From: Peter Hurley <peter-WaGBZJeGNqdsbIuE7sb01tBPR1lH4CV8@public.gmane.org>
To: Johan Hovold <johan-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: linux-serial-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: USB-serial console and lockdep
Date: Mon, 05 Jan 2015 10:26:20 -0500 [thread overview]
Message-ID: <54AAAD1C.8090106@hurleysoftware.com> (raw)
In-Reply-To: <20150103162642.GC12203@localhost>
On 01/03/2015 11:26 AM, Johan Hovold wrote:
> On Wed, Dec 31, 2014 at 09:07:59PM -0500, Peter Hurley wrote:
>> Hi Johan,
>>
>> On 11/18/2014 11:18 AM, Johan Hovold wrote:
>>> I get this missing-lockdep-annotation warning which I haven't seen
>>> before when booting with a usb-serial console on 3.18-rc5. It's been a
>>> while since I last tested this, though, and the tty_ldisc_ref wasn't
>>> introduced until 833efc0ed19c ("USB: serial: invoke dcd_change ldisc's
>>> handler.").
>>
>> Sorry it took me so long to finally look at this -- at least I'm looking
>> at it in the same year ;) (in my tzone anyway)
>
> No worries. Wasn't a top prio of mine either. :)
>
> Thanks for taking a look.
>
>> Is this easily reproducible?
>
> Yes, happens on every boot with the pl2303 driver.
>
>> Because for lockdep to be trying to register the ldsem lock class
>> from the tty_ldisc_ref() means that no tty has yet been opened [see 1].
>> So how did the call to tty_port_tty_get() in pl2303_update_line_status()
>> return a tty?
>
> Because the USB console driver is using a only partially initialised,
> "fake" tty struct to pass terminal settings to the underlying driver.
> So no wonder things can blow up.
Ahh, I did not know that.
> This particular issue can be fixed by making sure to initialise the
> ldisc semaphore, but there are likely more potential problems here,
> including use-after-free as the fake tty wasn't released using the
> kref. I'll post two fixes as a follow up.
>
> A more long term solution might be to rewrite all usb-serial drivers to
> handle a NULL termios and pass a ktermios to set_termios similar to how
> serial-core does this.
I agree that this definitely needs a more robust solution.
FWIW, I don't think serial-core is a particularly good model.
Regards,
Peter Hurley
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2015-01-05 15:26 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-18 16:18 USB-serial console and lockdep Johan Hovold
2015-01-01 2:07 ` Peter Hurley
[not found] ` <54A4ABFF.5000304-WaGBZJeGNqdsbIuE7sb01tBPR1lH4CV8@public.gmane.org>
2015-01-03 16:26 ` Johan Hovold
2015-01-03 16:28 ` [PATCH 1/2] USB: console: fix uninitialised ldisc semaphore Johan Hovold
2015-01-03 16:28 ` [PATCH 2/2] USB: console: fix potential use after free Johan Hovold
2015-01-05 15:04 ` [PATCH v2 1/2] USB: console: fix uninitialised ldisc semaphore Johan Hovold
2015-01-05 15:04 ` [PATCH v2 2/2] USB: console: fix potential use after free Johan Hovold
2015-01-05 15:26 ` Peter Hurley [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54AAAD1C.8090106@hurleysoftware.com \
--to=peter-wagbzjegnqdsbiue7sb01tbpr1lh4cv8@public.gmane.org \
--cc=johan-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=linux-serial-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).