > Hi, > > >> This patch works, I've had no tty crashes since applying it. > >> > >> I've seen that you haven't sent this patch yet to Linux-4.7-rc and > >> Linux-4.6-stable. Will you? Or did you create a different patch? > > > > We are hitting this now on powerpc. This patch never seemed to make > > it upstream (drivers/tty/tty_ldisc.c hasn't been touched in 1 year). > > I seem to be hitting this too on a kernel that has the 4.6 changes > backported to 4.4. > > Has there been any further progress on getting this accepted? Can you try applying 28b0f8a6962a ("tty: make n_tty_read() always abort if hangup is in progress") to see if that helps out or not? thanks, greg k-h ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2018-03-22 14:05 ` Greg Kroah-Hartman @ 2018-03-27 12:18 ` Mikulas Patocka 2018-04-11 16:09 ` Daniel Axtens 0 siblings, 1 reply; 15+ messages in thread From: Mikulas Patocka @ 2018-03-27 12:18 UTC (permalink / raw) To: Greg Kroah-Hartman Cc: Daniel Axtens, Michael Neuling, Peter Hurley, Jiri Slaby, Linux Kernel Mailing List On Thu, 22 Mar 2018, Greg Kroah-Hartman wrote: > On Fri, Mar 23, 2018 at 12:48:06AM +1100, Daniel Axtens wrote: > > Hi, > > > > >> This patch works, I've had no tty crashes since applying it. > > >> > > >> I've seen that you haven't sent this patch yet to Linux-4.7-rc and > > >> Linux-4.6-stable. Will you? Or did you create a different patch? > > > > > > We are hitting this now on powerpc. This patch never seemed to make > > > it upstream (drivers/tty/tty_ldisc.c hasn't been touched in 1 year). > > > > I seem to be hitting this too on a kernel that has the 4.6 changes > > backported to 4.4. > > > > Has there been any further progress on getting this accepted? > > Can you try applying 28b0f8a6962a ("tty: make n_tty_read() always abort > if hangup is in progress") to see if that helps out or not? > > thanks, > > greg k-h It doesn't help. I get the same crash as before. Mikulas ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2018-03-27 12:18 ` Mikulas Patocka @ 2018-04-11 16:09 ` Daniel Axtens 2019-11-15 19:21 ` Mike Kravetz 0 siblings, 1 reply; 15+ messages in thread From: Daniel Axtens @ 2018-04-11 16:09 UTC (permalink / raw) To: Mikulas Patocka, Greg Kroah-Hartman Cc: Michael Neuling, Peter Hurley, Jiri Slaby, Linux Kernel Mailing List Mikulas Patocka <mpatocka@redhat.com> writes: > On Thu, 22 Mar 2018, Greg Kroah-Hartman wrote: > >> On Fri, Mar 23, 2018 at 12:48:06AM +1100, Daniel Axtens wrote: >> > Hi, >> > >> > >> This patch works, I've had no tty crashes since applying it. >> > >> >> > >> I've seen that you haven't sent this patch yet to Linux-4.7-rc and >> > >> Linux-4.6-stable. Will you? Or did you create a different patch? >> > > >> > > We are hitting this now on powerpc. This patch never seemed to make >> > > it upstream (drivers/tty/tty_ldisc.c hasn't been touched in 1 year). >> > >> > I seem to be hitting this too on a kernel that has the 4.6 changes >> > backported to 4.4. >> > >> > Has there been any further progress on getting this accepted? >> >> Can you try applying 28b0f8a6962a ("tty: make n_tty_read() always abort >> if hangup is in progress") to see if that helps out or not? Sorry for the delay in getting the test results; as with Mikulas, 28b0f8a6962a does not help. Regards, Daniel >> >> thanks, >> >> greg k-h > > It doesn't help. I get the same crash as before. > > Mikulas ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2018-04-11 16:09 ` Daniel Axtens @ 2019-11-15 19:21 ` Mike Kravetz 2019-11-16 9:36 ` Greg Kroah-Hartman 0 siblings, 1 reply; 15+ messages in thread From: Mike Kravetz @ 2019-11-15 19:21 UTC (permalink / raw) To: Daniel Axtens, Mikulas Patocka, Greg Kroah-Hartman Cc: Michael Neuling, Peter Hurley, Jiri Slaby, Linux Kernel Mailing List On 4/11/18 9:09 AM, Daniel Axtens wrote: > Mikulas Patocka <mpatocka@redhat.com> writes: > >> On Thu, 22 Mar 2018, Greg Kroah-Hartman wrote: >> >>> On Fri, Mar 23, 2018 at 12:48:06AM +1100, Daniel Axtens wrote: >>>> Hi, >>>> >>>>>> This patch works, I've had no tty crashes since applying it. >>>>>> >>>>>> I've seen that you haven't sent this patch yet to Linux-4.7-rc and >>>>>> Linux-4.6-stable. Will you? Or did you create a different patch? >>>>> >>>>> We are hitting this now on powerpc. This patch never seemed to make >>>>> it upstream (drivers/tty/tty_ldisc.c hasn't been touched in 1 year). >>>> >>>> I seem to be hitting this too on a kernel that has the 4.6 changes >>>> backported to 4.4. >>>> >>>> Has there been any further progress on getting this accepted? >>> >>> Can you try applying 28b0f8a6962a ("tty: make n_tty_read() always abort >>> if hangup is in progress") to see if that helps out or not? > > Sorry for the delay in getting the test results; as with Mikulas, > 28b0f8a6962a does not help. > > Regards, > Daniel > >>> >>> thanks, >>> >>> greg k-h >> >> It doesn't help. I get the same crash as before. >> >> Mikulas Reviving a really old thread. It looks like this patch never got merged. Did it get resolved in some other way? I ask because we have a customer who seems to have hit this issue. -- Mike Kravetz ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2019-11-15 19:21 ` Mike Kravetz @ 2019-11-16 9:36 ` Greg Kroah-Hartman 2019-12-03 15:17 ` Mikulas Patocka 0 siblings, 1 reply; 15+ messages in thread From: Greg Kroah-Hartman @ 2019-11-16 9:36 UTC (permalink / raw) To: Mike Kravetz Cc: Daniel Axtens, Mikulas Patocka, Michael Neuling, Peter Hurley, Jiri Slaby, Linux Kernel Mailing List On Fri, Nov 15, 2019 at 11:21:08AM -0800, Mike Kravetz wrote: > On 4/11/18 9:09 AM, Daniel Axtens wrote: > > Mikulas Patocka <mpatocka@redhat.com> writes: > > > >> On Thu, 22 Mar 2018, Greg Kroah-Hartman wrote: > >> > >>> On Fri, Mar 23, 2018 at 12:48:06AM +1100, Daniel Axtens wrote: > >>>> Hi, > >>>> > >>>>>> This patch works, I've had no tty crashes since applying it. > >>>>>> > >>>>>> I've seen that you haven't sent this patch yet to Linux-4.7-rc and > >>>>>> Linux-4.6-stable. Will you? Or did you create a different patch? > >>>>> > >>>>> We are hitting this now on powerpc. This patch never seemed to make > >>>>> it upstream (drivers/tty/tty_ldisc.c hasn't been touched in 1 year). > >>>> > >>>> I seem to be hitting this too on a kernel that has the 4.6 changes > >>>> backported to 4.4. > >>>> > >>>> Has there been any further progress on getting this accepted? > >>> > >>> Can you try applying 28b0f8a6962a ("tty: make n_tty_read() always abort > >>> if hangup is in progress") to see if that helps out or not? > > > > Sorry for the delay in getting the test results; as with Mikulas, > > 28b0f8a6962a does not help. > > > > Regards, > > Daniel > > > >>> > >>> thanks, > >>> > >>> greg k-h > >> > >> It doesn't help. I get the same crash as before. > >> > >> Mikulas > > Reviving a really old thread. > > It looks like this patch never got merged. I do not see a patch in this email, so I have no idea what you are referring to, sorry. > Did it get resolved in some other way? I ask because we have a > customer who seems to have hit this issue. Can you try with the latest kernel to see if it is resolved or not? thanks, greg k-h ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2019-11-16 9:36 ` Greg Kroah-Hartman @ 2019-12-03 15:17 ` Mikulas Patocka 2019-12-03 19:14 ` Greg Kroah-Hartman 0 siblings, 1 reply; 15+ messages in thread From: Mikulas Patocka @ 2019-12-03 15:17 UTC (permalink / raw) To: Greg Kroah-Hartman Cc: Mike Kravetz, Daniel Axtens, Michael Neuling, Peter Hurley, Jiri Slaby, Linux Kernel Mailing List On Sat, 16 Nov 2019, Greg Kroah-Hartman wrote: > On Fri, Nov 15, 2019 at 11:21:08AM -0800, Mike Kravetz wrote: > > On 4/11/18 9:09 AM, Daniel Axtens wrote: > > > Mikulas Patocka <mpatocka@redhat.com> writes: > > > > > >> On Thu, 22 Mar 2018, Greg Kroah-Hartman wrote: > > >> > > >>> On Fri, Mar 23, 2018 at 12:48:06AM +1100, Daniel Axtens wrote: > > >>>> Hi, > > >>>> > > >>>>>> This patch works, I've had no tty crashes since applying it. > > >>>>>> > > >>>>>> I've seen that you haven't sent this patch yet to Linux-4.7-rc and > > >>>>>> Linux-4.6-stable. Will you? Or did you create a different patch? > > >>>>> > > >>>>> We are hitting this now on powerpc. This patch never seemed to make > > >>>>> it upstream (drivers/tty/tty_ldisc.c hasn't been touched in 1 year). > > >>>> > > >>>> I seem to be hitting this too on a kernel that has the 4.6 changes > > >>>> backported to 4.4. > > >>>> > > >>>> Has there been any further progress on getting this accepted? > > >>> > > >>> Can you try applying 28b0f8a6962a ("tty: make n_tty_read() always abort > > >>> if hangup is in progress") to see if that helps out or not? > > > > > > Sorry for the delay in getting the test results; as with Mikulas, > > > 28b0f8a6962a does not help. > > > > > > Regards, > > > Daniel > > > > > >>> > > >>> thanks, > > >>> > > >>> greg k-h > > >> > > >> It doesn't help. I get the same crash as before. > > >> > > >> Mikulas > > > > Reviving a really old thread. > > > > It looks like this patch never got merged. > > I do not see a patch in this email, so I have no idea what you are > referring to, sorry. > > > Did it get resolved in some other way? I ask because we have a > > customer who seems to have hit this issue. > > Can you try with the latest kernel to see if it is resolved or not? I tested it on the kernel 5.4 and I couldn't reproduce the crash anymore. Mikulas > thanks, > > greg k-h > ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: tty crash in Linux 4.6 2019-12-03 15:17 ` Mikulas Patocka @ 2019-12-03 19:14 ` Greg Kroah-Hartman 0 siblings, 0 replies; 15+ messages in thread From: Greg Kroah-Hartman @ 2019-12-03 19:14 UTC (permalink / raw) To: Mikulas Patocka Cc: Mike Kravetz, Daniel Axtens, Michael Neuling, Peter Hurley, Jiri Slaby, Linux Kernel Mailing List On Tue, Dec 03, 2019 at 10:17:08AM -0500, Mikulas Patocka wrote: > > > On Sat, 16 Nov 2019, Greg Kroah-Hartman wrote: > > > On Fri, Nov 15, 2019 at 11:21:08AM -0800, Mike Kravetz wrote: > > > On 4/11/18 9:09 AM, Daniel Axtens wrote: > > > > Mikulas Patocka <mpatocka@redhat.com> writes: > > > > > > > >> On Thu, 22 Mar 2018, Greg Kroah-Hartman wrote: > > > >> > > > >>> On Fri, Mar 23, 2018 at 12:48:06AM +1100, Daniel Axtens wrote: > > > >>>> Hi, > > > >>>> > > > >>>>>> This patch works, I've had no tty crashes since applying it. > > > >>>>>> > > > >>>>>> I've seen that you haven't sent this patch yet to Linux-4.7-rc and > > > >>>>>> Linux-4.6-stable. Will you? Or did you create a different patch? > > > >>>>> > > > >>>>> We are hitting this now on powerpc. This patch never seemed to make > > > >>>>> it upstream (drivers/tty/tty_ldisc.c hasn't been touched in 1 year). > > > >>>> > > > >>>> I seem to be hitting this too on a kernel that has the 4.6 changes > > > >>>> backported to 4.4. > > > >>>> > > > >>>> Has there been any further progress on getting this accepted? > > > >>> > > > >>> Can you try applying 28b0f8a6962a ("tty: make n_tty_read() always abort > > > >>> if hangup is in progress") to see if that helps out or not? > > > > > > > > Sorry for the delay in getting the test results; as with Mikulas, > > > > 28b0f8a6962a does not help. > > > > > > > > Regards, > > > > Daniel > > > > > > > >>> > > > >>> thanks, > > > >>> > > > >>> greg k-h > > > >> > > > >> It doesn't help. I get the same crash as before. > > > >> > > > >> Mikulas > > > > > > Reviving a really old thread. > > > > > > It looks like this patch never got merged. > > > > I do not see a patch in this email, so I have no idea what you are > > referring to, sorry. > > > > > Did it get resolved in some other way? I ask because we have a > > > customer who seems to have hit this issue. > > > > Can you try with the latest kernel to see if it is resolved or not? > > I tested it on the kernel 5.4 and I couldn't reproduce the crash anymore. Wonderful, please use that kernel then :) thanks, greg k-h ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2019-12-03 19:14 UTC | newest] Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-05-16 20:12 tty crash in Linux 4.6 Mikulas Patocka 2016-05-16 23:36 ` Peter Hurley 2016-05-17 15:57 ` Peter Hurley 2016-05-17 18:09 ` Peter Hurley 2016-05-17 21:26 ` Mikulas Patocka 2016-07-07 22:57 ` Mikulas Patocka 2017-03-11 0:31 ` Michael Neuling 2018-03-22 13:48 ` Daniel Axtens 2018-03-22 14:05 ` Greg Kroah-Hartman 2018-03-27 12:18 ` Mikulas Patocka 2018-04-11 16:09 ` Daniel Axtens 2019-11-15 19:21 ` Mike Kravetz 2019-11-16 9:36 ` Greg Kroah-Hartman 2019-12-03 15:17 ` Mikulas Patocka 2019-12-03 19:14 ` Greg Kroah-Hartman
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.