* [PATCH] tty fix oops when rmmod 8250
@ 2017-09-15 9:45 nixiaoming
2017-09-18 8:43 ` Jiri Slaby
0 siblings, 1 reply; 4+ messages in thread
From: nixiaoming @ 2017-09-15 9:45 UTC (permalink / raw)
To: gregkh, jslaby, viro, torvalds, adobriyan
Cc: linux-serial, linux-kernel, linux-fsdevel, nixiaoming
After rmmod 8250.ko
tty_kref_put starts kwork (release_one_tty) to release proc interface
oops when accessing driver->driver_name in proc_tty_unregister_driver
Use jprobe, found driver->driver_name point to 8250.ko
static static struct uart_driver serial8250_reg
.driver_name= serial,
Use name in proc_dir_entry instead of driver->driver_name to fix oops
test on linux 4.1.12:
BUG: unable to handle kernel paging request at ffffffffa01979de
IP: [<ffffffff81310f40>] strchr+0x0/0x30
PGD 1a0d067 PUD 1a0e063 PMD 851c1f067 PTE 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: ... ... [last unloaded: 8250]
CPU: 7 PID: 116 Comm: kworker/7:1 Tainted: G O 4.1.12 #1
Hardware name: Insyde RiverForest/Type2 - Board Product Name1, BIOS NE5KV904 12/21/2015
Workqueue: events release_one_tty
task: ffff88085b684960 ti: ffff880852884000 task.ti: ffff880852884000
RIP: 0010:[<ffffffff81310f40>] [<ffffffff81310f40>] strchr+0x0/0x30
RSP: 0018:ffff880852887c90 EFLAGS: 00010282
RAX: ffffffff81a5eca0 RBX: ffffffffa01979de RCX: 0000000000000004
RDX: ffff880852887d10 RSI: 000000000000002f RDI: ffffffffa01979de
RBP: ffff880852887cd8 R08: 0000000000000000 R09: ffff88085f5d94d0
R10: 0000000000000195 R11: 0000000000000000 R12: ffffffffa01979de
R13: ffff880852887d00 R14: ffffffffa01979de R15: ffff88085f02e840
FS: 0000000000000000(0000) GS:ffff88085f5c0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffa01979de CR3: 0000000001a0c000 CR4: 00000000001406e0
Stack:
ffffffff812349b1 ffff880852887cb8 ffff880852887d10 ffff88085f5cd6c2
ffff880852800a80 ffffffffa01979de ffff880852800a84 0000000000000010
ffff88085bb28bd8 ffff880852887d38 ffffffff812354f0 ffff880852887d08
Call Trace:
[<ffffffff812349b1>] ? __xlate_proc_name+0x71/0xd0
[<ffffffff812354f0>] remove_proc_entry+0x40/0x180
[<ffffffff815f6811>] ? _raw_spin_lock_irqsave+0x41/0x60
[<ffffffff813be520>] ? destruct_tty_driver+0x60/0xe0
[<ffffffff81237c68>] proc_tty_unregister_driver+0x28/0x40
[<ffffffff813be548>] destruct_tty_driver+0x88/0xe0
[<ffffffff813be5bd>] tty_driver_kref_put+0x1d/0x20
[<ffffffff813becca>] release_one_tty+0x5a/0xd0
[<ffffffff81074159>] process_one_work+0x139/0x420
[<ffffffff810745a1>] worker_thread+0x121/0x450
[<ffffffff81074480>] ? process_scheduled_works+0x40/0x40
[<ffffffff8107a16c>] kthread+0xec/0x110
[<ffffffff81080000>] ? tg_rt_schedulable+0x210/0x220
[<ffffffff8107a080>] ? kthread_freezable_should_stop+0x80/0x80
[<ffffffff815f7292>] ret_from_fork+0x42/0x70
[<ffffffff8107a080>] ? kthread_freezable_should_stop+0x80/0x80
Signed-off-by: nixiaoming <nixiaoming@huawei.com>
---
fs/proc/proc_tty.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/proc/proc_tty.c b/fs/proc/proc_tty.c
index 901bd06..20e2c18 100644
--- a/fs/proc/proc_tty.c
+++ b/fs/proc/proc_tty.c
@@ -14,6 +14,7 @@
#include <linux/tty.h>
#include <linux/seq_file.h>
#include <linux/bitops.h>
+#include "internal.h"
/*
* The /proc/tty directory inodes...
@@ -164,7 +165,7 @@ void proc_tty_unregister_driver(struct tty_driver *driver)
if (!ent)
return;
- remove_proc_entry(driver->driver_name, proc_tty_driver);
+ remove_proc_entry(ent->name, proc_tty_driver);
driver->proc_entry = NULL;
}
--
2.11.0.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] tty fix oops when rmmod 8250
2017-09-15 9:45 [PATCH] tty fix oops when rmmod 8250 nixiaoming
@ 2017-09-18 8:43 ` Jiri Slaby
2017-10-11 2:03 ` Nixiaoming
0 siblings, 1 reply; 4+ messages in thread
From: Jiri Slaby @ 2017-09-18 8:43 UTC (permalink / raw)
To: nixiaoming, adobriyan, torvalds, gregkh, viro
Cc: linux-fsdevel, linux-kernel, linux-serial
On 09/15/2017, 11:45 AM, nixiaoming wrote:
> After rmmod 8250.ko
> tty_kref_put starts kwork (release_one_tty) to release proc interface
I believe you wanted to add a period here.
> oops when accessing driver->driver_name in proc_tty_unregister_driver
"The kernel oopses when"... ?
> Use jprobe, found driver->driver_name point to 8250.ko
> static static struct uart_driver serial8250_reg
> .driver_name= serial,
>
> Use name in proc_dir_entry instead of driver->driver_name to fix oops
>
> test on linux 4.1.12:
...
> @@ -164,7 +165,7 @@ void proc_tty_unregister_driver(struct tty_driver *driver)
> if (!ent)
> return;
>
> - remove_proc_entry(driver->driver_name, proc_tty_driver);
> + remove_proc_entry(ent->name, proc_tty_driver);
Yes, that makes sense. Using possibly stale driver_name cannot really
work out. I only wonder why nobody noticed until now...
So, can you reproduce also on 4.13 or something newer like that?
thanks,
--
js
suse labs
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [PATCH] tty fix oops when rmmod 8250
2017-09-18 8:43 ` Jiri Slaby
@ 2017-10-11 2:03 ` Nixiaoming
0 siblings, 0 replies; 4+ messages in thread
From: Nixiaoming @ 2017-10-11 2:03 UTC (permalink / raw)
To: Jiri Slaby, adobriyan, torvalds, gregkh, viro
Cc: linux-fsdevel, linux-kernel, linux-serial
Test on 4.14.0-rc4:
CPU: 7 PID: 449 Comm: rmmod Tainted: G O 4.14.0-rc4+ #1
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Call Trace:
dump_stack+0x50/0x80
jtty_kref_put+0x5a/0x5c [jprobe_tty_kref_put]
uart_remove_one_port+0xe8/0x220 [serial_core]
? __might_sleep+0x4a/0x90
serial8250_unregister_port+0x71/0x100 [8250]
serial_pnp_remove+0x26/0x30 [8250]
pnp_device_remove+0x31/0x70
device_release_driver_internal+0x185/0x240
driver_detach+0x47/0x90
bus_remove_driver+0x50/0xb0
driver_unregister+0x30/0x50
pnp_unregister_driver+0x12/0x20
serial8250_pnp_exit+0x15/0x20 [8250]
serial8250_exit+0x34/0xbf8 [8250]
SyS_delete_module+0x17a/0x1f0
? exit_to_usermode_loop+0x9d/0xc0
do_syscall_64+0x5c/0x120
? syscall_return_slowpath+0xb9/0xc0
? schedule_tail+0xc1/0xe0
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x7ff7d37ab257
RSP: 002b:00007ffdb7879f08 EFLAGS: 00000202 ORIG_RAX: 00000000000000b0
RAX: ffffffffffffffda RBX: 0000000000000800 RCX: 00007ff7d37ab257
RDX: 00007ff7d38128c0 RSI: 0000000000000800 RDI: 00000000006d60f0
RBP: 00000000006d6090 R08: 00007ff7d3a5bf40 R09: 00007ffdb7878eb1
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffdb787be86
R13: 00000000006d6010 R14: 0000000000000000 R15: 00000000006d6090
BUG: unable to handle kernel paging request at ffffffffa00bdc91
IP: strchr+0x3/0x30
PGD 1c0b067 P4D 1c0b067 PUD 1c0c063 PMD 7f620067 PTE 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: jprobe_tty_kref_put(O) iptable_filter br_netfilter bridge stp llc ipv6 ata_piix ahci libahci libata ext4 jbd2 8250_base serial_core ptp pps_core nfsd auth_rpcgss oid_registry nfsv3 nfs nfs_acl lockd sunrpc grace vfat fat quota_v2 quota_v1 quota_tree [last unloaded: 8250]
CPU: 6 PID: 74 Comm: kworker/6:1 Tainted: G O 4.14.0-rc4+ #1
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Workqueue: events release_one_tty
task: ffff8800dbb88000 task.stack: ffffc900008d0000
RIP: 0010:strchr+0x3/0x30
RSP: 0018:ffffc900008d3b38 EFLAGS: 00010286
RAX: ffffffff81c682c0 RBX: ffffffffa00bdc91 RCX: 000000018040003c
RDX: 000000000000002f RSI: 000000000000002f RDI: ffffffffa00bdc91
RBP: ffffc900008d3b78 R08: 0000000000000000 R09: ffffffff8140e1ed
R10: ffffea0001fd6b00 R11: 0000000000000000 R12: ffff8800df412900
R13: 0000000000000010 R14: ffffc900008d3b90 R15: ffffffffa00bdc91
FS: 0000000000000000(0000) GS:ffff8800dfb80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffa00bdc91 CR3: 0000000072b7a000 CR4: 00000000000006e0
Call Trace:
? __xlate_proc_name+0x66/0xb0
remove_proc_entry+0x37/0x140
proc_tty_unregister_driver+0x28/0x40
destruct_tty_driver+0x84/0xe0
tty_driver_kref_put+0x1e/0x30
release_one_tty+0x62/0xe0
process_one_work+0x1d0/0x440
? sched_clock_local+0x1c/0x90
? schedule+0x4e/0xc0
? preempt_count_add+0xaa/0xc0
worker_thread+0x110/0x4c0
? __schedule+0x4ee/0x8b0
? default_wake_function+0x12/0x20
? __wake_up_common+0x85/0x130
? schedule+0x4e/0xc0
kthread+0x13a/0x140
? process_one_work+0x440/0x440
? kthreadd+0x1c0/0x1c0
ret_from_fork+0x22/0x30
Code: 01 41 38 c0 75 13 48 ff c1 45 84 c0 74 05 48 ff ca 75 e3 31 c0 c9 66 90 c3 41 38 c0 c9 19 c0 83 c8 01 c3 0f 1f 44 00 00 55 89 f2 <0f> b6 07 48 89 e5 40 38 f0 75 0c eb 12 48 ff c7 0f b6 07 38 d0
RIP: strchr+0x3/0x30 RSP: ffffc900008d3b38
CR2: ffffffffa00bdc91
-----
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] tty fix oops when rmmod 8250
@ 2017-09-15 9:45 nixiaoming
0 siblings, 0 replies; 4+ messages in thread
From: nixiaoming @ 2017-09-15 9:45 UTC (permalink / raw)
To: gregkh, jslaby, viro, torvalds, adobriyan
Cc: linux-serial, linux-kernel, linux-fsdevel, nixiaoming
After rmmod 8250.ko
tty_kref_put starts kwork (release_one_tty) to release proc interface
oops when accessing driver->driver_name in proc_tty_unregister_driver
Use jprobe, found driver->driver_name point to 8250.ko
static static struct uart_driver serial8250_reg
.driver_name= serial,
Use name in proc_dir_entry instead of driver->driver_name to fix oops
test on linux 4.1.12:
BUG: unable to handle kernel paging request at ffffffffa01979de
IP: [<ffffffff81310f40>] strchr+0x0/0x30
PGD 1a0d067 PUD 1a0e063 PMD 851c1f067 PTE 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: ... ... [last unloaded: 8250]
CPU: 7 PID: 116 Comm: kworker/7:1 Tainted: G O 4.1.12 #1
Hardware name: Insyde RiverForest/Type2 - Board Product Name1, BIOS NE5KV904 12/21/2015
Workqueue: events release_one_tty
task: ffff88085b684960 ti: ffff880852884000 task.ti: ffff880852884000
RIP: 0010:[<ffffffff81310f40>] [<ffffffff81310f40>] strchr+0x0/0x30
RSP: 0018:ffff880852887c90 EFLAGS: 00010282
RAX: ffffffff81a5eca0 RBX: ffffffffa01979de RCX: 0000000000000004
RDX: ffff880852887d10 RSI: 000000000000002f RDI: ffffffffa01979de
RBP: ffff880852887cd8 R08: 0000000000000000 R09: ffff88085f5d94d0
R10: 0000000000000195 R11: 0000000000000000 R12: ffffffffa01979de
R13: ffff880852887d00 R14: ffffffffa01979de R15: ffff88085f02e840
FS: 0000000000000000(0000) GS:ffff88085f5c0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffa01979de CR3: 0000000001a0c000 CR4: 00000000001406e0
Stack:
ffffffff812349b1 ffff880852887cb8 ffff880852887d10 ffff88085f5cd6c2
ffff880852800a80 ffffffffa01979de ffff880852800a84 0000000000000010
ffff88085bb28bd8 ffff880852887d38 ffffffff812354f0 ffff880852887d08
Call Trace:
[<ffffffff812349b1>] ? __xlate_proc_name+0x71/0xd0
[<ffffffff812354f0>] remove_proc_entry+0x40/0x180
[<ffffffff815f6811>] ? _raw_spin_lock_irqsave+0x41/0x60
[<ffffffff813be520>] ? destruct_tty_driver+0x60/0xe0
[<ffffffff81237c68>] proc_tty_unregister_driver+0x28/0x40
[<ffffffff813be548>] destruct_tty_driver+0x88/0xe0
[<ffffffff813be5bd>] tty_driver_kref_put+0x1d/0x20
[<ffffffff813becca>] release_one_tty+0x5a/0xd0
[<ffffffff81074159>] process_one_work+0x139/0x420
[<ffffffff810745a1>] worker_thread+0x121/0x450
[<ffffffff81074480>] ? process_scheduled_works+0x40/0x40
[<ffffffff8107a16c>] kthread+0xec/0x110
[<ffffffff81080000>] ? tg_rt_schedulable+0x210/0x220
[<ffffffff8107a080>] ? kthread_freezable_should_stop+0x80/0x80
[<ffffffff815f7292>] ret_from_fork+0x42/0x70
[<ffffffff8107a080>] ? kthread_freezable_should_stop+0x80/0x80
Signed-off-by: nixiaoming <nixiaoming@huawei.com>
---
fs/proc/proc_tty.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/proc/proc_tty.c b/fs/proc/proc_tty.c
index 901bd06..20e2c18 100644
--- a/fs/proc/proc_tty.c
+++ b/fs/proc/proc_tty.c
@@ -14,6 +14,7 @@
#include <linux/tty.h>
#include <linux/seq_file.h>
#include <linux/bitops.h>
+#include "internal.h"
/*
* The /proc/tty directory inodes...
@@ -164,7 +165,7 @@ void proc_tty_unregister_driver(struct tty_driver *driver)
if (!ent)
return;
- remove_proc_entry(driver->driver_name, proc_tty_driver);
+ remove_proc_entry(ent->name, proc_tty_driver);
driver->proc_entry = NULL;
}
--
2.11.0.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-10-11 2:03 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-15 9:45 [PATCH] tty fix oops when rmmod 8250 nixiaoming
2017-09-18 8:43 ` Jiri Slaby
2017-10-11 2:03 ` Nixiaoming
-- strict thread matches above, loose matches on Subject: below --
2017-09-15 9:45 nixiaoming
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).