From: Greg KH <gregkh@linuxfoundation.org>
To: Li RongQing <lirongqing@baidu.com>
Cc: jslaby@suse.com, linux-kernel@vger.kernel.org, gkohli@codeaurora.org
Subject: Re: [PATCH][v4] tty: fix race between flush_to_ldisc and tty_open
Date: Wed, 30 Jan 2019 11:19:14 +0100 [thread overview]
Message-ID: <20190130101914.GA30587@kroah.com> (raw)
In-Reply-To: <1547803637-29135-1-git-send-email-lirongqing@baidu.com>
On Fri, Jan 18, 2019 at 05:27:17PM +0800, Li RongQing wrote:
> There still is a race window after the commit b027e2298bd588
> ("tty: fix data race between tty_init_dev and flush of buf"),
> and we encountered this crash issue if receive_buf call comes
> before tty initialization completes in n_tty_open and
> tty->driver_data may be NULL.
>
> CPU0 CPU1
> ---- ----
> n_tty_open
> tty_init_dev
> tty_ldisc_unlock
> schedule
> flush_to_ldisc
> receive_buf
> tty_port_default_receive_buf
> tty_ldisc_receive_buf
> n_tty_receive_buf_common
> __receive_buf
> uart_flush_chars
> uart_start
> /*tty->driver_data is NULL*/
> tty->ops->open
> /*init tty->driver_data*/
>
> it can be fixed by extending ldisc semaphore lock in tty_init_dev
> to driver_data initialized completely after tty->ops->open(), but
> this will lead to put lock on one function and unlock in some other
> function, and hard to maintain, so fix this race only by checking
> tty->driver_data when receiving, and return if tty->driver_data
> is NULL
>
> Signed-off-by: Wang Li <wangli39@baidu.com>
> Signed-off-by: Zhang Yu <zhangyu31@baidu.com>
> Signed-off-by: Li RongQing <lirongqing@baidu.com>
> ---
> V4: add version information
> V3: not used ldisc semaphore lock, only checking tty->driver_data with NULL
> V2: fix building error by EXPORT_SYMBOL tty_ldisc_unlock
> V1: extend ldisc lock to protect that tty->driver_data is inited
>
> drivers/tty/tty_port.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c
> index 044c3cbdcfa4..86d0bec38322 100644
> --- a/drivers/tty/tty_port.c
> +++ b/drivers/tty/tty_port.c
> @@ -31,6 +31,9 @@ static int tty_port_default_receive_buf(struct tty_port *port,
> if (!tty)
> return 0;
>
> + if (!tty->driver_data)
> + return 0;
> +
How is this working? What is setting driver_data to NULL to "stop" this
race?
There's no requirement that a tty driver set this field to NULL when it
is "done" with the tty device, so I think you are just getting lucky in
that your specific driver happens to be doing this.
What driver are you testing this against?
thanks,
greg k-h
next prev parent reply other threads:[~2019-01-30 10:19 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-18 9:27 [PATCH][v4] tty: fix race between flush_to_ldisc and tty_open Li RongQing
2019-01-18 12:50 ` Kohli, Gaurav
2019-01-30 9:29 ` 答复: " Li,Rongqing
2019-01-30 9:29 ` Li,Rongqing
2019-01-30 10:19 ` Greg KH [this message]
2019-01-30 12:48 ` Li,Rongqing
2019-01-30 13:16 ` Greg KH
2019-01-31 2:15 ` 答复: " Li,Rongqing
2019-01-31 6:52 ` Greg KH
2019-01-31 7:40 ` 答复: " Li,Rongqing
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190130101914.GA30587@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=gkohli@codeaurora.org \
--cc=jslaby@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lirongqing@baidu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.