From: Linus Torvalds <torvalds@linux-foundation.org>
To: Greg KH <greg@kroah.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@mail.by>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: proper tty-ldisc refcounting (was Re: WARNING at: drivers/char/tty_ldisc.c)
Date: Tue, 4 Aug 2009 08:40:20 -0700 (PDT) [thread overview]
Message-ID: <alpine.LFD.2.01.0908040825210.3270@localhost.localdomain> (raw)
In-Reply-To: <20090804072351.GA17474@kroah.com>
On Tue, 4 Aug 2009, Greg KH wrote:
>
> Ok, but due to the lateness of the release cycle, is it worth it to add
> those 3 right now? Or do we just take the BUG_ON() out as it's pretty
> harmless while shutting down in single user mode?
>
> What do you think?
If the WARN_ON() happens, it's not just that we have a refcount being off,
we'll also have memory corruption and a potential oops a bit later.
Why? Simply because somebody will be touching that 'struct ldisc', even if
it will be just a decrement of the word that contained the refcount. So we
have a pretty much guaranteed use-after-free scenario.
So taking out the WARN_ON() is the wrong thing. In that case it would
probably be better to just leave the WARN_ON(), and at least know "ok, bad
things happened".
So I think we have a few options:
- leave things as-is, leave the WARN_ON(), and know that it's very rare,
but that bad things can happen when it triggers.
The thing I really dislike about this one is that yes, it's rare, but
I could see it be user-triggerable. Users do have access to
/dev/console when they are logged in at the console.
- Change the old code from
WARN_ON(ld->refcount);
kfree(ld);
to
if (!WARN_ON_ONCE(ld->refcount))
kfree(ld);
which at least doesn't free the ldisc if it is in use. So now you have
a memory leak, but at least hopefully no actual corruption and
use-after-free. It's still a bug, but it won't be causing other bugs
down the line (except for running out of memory if you can trigger it
really easily, but that's unlikely, and I think preferable to unknown
problems - even if the unknown problems are very unlikely)
- Take the three patches now.
I suspect we should take the three now. All of the issues are due to
totally rewritten code since 2.6.30 - I suspect the risk from new bugs
from that refcounting series is _smaller_ that the risk of bugs from the
original ldisc rewrite (commit c65c9bc3e), and if there are bugs, I
suspect the three patches are more likely to help than to hurt.
Linus
next prev parent reply other threads:[~2009-08-04 15:41 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-02 12:01 WARNING at: drivers/char/tty_ldisc.c Sergey Senozhatsky
2009-08-02 16:05 ` Greg KH
2009-08-02 17:01 ` Sergey Senozhatsky
2009-08-02 17:07 ` Sergey Senozhatsky
2009-08-02 17:16 ` Linus Torvalds
2009-08-02 19:05 ` Sergey Senozhatsky
2009-08-02 20:20 ` Linus Torvalds
2009-08-02 21:17 ` OGAWA Hirofumi
2009-08-02 21:33 ` Linus Torvalds
2009-08-02 22:46 ` Sergey Senozhatsky
2009-08-02 22:48 ` Alan Cox
2009-08-03 0:40 ` Linus Torvalds
2009-08-03 1:44 ` Linus Torvalds
2009-08-03 9:37 ` Alan Cox
2009-08-03 16:26 ` OGAWA Hirofumi
2009-08-03 16:59 ` Alan Cox
2009-08-03 17:55 ` [PATCH 0/2] proper tty-ldisc refcounting (was Re: WARNING at: drivers/char/tty_ldisc.c) Linus Torvalds
2009-08-03 17:58 ` [PATCH 1/2] tty-ldisc: make refcount be atomic_t 'users' count Linus Torvalds
2009-08-03 18:11 ` [PATCH 2/2] tty-ldisc: turn ldisc user count into a proper refcount Linus Torvalds
2009-08-03 18:39 ` Alan Cox
2009-08-03 20:00 ` OGAWA Hirofumi
2009-08-03 18:18 ` [PATCH 0/2] proper tty-ldisc refcounting (was Re: WARNING at: drivers/char/tty_ldisc.c) Greg KH
2009-08-03 18:53 ` Linus Torvalds
2009-08-03 22:16 ` Sergey Senozhatsky
2009-08-03 22:25 ` Linus Torvalds
2009-08-03 22:58 ` [PATCH 3/2] tty-ldisc: be more careful in 'put_ldisc' locking Linus Torvalds
2009-08-03 23:00 ` [PATCH 4/2] tty-ldisc: make /proc/tty/ldiscs use ldisc_ops instead of ldiscs Linus Torvalds
2009-08-03 23:01 ` [PATCH 5/2] tty-ldisc: get rid of tty_ldisc_try_get() helper function Linus Torvalds
2009-08-04 0:30 ` proper tty-ldisc refcounting (was Re: WARNING at: drivers/char/tty_ldisc.c) Sergey Senozhatsky
2009-08-04 0:56 ` Linus Torvalds
2009-08-04 3:53 ` Greg KH
2009-08-04 4:08 ` Greg KH
2009-08-04 6:19 ` Linus Torvalds
2009-08-04 7:23 ` Greg KH
2009-08-04 9:12 ` Sergey Senozhatsky
2009-08-04 14:53 ` Greg KH
2009-08-04 15:40 ` Linus Torvalds [this message]
2009-08-04 16:00 ` Greg KH
2009-08-02 22:15 ` WARNING at: drivers/char/tty_ldisc.c Sergey Senozhatsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.01.0908040825210.3270@localhost.localdomain \
--to=torvalds@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=greg@kroah.com \
--cc=hirofumi@mail.parknet.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=sergey.senozhatsky@mail.by \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox