From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2030C433ED for ; Mon, 12 Apr 2021 12:05:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8BE336134F for ; Mon, 12 Apr 2021 12:05:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240829AbhDLMFS (ORCPT ); Mon, 12 Apr 2021 08:05:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:43610 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240815AbhDLMFQ (ORCPT ); Mon, 12 Apr 2021 08:05:16 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D5C5561278; Mon, 12 Apr 2021 12:04:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618229098; bh=xdrYUH4/jDF35cvZx/pzEQSYElhm/upOwIxaqWCv2pY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Td6fSxOD8m8yQFA5BaZK/zIeZlOVgo3bJtV3gcLx1GEdMel67+RM9dBrPYoOJXyzg jbWAAVLNXpt8SNaBPdUMWTvokXP/cpvnUJuOi5dNhMSoR9nvtPIYYRgsaqeuQbDmcD xE1j2OjiAuyOzgNJATV00TwUOIll5aFoXAyCUnnA= Date: Mon, 12 Apr 2021 14:04:55 +0200 From: Greg Kroah-Hartman To: Tetsuo Handa Cc: Samo Pogacnik , Petr Mladek , Jiri Slaby , Sergey Senozhatsky , Steven Rostedt , John Ogness , linux-kernel@vger.kernel.org, syzkaller-bugs Subject: Re: How to handle concurrent access to /dev/ttyprintk ? Message-ID: References: <20210403041444.4081-1-penguin-kernel@I-love.SAKURA.ne.jp> <3c15d32f-c568-7f6f-fa7e-af4deb9b49f9@i-love.sakura.ne.jp> <051b550c-1cdd-6503-d2b7-0877bf0578fc@i-love.sakura.ne.jp> <32e75be6-6e9f-b33f-d585-13db220519da@i-love.sakura.ne.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <32e75be6-6e9f-b33f-d585-13db220519da@i-love.sakura.ne.jp> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 12, 2021 at 08:25:27PM +0900, Tetsuo Handa wrote: > On 2021/04/12 19:44, Greg Kroah-Hartman wrote: > > And trying to "open exclusive only" just does not work, the kernel can > > not enforce that at all, sorry. Any driver that you see trying to do > > that is trivial to work around in userspace, making the kernel code > > pointless. > > You mean something like below cannot be used? > > diff --git a/drivers/char/ttyprintk.c b/drivers/char/ttyprintk.c > index 6a0059e508e3..57200569918a 100644 > --- a/drivers/char/ttyprintk.c > +++ b/drivers/char/ttyprintk.c > @@ -84,14 +84,26 @@ static int tpk_printk(const unsigned char *buf, int count) > return count; > } > > +static DEFINE_MUTEX(open_close_lock); Hah, nope, does not work at all! Think about sending an open file descriptor all around the system, or through a pipe, your "open only once" check does not prevent that at all. > > Like any tty port, if you have multiple accesses, all bets are off and > > hilarity ensues. Just don't do that and expect things to be working > > well. > > Since syzkaller is a fuzzer, syzkaller happily opens /dev/ttyprintk from > multiple threads. Should we update syzkaller to use CONFIG_TTY_PRINTK=n ? Why? Can you not hit the same tty code paths from any other tty driver being open multiple times? Why is ttyprintk somehow "special" here? thanks, greg k-h