From: Linus Torvalds <torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
To: Paul Fulghum <paulkf-CZzk0lvu1V9l57MIdRCFDg@public.gmane.org>
Cc: Boyan <btanastasov-/E1597aS9LT10XsdtD+oqA@public.gmane.org>,
"Rafael J. Wysocki" <rjw-KKrjLPT3xs0@public.gmane.org>,
Linux Kernel Mailing List
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Kernel Testers List
<kernel-testers-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Dmitry Torokhov
<dmitry.torokhov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Ed Tomlinson <edt-Yad3+ZauZac@public.gmane.org>,
"OGAWA Hirofumi \""
<hirofumi-UIVanBePwB70ZhReMnHkpc8NsWr+9BEh@public.gmane.org>
Subject: Re: [Bug #14388] keyboard under X with 2.6.31
Date: Tue, 13 Oct 2009 18:03:40 -0700 (PDT) [thread overview]
Message-ID: <alpine.LFD.2.01.0910131744590.3404@localhost.localdomain> (raw)
In-Reply-To: <4AD51D6B.7010509-CZzk0lvu1V9l57MIdRCFDg@public.gmane.org>
On Tue, 13 Oct 2009, Paul Fulghum wrote:
>
> This is correct, the last buffer is not passed to tty_buffer_free()
> if it is the last in the list so tail is maintained.
> There is no free space in it so no new data can be added.
> There is no place where tail is null while the spinlock
> is released in preparation for calling receive_buf.
> I still can't spot any flaw in the current locking.
Do you even bother reading my emails?
Let me walk through an example of where the locking F*CKS UP, exactly
because it's broken.
thread1 thread2 thread3
flush_to_ldisc
set_bit(TTY_FLUSHING)
buf.head = NULL
...
..release lock..
.. sleep in ->receive_buf ..
flush_to_ldisc
set_bit(TTY_FLUSHING)
.. head==NULL ..
clear_bit(TTY_FLUSHING)
.. release lock ..
tty_ldisc_flush()
-> tty_buffer_flush()
TTY_FLUSHING not set!
-> __tty_buffer_flush()
-> tty->buf.tail = NULL
and now you're screwed. See? You have both 'buf.tail' and 'buf.head' both
being NULL, and look what happens in that case 'tty_buffer_request_room()'
if some new data comes in? Right: it will add the buffer to both tail and
head.
And notice how 'thread1' is still inside flush_to_ldisc()! The buffer that
got added will be overwritten by the old one, and now tail and head no
longer match. Or another flush_to_ldisc() comes in, and now it won't be a
no-op any more, and it will find the new data, and run ->receive_buf
concurrently with the old receive_buf from thread1.
And the whole reason was that there were some very odd locking rules:
buf.head=NULL meant "don't flush", and "TTY_FLUSHING is set" meant "don't
clear 'buf.head'", and but the "don't flush" case still cleared
TTY_FLUSHING (after not flushing), and it all messed up.
I could just have fixed it (move the "clear_bit(TTY_FLUSHING)" but up, but
the fact is, once you fix that, it then becomes obvious that
"buf.head=NULL" really is the wrong thing to test in the first place, and
we should just use TTY_FLUSHING instead, and simply _remove_ the odd
"buf.head=NULL is special" case. Which is what my patch did
> Your statement that the locking is too clever/subtle is
> clearly true since I am struggling to work this out again.
I have to say that the only case I could make up that is _clearly_ a bug
is the above very contrieved example. I don't really think something like
the above happens in reality. But it's an example of bad locking, and what
happens when the locking logic isn't obvious.
There may be other cases where the locking fails, and I just didn't find
them.
Or the patch may simply not fix anything in practice, and nobody has ever
actually triggered the bad locking in real life. I dunno. I just do know
that the locking was too damn subtle.
Any time people do ad-hoc locking with "clever" schemes, it's almost
invariably buggy. So the rule is: just don't do that. Make the locking
rules "obvious". Don't have subtle rules about "if head is NULL, then
we're not going to add any new buffers to it, except if tail is also
NULL". Because look above what happens, and see how complicated it was to
even see the bug.
Linus
next prev parent reply other threads:[~2009-10-14 1:03 UTC|newest]
Thread overview: 165+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-11 22:41 2.6.32-rc4: Reported regressions 2.6.30 -> 2.6.31 Rafael J. Wysocki
2009-10-11 22:41 ` [Bug #13645] NULL pointer dereference at (null) (level2_spare_pgt) Rafael J. Wysocki
2009-10-11 22:49 ` [Bug #13733] 2.6.31-rc2: irq 16: nobody cared Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #13906] Huawei E169 GPRS connection causes Ooops Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #13941] x86 Geode issue Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #13940] 2.6.31-rc1 - iwlagn and sky2 stopped working when ACPI enabled - Toshiba U400-17b, Acer Aspire 8935G Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #13809] oprofile: possible circular locking dependency detected Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #13836] suspend script fails, related to stdout? Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #13948] ath5k broken after suspend-to-ram Rafael J. Wysocki
2009-10-12 0:19 ` Bob Copeland
[not found] ` <b6c5339f0910111719m58cd5442h3e081adfb388e8f1-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-10-12 21:24 ` Rafael J. Wysocki
[not found] ` <200910122324.30052.rjw-KKrjLPT3xs0@public.gmane.org>
2009-10-15 21:38 ` Johannes Stezenbach
2009-10-11 23:01 ` [Bug #13987] Received NMI interrupt at resume Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #13943] WARNING: at net/mac80211/mlme.c:2292 with ath5k Rafael J. Wysocki
2009-10-12 7:24 ` Fabio Comolli
[not found] ` <b637ec0b0910120024h463c78e5l67f646f262e0c13c-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-10-12 21:23 ` Rafael J. Wysocki
[not found] ` <200910122323.29475.rjw-KKrjLPT3xs0@public.gmane.org>
2009-10-13 8:46 ` Fabio Comolli
2009-10-11 23:01 ` [Bug #14058] Oops in fsnotify Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14017] _end symbol missing from Symbol.map Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14013] hd don't show up Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14070] lockdep warning triggered by dup_fd Rafael J. Wysocki
2009-10-12 17:10 ` Bart Van Assche
[not found] ` <e2e108260910121010l7855ad67g903cceac1a3ba024-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-10-12 21:26 ` Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14114] Tuning a saa7134 based card is broken in kernel 2.6.31-rc7 Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14141] order 2 page allocation failures in iwlagn Rafael J. Wysocki
2009-10-11 23:57 ` Frans Pop
[not found] ` <200910120157.04616.elendil-EIBgga6/0yRmR6Xm/wNWPw@public.gmane.org>
2009-10-12 21:29 ` Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14129] 2.6.31 regression - pci_get_slot oops, udev boot hang - toshiba X200 Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14090] WARNING: at fs/notify/inotify/inotify_user.c:394 Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14137] usb console regressions Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14157] end_request: I/O error, dev cciss/cXdX, sector 0 Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14181] b43 causes panic at ifconfig down / shutdown Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14143] OOPS when setting nr_requests for md devices Rafael J. Wysocki
2009-10-12 14:21 ` Chuck Ebbert
2009-10-12 21:30 ` Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14248] 2.6.31 wireless: WARNING: at net/wireless/ibss.c:34 Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14185] Oops in driversbasefirmware_class Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14249] BUG: oops in gss_validate on 2.6.31 Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14204] MCE prevent booting on my computer(pentium iii @500Mhz) Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14252] WARNING: at include/linux/skbuff.h:1382 w/ e1000 Rafael J. Wysocki
2009-10-12 10:49 ` David Miller
2009-10-12 11:44 ` Stephan von Krawczynski
2009-10-11 23:01 ` [Bug #14258] Memory leak in SCSI initialization Rafael J. Wysocki
2009-10-15 2:30 ` Tetsuo Handa
2009-10-11 23:01 ` [Bug #14256] kernel BUG at fs/ext3/super.c:435 Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14253] Oops in driversbasefirmware_class Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14257] Not able to boot on 32 bit System Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14264] ehci problem - mouse dead on scroll Rafael J. Wysocki
2009-10-13 15:35 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.0910131132150.3169-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2009-10-13 15:55 ` Volker Armin Hemmann
2009-10-13 20:39 ` Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14261] e1000e jumbo frames no longer work: 'Unsupported MTU setting' Rafael J. Wysocki
2009-10-12 3:12 ` David Miller
2009-10-12 21:32 ` Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14265] ifconfig: page allocation failure. order:5, mode:0x8020 w/ e100 Rafael J. Wysocki
2009-10-12 11:05 ` David Miller
2009-10-13 12:29 ` Karol Lewandowski
2009-10-11 23:01 ` [Bug #14294] kernel BUG at drivers/ide/ide-disk.c:187 Rafael J. Wysocki
2009-10-12 10:51 ` David Miller
2009-10-12 12:09 ` Santiago Garcia Mantinan
2009-10-12 21:38 ` Rafael J. Wysocki
[not found] ` <20091012120943.GA2625-yOhWZQfoIehIf6P1QZMOBw@public.gmane.org>
2009-10-12 23:21 ` David Miller
2009-10-11 23:01 ` [Bug #14275] kernel>=2.6.31: ahci.c: do not force unconditionally sb600 to 32bit dma any more? Rafael J. Wysocki
2009-10-12 14:39 ` Chuck Ebbert
2009-10-11 23:01 ` [Bug #14267] Disassociating atheros wlan Rafael J. Wysocki
2009-10-11 23:11 ` Justin P. Mattock
2009-10-12 21:35 ` Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14266] regression in page writeback Rafael J. Wysocki
2009-10-12 1:02 ` Shaohua Li
2009-10-12 21:34 ` Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14309] MCA on hp rx8640 Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14301] WARNING: at net/ipv4/af_inet.c:154 Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14329] Sata disk doesn't wake up after S3 suspend Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14385] DMAR regression in 2.6.31 leads to ext4 corruption? Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14377] "conservative" cpufreq governor broken Rafael J. Wysocki
2009-10-12 1:47 ` Steven Noonan
2009-10-12 21:39 ` Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14391] use after free of struct powernow_k8_data Rafael J. Wysocki
2009-10-11 23:01 ` [Bug #14388] keyboard under X with 2.6.31 Rafael J. Wysocki
2009-10-12 18:53 ` Justin P. Mattock
[not found] ` <C4F8B19E-F4B4-47F3-AE5B-4581C8E3F3AE-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2009-10-12 21:41 ` Rafael J. Wysocki
2009-10-12 22:59 ` Nix
2009-10-12 23:38 ` Alan Cox
[not found] ` <20091013003841.6c2988d0-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2009-10-12 23:46 ` Dmitry Torokhov
2009-10-13 0:14 ` Justin P. Mattock
[not found] ` <20091012234641.GF8345-WlK9ik9hQGAhIp7JRqBPierSzoNAToWh@public.gmane.org>
2009-10-13 11:00 ` Alan Cox
2009-10-13 14:51 ` Jiri Kosina
2009-10-13 15:56 ` Andi Kleen
2009-10-13 2:00 ` Daniel Hazelton
2009-10-13 0:16 ` Linus Torvalds
[not found] ` <alpine.LFD.2.01.0910121703390.3438-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-13 2:54 ` Frédéric L. W. Meunier
[not found] ` <alpine.LNX.2.01.0910122343340.19647-ke6cT1wkE2HCJRktWpwIMyxXY32XiHfO@public.gmane.org>
2009-10-13 19:32 ` Nix
2009-10-13 3:24 ` Linus Torvalds
2009-10-13 3:43 ` Justin P. Mattock
[not found] ` <4AD3F769.5080405-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2009-10-13 7:13 ` Frédéric L. W. Meunier
2009-10-13 8:19 ` Boyan
2009-10-13 9:17 ` Dmitry Torokhov
[not found] ` <4AD437F9.9020708-/E1597aS9LT10XsdtD+oqA@public.gmane.org>
2009-10-13 14:33 ` Frédéric L. W. Meunier
2009-10-13 15:05 ` Linus Torvalds
2009-10-13 20:08 ` Boyan
[not found] ` <4AD4DE4C.4010402-/E1597aS9LT10XsdtD+oqA@public.gmane.org>
2009-10-13 20:53 ` Linus Torvalds
2009-10-13 21:13 ` Linus Torvalds
[not found] ` <alpine.LFD.2.01.0910131413240.3596-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-14 0:55 ` Frédéric L. W. Meunier
2009-10-14 1:12 ` Linus Torvalds
[not found] ` <alpine.LFD.2.01.0910131806310.6146-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-14 1:20 ` david-gFPdbfVZQbY
2009-10-14 7:45 ` Boyan
[not found] ` <alpine.LFD.2.01.0910131317360.26777-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-13 21:02 ` Linus Torvalds
2009-10-13 21:32 ` Alan Cox
2009-10-13 22:54 ` Linus Torvalds
[not found] ` <alpine.LFD.2.01.0910131548280.3404-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-13 23:11 ` Alan Cox
[not found] ` <20091014001131.302d3272-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2009-10-13 23:16 ` Linus Torvalds
2009-10-13 21:46 ` Paul Fulghum
[not found] ` <4AD4F548.2030506-CZzk0lvu1V9l57MIdRCFDg@public.gmane.org>
2009-10-13 22:42 ` Linus Torvalds
[not found] ` <alpine.LFD.2.01.0910131514100.3404-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-13 23:01 ` Alan Cox
2009-10-14 0:08 ` Paul Fulghum
[not found] ` <4AD51D6B.7010509@microgate.com>
[not found] ` <4AD51D6B.7010509-CZzk0lvu1V9l57MIdRCFDg@public.gmane.org>
2009-10-14 1:03 ` Linus Torvalds [this message]
[not found] ` <alpine.LFD.2.01.0910131744590.3404-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-14 1:05 ` Linus Torvalds
2009-10-14 1:34 ` Paul Fulghum
2009-10-14 11:58 ` Alan Cox
2009-10-14 15:07 ` Linus Torvalds
[not found] ` <alpine.LFD.2.01.0910140804180.6146-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-14 16:34 ` Paul Fulghum
2009-10-14 16:38 ` Linus Torvalds
2009-10-14 18:20 ` Oleg Nesterov
[not found] ` <20091014182037.GA10076-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-14 18:51 ` Linus Torvalds
2009-10-14 19:52 ` Oleg Nesterov
[not found] ` <20091014195215.GA12936-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-14 20:55 ` Linus Torvalds
2009-10-15 12:47 ` Oleg Nesterov
[not found] ` <20091015124730.GA9398-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-15 15:29 ` Oleg Nesterov
[not found] ` <20091015152959.GA18681-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-15 16:04 ` Linus Torvalds
2009-10-15 15:53 ` Linus Torvalds
2009-10-14 21:16 ` Alan Cox
2009-10-14 21:51 ` David Miller
[not found] ` <alpine.LFD.2.01.0910140925440.6146-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-14 19:59 ` Boyan
2009-10-14 21:02 ` Linus Torvalds
2009-10-14 21:39 ` Alan Cox
[not found] ` <alpine.LFD.2.01.0910141356400.6146-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-15 7:24 ` Boyan
2009-10-15 17:38 ` OGAWA Hirofumi
2009-10-15 19:00 ` Oleg Nesterov
2009-10-15 21:49 ` Linus Torvalds
2009-10-15 22:29 ` OGAWA Hirofumi
2009-10-13 10:34 ` Alan Cox
[not found] ` <20091013113434.22f4fcde-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2009-10-13 15:16 ` Justin P. Mattock
2009-10-13 10:32 ` Alan Cox
2009-10-13 13:25 ` Paul Fulghum
[not found] ` <20091013113232.384b2432-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2009-10-13 14:39 ` Linus Torvalds
[not found] ` <alpine.LFD.2.01.0910130721530.3438-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-13 15:02 ` Linus Torvalds
2009-10-13 15:08 ` Paul Fulghum
2009-10-13 15:33 ` Paul Fulghum
2009-10-13 15:41 ` Linus Torvalds
2009-10-13 15:59 ` Alan Cox
2009-10-13 16:42 ` Linus Torvalds
[not found] ` <alpine.LFD.2.01.0910130837370.26777-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-13 17:28 ` Paul Fulghum
[not found] ` <alpine.LFD.2.01.0910122004200.3438-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-10-17 16:40 ` Pavel Machek
2009-10-11 23:24 ` 2.6.32-rc4: Reported regressions 2.6.30 -> 2.6.31 Larry Finger
2009-10-12 21:43 ` Rafael J. Wysocki
2009-10-12 12:22 ` Frederik Deweerdt
2009-10-12 21:46 ` Rafael J. Wysocki
2009-10-12 19:58 ` Andrew Patterson
2009-10-12 21:48 ` Rafael J. Wysocki
-- strict thread matches above, loose matches on Subject: below --
2009-10-26 19:26 2.6.32-rc5-git3: " Rafael J. Wysocki
2009-10-26 19:31 ` [Bug #14388] keyboard under X with 2.6.31 Rafael J. Wysocki
2009-10-26 22:25 ` Boyan
[not found] ` <4AE621CB.6000700-/E1597aS9LT10XsdtD+oqA@public.gmane.org>
2009-10-26 22:45 ` Linus Torvalds
2009-10-26 23:45 ` Ed Tomlinson
[not found] ` <200910261945.58027.edt-Yad3+ZauZac@public.gmane.org>
2009-10-27 4:34 ` Justin P. Mattock
2009-10-27 8:23 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.01.0910131744590.3404@localhost.localdomain \
--to=torvalds-de/tnxtf+jlsfhdxvbkv3wd2fqjk+8+b@public.gmane.org \
--cc=btanastasov-/E1597aS9LT10XsdtD+oqA@public.gmane.org \
--cc=dmitry.torokhov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=edt-Yad3+ZauZac@public.gmane.org \
--cc=hirofumi-UIVanBePwB70ZhReMnHkpc8NsWr+9BEh@public.gmane.org \
--cc=kernel-testers-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=paulkf-CZzk0lvu1V9l57MIdRCFDg@public.gmane.org \
--cc=rjw-KKrjLPT3xs0@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).