* [PATCH v2] tty: fix data race in flush_to_ldisc @ 2015-09-17 10:39 Dmitry Vyukov 2015-09-17 12:53 ` Greg KH 0 siblings, 1 reply; 6+ messages in thread From: Dmitry Vyukov @ 2015-09-17 10:39 UTC (permalink / raw) To: gregkh, peter, jslaby, linux-kernel Cc: jslaby, andreyknvl, kcc, glider, paulmck, hboehm, Dmitry Vyukov flush_to_ldisc reads port->itty and checks that it is not NULL, concurrently release_tty sets port->itty to NULL. It is possible that flush_to_ldisc loads port->itty once, ensures that it is not NULL, but then reloads it again and uses. The second load can already return NULL, which will cause a crash. Use READ_ONCE to read port->itty. The data race was found with KernelThreadSanitizer (KTSAN). Signed-off-by: Dmitry Vyukov <dvyukov@google.com> --- Changed since first version: - remove WRITE_ONCE when updating port->itty --- drivers/tty/tty_buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/tty_buffer.c b/drivers/tty/tty_buffer.c index 5a3fa89..23de97d 100644 --- a/drivers/tty/tty_buffer.c +++ b/drivers/tty/tty_buffer.c @@ -467,7 +467,7 @@ static void flush_to_ldisc(struct work_struct *work) struct tty_struct *tty; struct tty_ldisc *disc; - tty = port->itty; + tty = READ_ONCE(port->itty); if (tty == NULL) return; -- 2.6.0.rc0.131.gf624c3d ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2] tty: fix data race in flush_to_ldisc 2015-09-17 10:39 [PATCH v2] tty: fix data race in flush_to_ldisc Dmitry Vyukov @ 2015-09-17 12:53 ` Greg KH 2015-09-17 13:18 ` Peter Hurley 0 siblings, 1 reply; 6+ messages in thread From: Greg KH @ 2015-09-17 12:53 UTC (permalink / raw) To: Dmitry Vyukov Cc: peter, jslaby, linux-kernel, jslaby, andreyknvl, kcc, glider, paulmck, hboehm On Thu, Sep 17, 2015 at 12:39:36PM +0200, Dmitry Vyukov wrote: > flush_to_ldisc reads port->itty and checks that it is not NULL, > concurrently release_tty sets port->itty to NULL. It is possible > that flush_to_ldisc loads port->itty once, ensures that it is > not NULL, but then reloads it again and uses. The second load > can already return NULL, which will cause a crash. > > Use READ_ONCE to read port->itty. > > The data race was found with KernelThreadSanitizer (KTSAN). > > Signed-off-by: Dmitry Vyukov <dvyukov@google.com> You sent 3 patches here, but no hint as to what order they need to be applied in. Please resend them as a patch series (i.e. 1/3, 2/3, 3/3) so they can be applied correctly. thanks, greg k-h ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] tty: fix data race in flush_to_ldisc 2015-09-17 12:53 ` Greg KH @ 2015-09-17 13:18 ` Peter Hurley 2015-09-17 13:21 ` Dmitry Vyukov 2015-09-17 13:54 ` Greg KH 0 siblings, 2 replies; 6+ messages in thread From: Peter Hurley @ 2015-09-17 13:18 UTC (permalink / raw) To: Greg KH Cc: Dmitry Vyukov, Jiri Slaby, Linux kernel mailing list, Jiri Slaby, Andrey Konovalov, Kostya Serebryany, Alexander Potapenko, Paul McKenney, Hans Boehm On Thu, Sep 17, 2015 at 8:53 AM, Greg KH <gregkh@linuxfoundation.org> wrote: > On Thu, Sep 17, 2015 at 12:39:36PM +0200, Dmitry Vyukov wrote: >> flush_to_ldisc reads port->itty and checks that it is not NULL, >> concurrently release_tty sets port->itty to NULL. It is possible >> that flush_to_ldisc loads port->itty once, ensures that it is >> not NULL, but then reloads it again and uses. The second load >> can already return NULL, which will cause a crash. >> >> Use READ_ONCE to read port->itty. >> >> The data race was found with KernelThreadSanitizer (KTSAN). >> >> Signed-off-by: Dmitry Vyukov <dvyukov@google.com> > > You sent 3 patches here, but no hint as to what order they need to be > applied in. Please resend them as a patch series (i.e. 1/3, 2/3, 3/3) > so they can be applied correctly. Greg, I don't think these 3 patches are dependent on each other; I think they can be applied in any order. Regards, Peter Hurley ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] tty: fix data race in flush_to_ldisc 2015-09-17 13:18 ` Peter Hurley @ 2015-09-17 13:21 ` Dmitry Vyukov 2015-09-17 13:55 ` Greg KH 2015-09-17 13:54 ` Greg KH 1 sibling, 1 reply; 6+ messages in thread From: Dmitry Vyukov @ 2015-09-17 13:21 UTC (permalink / raw) To: Peter Hurley Cc: Greg KH, Jiri Slaby, Linux kernel mailing list, Jiri Slaby, Andrey Konovalov, Kostya Serebryany, Alexander Potapenko, Paul McKenney, Hans Boehm On Thu, Sep 17, 2015 at 3:18 PM, Peter Hurley <peter@hurleysoftware.com> wrote: > On Thu, Sep 17, 2015 at 8:53 AM, Greg KH <gregkh@linuxfoundation.org> wrote: >> On Thu, Sep 17, 2015 at 12:39:36PM +0200, Dmitry Vyukov wrote: >>> flush_to_ldisc reads port->itty and checks that it is not NULL, >>> concurrently release_tty sets port->itty to NULL. It is possible >>> that flush_to_ldisc loads port->itty once, ensures that it is >>> not NULL, but then reloads it again and uses. The second load >>> can already return NULL, which will cause a crash. >>> >>> Use READ_ONCE to read port->itty. >>> >>> The data race was found with KernelThreadSanitizer (KTSAN). >>> >>> Signed-off-by: Dmitry Vyukov <dvyukov@google.com> >> >> You sent 3 patches here, but no hint as to what order they need to be >> applied in. Please resend them as a patch series (i.e. 1/3, 2/3, 3/3) >> so they can be applied correctly. > > Greg, > > I don't think these 3 patches are dependent on each other; I think they > can be applied in any order. Yes, these patches are independent and can be applied in any order, and any subset of them can be applied. I can send them as patch series if necessary, though. -- Dmitry Vyukov, Software Engineer, dvyukov@google.com Google Germany GmbH, Dienerstraße 12, 80331, München Geschäftsführer: Graham Law, Christine Elizabeth Flores Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Diese E-Mail ist vertraulich. Wenn Sie nicht der richtige Adressat sind, leiten Sie diese bitte nicht weiter, informieren Sie den Absender und löschen Sie die E-Mail und alle Anhänge. Vielen Dank. This e-mail is confidential. If you are not the right addressee please do not forward it, please inform the sender, and please erase this e-mail including any attachments. Thanks. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] tty: fix data race in flush_to_ldisc 2015-09-17 13:21 ` Dmitry Vyukov @ 2015-09-17 13:55 ` Greg KH 0 siblings, 0 replies; 6+ messages in thread From: Greg KH @ 2015-09-17 13:55 UTC (permalink / raw) To: Dmitry Vyukov Cc: Peter Hurley, Jiri Slaby, Linux kernel mailing list, Jiri Slaby, Andrey Konovalov, Kostya Serebryany, Alexander Potapenko, Paul McKenney, Hans Boehm On Thu, Sep 17, 2015 at 03:21:02PM +0200, Dmitry Vyukov wrote: > On Thu, Sep 17, 2015 at 3:18 PM, Peter Hurley <peter@hurleysoftware.com> wrote: > > On Thu, Sep 17, 2015 at 8:53 AM, Greg KH <gregkh@linuxfoundation.org> wrote: > >> On Thu, Sep 17, 2015 at 12:39:36PM +0200, Dmitry Vyukov wrote: > >>> flush_to_ldisc reads port->itty and checks that it is not NULL, > >>> concurrently release_tty sets port->itty to NULL. It is possible > >>> that flush_to_ldisc loads port->itty once, ensures that it is > >>> not NULL, but then reloads it again and uses. The second load > >>> can already return NULL, which will cause a crash. > >>> > >>> Use READ_ONCE to read port->itty. > >>> > >>> The data race was found with KernelThreadSanitizer (KTSAN). > >>> > >>> Signed-off-by: Dmitry Vyukov <dvyukov@google.com> > >> > >> You sent 3 patches here, but no hint as to what order they need to be > >> applied in. Please resend them as a patch series (i.e. 1/3, 2/3, 3/3) > >> so they can be applied correctly. > > > > Greg, > > > > I don't think these 3 patches are dependent on each other; I think they > > can be applied in any order. > > > Yes, these patches are independent and can be applied in any order, > and any subset of them can be applied. > I can send them as patch series if necessary, though. Please do, that makes it easier for me. thanks, greg k-h ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] tty: fix data race in flush_to_ldisc 2015-09-17 13:18 ` Peter Hurley 2015-09-17 13:21 ` Dmitry Vyukov @ 2015-09-17 13:54 ` Greg KH 1 sibling, 0 replies; 6+ messages in thread From: Greg KH @ 2015-09-17 13:54 UTC (permalink / raw) To: Peter Hurley Cc: Dmitry Vyukov, Jiri Slaby, Linux kernel mailing list, Jiri Slaby, Andrey Konovalov, Kostya Serebryany, Alexander Potapenko, Paul McKenney, Hans Boehm On Thu, Sep 17, 2015 at 09:18:11AM -0400, Peter Hurley wrote: > On Thu, Sep 17, 2015 at 8:53 AM, Greg KH <gregkh@linuxfoundation.org> wrote: > > On Thu, Sep 17, 2015 at 12:39:36PM +0200, Dmitry Vyukov wrote: > >> flush_to_ldisc reads port->itty and checks that it is not NULL, > >> concurrently release_tty sets port->itty to NULL. It is possible > >> that flush_to_ldisc loads port->itty once, ensures that it is > >> not NULL, but then reloads it again and uses. The second load > >> can already return NULL, which will cause a crash. > >> > >> Use READ_ONCE to read port->itty. > >> > >> The data race was found with KernelThreadSanitizer (KTSAN). > >> > >> Signed-off-by: Dmitry Vyukov <dvyukov@google.com> > > > > You sent 3 patches here, but no hint as to what order they need to be > > applied in. Please resend them as a patch series (i.e. 1/3, 2/3, 3/3) > > so they can be applied correctly. > > Greg, > > I don't think these 3 patches are dependent on each other; I think they > can be applied in any order. How do I know that? :) ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-09-17 13:55 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-09-17 10:39 [PATCH v2] tty: fix data race in flush_to_ldisc Dmitry Vyukov 2015-09-17 12:53 ` Greg KH 2015-09-17 13:18 ` Peter Hurley 2015-09-17 13:21 ` Dmitry Vyukov 2015-09-17 13:55 ` Greg KH 2015-09-17 13:54 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).