linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dmitry Safonov <dima@arista.com>
To: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: linux-kernel@vger.kernel.org,
	"Dmitry Safonov" <0x7f454c46@gmail.com>,
	"Daniel Axtens" <dja@axtens.net>,
	"Dmitry Vyukov" <dvyukov@google.com>,
	"Michael Neuling" <mikey@neuling.org>,
	"Mikulas Patocka" <mpatocka@redhat.com>,
	"Pasi Kärkkäinen" <pasik@iki.fi>,
	"Peter Hurley" <peter@hurleysoftware.com>,
	"Tan Xiaojun" <tanxiaojun@huawei.com>,
	"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	"Jiri Slaby" <jslaby@suse.com>,
	stable@vger.kernel.org,
	"Benjamin Herrenschmidt" <benh@kernel.crashing.org>
Subject: Re: [PATCH 2/4] tty: Hold tty_ldisc_lock() during tty_reopen()
Date: Wed, 29 Aug 2018 15:30:21 +0100	[thread overview]
Message-ID: <1535553021.23560.50.camel@arista.com> (raw)
In-Reply-To: <20180829043430.GB13049@jagdpanzerIV>

Hi Sergey,

On Wed, 2018-08-29 at 13:34 +0900, Sergey Senozhatsky wrote:
> Hi,
> 
> Cc-ing Benjamin on this.

Thanks!

> On (08/29/18 03:23), Dmitry Safonov wrote:
> > BUG: unable to handle kernel paging request at 0000000000002260
> > IP: [..] n_tty_receive_buf_common+0x5f/0x86d
> > Workqueue: events_unbound flush_to_ldisc
> > Call Trace:
> >  [..] n_tty_receive_buf2
> >  [..] tty_ldisc_receive_buf
> >  [..] flush_to_ldisc
> >  [..] process_one_work
> >  [..] worker_thread
> >  [..] kthread
> >  [..] ret_from_fork
> 
> Seems that you are not the first one to hit this NULL deref.
> 
> > I think, tty_ldisc_reinit() should be called with ldisc_sem hold
> > for
> > writing, which will protect any reader against line discipline
> > changes.
> 
> Per https://lore.kernel.org/patchwork/patch/777220/
> 
> : Note that we noticed one path that called reinit without the ldisc
> lock
> : held for writing, we added that, but it didn't fix the problem.

Probably, it's worth to know what exactly has he tried and what was the
backtrace he got in the result..
Hopefully, we'll hear more.

It might be also worth to review tty_ldisc_deinit(), I thought it's
safe to destroy ldisc there under tty lock during tty release, but may
be that is another non-safe place.

-- 
Thanks again,
             Dmitry

  reply	other threads:[~2018-08-29 14:30 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-29  2:23 [PATCH 0/4] tty: Hold write ldisc sem in tty_reopen() Dmitry Safonov
2018-08-29  2:23 ` [PATCH 1/4] tty: Drop tty->count on tty_reopen() failure Dmitry Safonov
2018-08-29 14:38   ` Jiri Slaby
2018-08-29 16:13     ` Dmitry Safonov
2018-08-31  6:47       ` Jiri Slaby
2018-08-31 11:54         ` Dmitry Safonov
2018-08-29  2:23 ` [PATCH 2/4] tty: Hold tty_ldisc_lock() during tty_reopen() Dmitry Safonov
2018-08-29  4:34   ` Sergey Senozhatsky
2018-08-29 14:30     ` Dmitry Safonov [this message]
2018-08-30  5:16     ` Benjamin Herrenschmidt
2018-08-29 14:40   ` Jiri Slaby
2018-08-29 14:45     ` Jiri Slaby
2018-08-29 16:36     ` Dmitry Safonov
2018-08-29 15:19   ` Tetsuo Handa
2018-08-31  6:51     ` Jiri Slaby
2018-08-31 11:17       ` Tetsuo Handa
2018-08-31 11:21         ` Jiri Slaby
2018-08-31 12:12           ` Dmitry Safonov
2018-09-07  4:50   ` [LKP] [tty] 0b4f83d510: INFO:task_blocked_for_more_than#seconds kernel test robot
2018-09-07  6:39     ` Jiri Slaby
2018-09-07 11:12       ` Dmitry Safonov
2018-09-10  5:14       ` Sergey Senozhatsky
2018-09-10 18:50         ` Dmitry Safonov
2018-08-29  2:23 ` [PATCH 3/4] tty: Lock tty pair in tty_init_dev() Dmitry Safonov
2018-08-29 14:46   ` Jiri Slaby
2018-08-29 16:28     ` Dmitry Safonov
2018-08-31  6:54       ` Jiri Slaby
2018-08-31 12:22         ` Dmitry Safonov
2018-08-29  2:23 ` [PATCH 4/4] tty/lockdep: Add ldisc_sem asserts Dmitry Safonov
2018-08-30  7:03 ` [PATCH 0/4] tty: Hold write ldisc sem in tty_reopen() Pasi Kärkkäinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1535553021.23560.50.camel@arista.com \
    --to=dima@arista.com \
    --cc=0x7f454c46@gmail.com \
    --cc=benh@kernel.crashing.org \
    --cc=dja@axtens.net \
    --cc=dvyukov@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jslaby@suse.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mikey@neuling.org \
    --cc=mpatocka@redhat.com \
    --cc=pasik@iki.fi \
    --cc=peter@hurleysoftware.com \
    --cc=sergey.senozhatsky.work@gmail.com \
    --cc=stable@vger.kernel.org \
    --cc=tanxiaojun@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).