From: Greg KH <gregkh@linuxfoundation.org>
To: Jeongjun Park <aha310510@gmail.com>
Cc: jirislaby@kernel.org, linux-kernel@vger.kernel.org,
linux-serial@vger.kernel.org
Subject: Re: [PATCH] n_tty: fix data race in n_tty_poll()
Date: Wed, 21 May 2025 13:27:06 +0200 [thread overview]
Message-ID: <2025052123-landmark-capitol-effb@gregkh> (raw)
In-Reply-To: <20250510163828.21963-1-aha310510@gmail.com>
On Sun, May 11, 2025 at 01:38:27AM +0900, Jeongjun Park wrote:
> I found data-race in my fuzzer:
>
> ==================================================================
> BUG: KCSAN: data-race in n_tty_poll / tty_set_termios
>
> read to 0xffff8880116b4d14 of 4 bytes by task 5443 on cpu 0:
> n_tty_poll+0xa4/0x4c0 drivers/tty/n_tty.c:2452
> tty_poll+0x8f/0x100 drivers/tty/tty_io.c:2208
> vfs_poll include/linux/poll.h:82 [inline]
> select_poll_one fs/select.c:480 [inline]
> do_select+0x95f/0x1030 fs/select.c:536
> core_sys_select+0x284/0x6d0 fs/select.c:677
> ....
>
> write to 0xffff8880116b4d08 of 44 bytes by task 14547 on cpu 1:
> tty_set_termios+0xf9/0x500 drivers/tty/tty_ioctl.c:339
> set_termios.part.0+0x3bc/0x4d0 drivers/tty/tty_ioctl.c:520
> set_termios drivers/tty/tty_ioctl.c:454 [inline]
> tty_mode_ioctl+0x2db/0xa00 drivers/tty/tty_ioctl.c:807
> n_tty_ioctl_helper+0x4e/0x230 drivers/tty/tty_ioctl.c:986
> n_tty_ioctl+0x67/0x230 drivers/tty/n_tty.c:2509
> ....
> ==================================================================
>
> In n_tty_poll() we are doing a read on tty->termios but we are missing
> rwsem lock, which causes a concurrency problem. To fix this, we need to
> add rwsem lock at the appropriate location.
Does this "concurrency problem" actually cause a real issue?
As the tools point out, your change will not work as you will have a
locking deadlock, which makes me wonder how you tested it?
thanks,
greg k-h
prev parent reply other threads:[~2025-05-21 11:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-10 16:38 [PATCH] n_tty: fix data race in n_tty_poll() Jeongjun Park
2025-05-12 6:21 ` kernel test robot
2025-05-21 11:27 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025052123-landmark-capitol-effb@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=aha310510@gmail.com \
--cc=jirislaby@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-serial@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox