From: Dmitry Safonov <dima@arista.com>
To: linux-kernel@vger.kernel.org
Cc: "Dmitry Safonov" <0x7f454c46@gmail.com>,
"Dmitry Safonov" <dima@arista.com>,
"Daniel Axtens" <dja@axtens.net>,
"Dmitry Vyukov" <dvyukov@google.com>,
"Mark Rutland" <mark.rutland@arm.com>,
"Michael Neuling" <mikey@neuling.org>,
"Mikulas Patocka" <mpatocka@redhat.com>,
"Nathan March" <nathan@gt.net>, "Pasi Kärkkäinen" <pasik@iki.fi>,
"Peter Hurley" <peter@hurleysoftware.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Rong, Chen" <rong.a.chen@intel.com>,
"Sergey Senozhatsky" <sergey.senozhatsky.work@gmail.com>,
"Tan Xiaojun" <tanxiaojun@huawei.com>,
"Tetsuo Handa" <penguin-kernel@I-love.SAKURA.ne.jp>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Jiri Slaby" <jslaby@suse.com>
Subject: [PATCHv4 6/7] tty/ldsem: Add lockdep asserts for ldisc_sem
Date: Wed, 12 Sep 2018 01:17:00 +0100 [thread overview]
Message-ID: <20180912001702.18522-7-dima@arista.com> (raw)
In-Reply-To: <20180912001702.18522-1-dima@arista.com>
Make sure under CONFIG_LOCKDEP that each change to line discipline
is done with held write semaphor.
Otherwise potential reader will have a good time dereferencing
incomplete/uninitialized ldisc.
An exception here is tty_ldisc_open(), as it's called without ldisc_sem
locked by tty_init_dev() => tty_ldisc_setup() for the tty->link.
It seem valid as tty_init_dev() will call tty_driver_install_tty()
which will find ops->install(). Install will establish tty->link in
pty_common_install(), just after allocation of slave tty with
alloc_tty_struct(). So, no one should have a reference to slave pty yet.
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Dmitry Safonov <dima@arista.com>
---
drivers/tty/tty_ldisc.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
index fc4c97cae01e..bc0171f984a1 100644
--- a/drivers/tty/tty_ldisc.c
+++ b/drivers/tty/tty_ldisc.c
@@ -471,6 +471,7 @@ static int tty_ldisc_open(struct tty_struct *tty, struct tty_ldisc *ld)
static void tty_ldisc_close(struct tty_struct *tty, struct tty_ldisc *ld)
{
+ lockdep_assert_held_exclusive(&tty->ldisc_sem);
WARN_ON(!test_bit(TTY_LDISC_OPEN, &tty->flags));
clear_bit(TTY_LDISC_OPEN, &tty->flags);
if (ld->ops->close)
@@ -492,6 +493,7 @@ static int tty_ldisc_failto(struct tty_struct *tty, int ld)
struct tty_ldisc *disc = tty_ldisc_get(tty, ld);
int r;
+ lockdep_assert_held_exclusive(&tty->ldisc_sem);
if (IS_ERR(disc))
return PTR_ERR(disc);
tty->ldisc = disc;
@@ -615,6 +617,7 @@ EXPORT_SYMBOL_GPL(tty_set_ldisc);
*/
static void tty_ldisc_kill(struct tty_struct *tty)
{
+ lockdep_assert_held_exclusive(&tty->ldisc_sem);
if (!tty->ldisc)
return;
/*
@@ -662,6 +665,7 @@ int tty_ldisc_reinit(struct tty_struct *tty, int disc)
struct tty_ldisc *ld;
int retval;
+ lockdep_assert_held_exclusive(&tty->ldisc_sem);
ld = tty_ldisc_get(tty, disc);
if (IS_ERR(ld)) {
BUG_ON(disc == N_TTY);
@@ -760,6 +764,10 @@ int tty_ldisc_setup(struct tty_struct *tty, struct tty_struct *o_tty)
return retval;
if (o_tty) {
+ /*
+ * Called without o_tty->ldisc_sem held, as o_tty has been
+ * just allocated and no one has a reference to it.
+ */
retval = tty_ldisc_open(o_tty, o_tty->ldisc);
if (retval) {
tty_ldisc_close(tty, tty->ldisc);
@@ -825,6 +833,7 @@ int tty_ldisc_init(struct tty_struct *tty)
*/
void tty_ldisc_deinit(struct tty_struct *tty)
{
+ /* no ldisc_sem, tty is being destroyed */
if (tty->ldisc)
tty_ldisc_put(tty->ldisc);
tty->ldisc = NULL;
--
2.13.6
next prev parent reply other threads:[~2018-09-12 0:17 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-12 0:16 [PATCHv4 0/7] tty: Hold write ldisc sem in tty_reopen() Dmitry Safonov
2018-09-12 0:16 ` [PATCHv4 1/7] tty: Drop tty->count on tty_reopen() failure Dmitry Safonov
2018-09-12 0:16 ` [PATCHv4 2/7] tty: Hold tty_ldisc_lock() during tty_reopen() Dmitry Safonov
2018-09-14 9:01 ` [LKP] [tty] f26eb68a52: INFO:task_blocked_for_more_than#seconds kernel test robot
2018-09-14 15:56 ` Dmitry Safonov
2018-09-12 0:16 ` [PATCHv4 3/7] tty/ldsem: Wake up readers after timed out down_write() Dmitry Safonov
2018-09-12 0:16 ` [PATCHv4 4/7] tty: Simplify tty->count math in tty_reopen() Dmitry Safonov
2018-09-12 0:16 ` [PATCHv4 5/7] tty/ldsem: Convert to regular lockdep annotations Dmitry Safonov
2018-09-12 0:17 ` Dmitry Safonov [this message]
2018-09-12 0:17 ` [PATCHv4 7/7] tty/ldsem: Decrement wait_readers on timeouted down_read() Dmitry Safonov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180912001702.18522-7-dima@arista.com \
--to=dima@arista.com \
--cc=0x7f454c46@gmail.com \
--cc=dja@axtens.net \
--cc=dvyukov@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mikey@neuling.org \
--cc=mpatocka@redhat.com \
--cc=nathan@gt.net \
--cc=pasik@iki.fi \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=peter@hurleysoftware.com \
--cc=peterz@infradead.org \
--cc=rong.a.chen@intel.com \
--cc=sergey.senozhatsky.work@gmail.com \
--cc=tanxiaojun@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).