From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752835AbdDJAdN convert rfc822-to-8bit (ORCPT ); Sun, 9 Apr 2017 20:33:13 -0400 Received: from ozlabs.org ([103.22.144.67]:39411 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752696AbdDJAdF (ORCPT ); Sun, 9 Apr 2017 20:33:05 -0400 Message-ID: <1491784383.21238.1.camel@neuling.org> Subject: Re: [PATCH] tty:tty_ldisc: add tty_ldisc_lock|unlock to prevent concurrent update to ldisc in tty_ldisc_deinit From: Michael Neuling To: Wang YanQing , gregkh@linuxfoundation.org Cc: jslaby@suse.com, linux-kernel@vger.kernel.org, viro@ZenIV.linux.org.uk, johan@kernel.org, peter@hurleysoftware.com, alex.popov@linux.com, robh@kernel.org, mpatocka@redhat.com, dvyukov@google.com, benh@kernel.crashing.org Date: Mon, 10 Apr 2017 10:33:03 +1000 In-Reply-To: <20170409165903.GA9643@udknight> References: <20170409165903.GA9643@udknight> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT X-Mailer: Evolution 3.22.3-0ubuntu0.1 Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Wang, Applying this, with the other one on top and it doesn't fix the problem (applied on next-20170405). I tried each patch by itself, with the same bad result. Thanks for the help but the backtrace is the same: Unable to handle kernel paging request for data at address 0x00002260 Faulting instruction address: 0xc000000000568800 Oops: Kernel access of bad area, sig: 11 [#1] SMP NR_CPUS=32  NUMA  PowerNV Modules linked in: CPU: 6 PID: 177 Comm: kworker/u56:1 Not tainted 4.11.0-rc5-next-20170405-00002-g34d2ff03e6 #9 Workqueue: events_unbound flush_to_ldisc task: c0000077c498a280 task.stack: c0000077c49f8000 NIP: c000000000568800 LR: c0000000005687e8 CTR: c000000000569310 REGS: c0000077c49fb890 TRAP: 0300   Not tainted  (4.11.0-rc5-next-20170405-00002-g34d2ff03e6) MSR: 900000000280b033   CR: 24042428  XER: 00000000 CFAR: c000000000956adc DAR: 0000000000002260 DSISR: 40000000 SOFTE: 1  GPR00: c0000000005687e8 c0000077c49fbb10 c000000000f3cb00 c0000077c32710d8  GPR04: c0000077bf556c20 c0000077bf556d20 0000000000000100 0000000000000001  GPR08: c0000077c32710d8 c0000077c3271220 c0000077c3271248 c000007995c28508  GPR12: 0000000084002428 c00000000fff7e00 c0000000000f2e08 c0000077c48c4040  GPR16: 0000000000000000 0000000000000000 c0000079940102a8 c000007994010078  GPR20: c000007994010020 0000000000000000 0000000000000000 0000000100000000  GPR24: 0000000000000000 0000000000000000 c0000077bf556c20 c0000077bf556d20  GPR28: 0000000000000100 0000000000000100 c0000077bf556d20 c0000077c3271000  NIP [c000000000568800] n_tty_receive_buf_common+0xb0/0xbc0 LR [c0000000005687e8] n_tty_receive_buf_common+0x98/0xbc0 Call Trace: [c0000077c49fbb10] [c0000000005687e8] n_tty_receive_buf_common+0x98/0xbc0 (unreliable) [c0000077c49fbbe0] [c00000000056d02c] tty_ldisc_receive_buf+0x3c/0xd0 [c0000077c49fbc10] [c00000000056dedc] tty_port_default_receive_buf+0x5c/0xe0 [c0000077c49fbc50] [c00000000056d340] flush_to_ldisc+0x110/0x130 [c0000077c49fbca0] [c0000000000ea88c] process_one_work+0x1dc/0x550 [c0000077c49fbd30] [c0000000000eac88] worker_thread+0x88/0x5c0 [c0000077c49fbdc0] [c0000000000f2f60] kthread+0x160/0x1a0 [c0000077c49fbe30] [c00000000000bc60] ret_from_kernel_thread+0x5c/0x7c Instruction dump: fba1ffe8 fbc1fff0 f821ff31 f9010030 eb3f0280 483ee2a5 60000000 393f0220  395f0248 f9210020 f9410028 60420000 7c2004ac 80ff0130 e8d90000  ---[ end trace b30eea9f71cf8d4a ]--- Thanks for the help Mikey On Mon, 2017-04-10 at 00:59 +0800, Wang YanQing wrote: > This patch could fix the issue that free_tty_struct in tty_io > calling tty_ldisc_deinit without holding tty->ldisc_sem. > > Signed-off-by: Wang YanQing > --- >  drivers/tty/tty_ldisc.c | 2 ++ >  1 file changed, 2 insertions(+) > > diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c > index b1f7fa5..674421b 100644 > --- a/drivers/tty/tty_ldisc.c > +++ b/drivers/tty/tty_ldisc.c > @@ -771,7 +771,9 @@ void tty_ldisc_init(struct tty_struct *tty) >   */ >  void tty_ldisc_deinit(struct tty_struct *tty) >  { > + tty_ldisc_lock(tty, MAX_SCHEDULE_TIMEOUT); >   if (tty->ldisc) >   tty_ldisc_put(tty->ldisc); >   tty->ldisc = NULL; > + tty_ldisc_unlock(tty); >  }