From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Gaurav Kohli <gkohli@codeaurora.org>,
Alan Cox <alan@linux.intel.com>
Subject: [PATCH 4.9 72/86] tty: fix data race between tty_init_dev and flush of buf
Date: Fri, 2 Feb 2018 17:58:32 +0100 [thread overview]
Message-ID: <20180202140829.336126023@linuxfoundation.org> (raw)
In-Reply-To: <20180202140822.679101338@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gaurav Kohli <gkohli@codeaurora.org>
commit b027e2298bd588d6fa36ed2eda97447fb3eac078 upstream.
There can be a race, if receive_buf call comes before
tty initialization completes in n_tty_open and tty->disc_data
may be NULL.
CPU0 CPU1
---- ----
000|n_tty_receive_buf_common() n_tty_open()
-001|n_tty_receive_buf2() tty_ldisc_open.isra.3()
-002|tty_ldisc_receive_buf(inline) tty_ldisc_setup()
Using ldisc semaphore lock in tty_init_dev till disc_data
initializes completely.
Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org>
Reviewed-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/tty_io.c | 8 +++++++-
drivers/tty/tty_ldisc.c | 4 ++--
include/linux/tty.h | 2 ++
3 files changed, 11 insertions(+), 3 deletions(-)
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -1543,6 +1543,9 @@ struct tty_struct *tty_init_dev(struct t
"%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
__func__, tty->driver->name);
+ retval = tty_ldisc_lock(tty, 5 * HZ);
+ if (retval)
+ goto err_release_lock;
tty->port->itty = tty;
/*
@@ -1553,6 +1556,7 @@ struct tty_struct *tty_init_dev(struct t
retval = tty_ldisc_setup(tty, tty->link);
if (retval)
goto err_release_tty;
+ tty_ldisc_unlock(tty);
/* Return the tty locked so that it cannot vanish under the caller */
return tty;
@@ -1565,9 +1569,11 @@ err_module_put:
/* call the tty release_tty routine to clean out this slot */
err_release_tty:
- tty_unlock(tty);
+ tty_ldisc_unlock(tty);
tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
retval, idx);
+err_release_lock:
+ tty_unlock(tty);
release_tty(tty, idx);
return ERR_PTR(retval);
}
--- a/drivers/tty/tty_ldisc.c
+++ b/drivers/tty/tty_ldisc.c
@@ -336,7 +336,7 @@ static inline void __tty_ldisc_unlock(st
ldsem_up_write(&tty->ldisc_sem);
}
-static int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout)
+int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout)
{
int ret;
@@ -347,7 +347,7 @@ static int tty_ldisc_lock(struct tty_str
return 0;
}
-static void tty_ldisc_unlock(struct tty_struct *tty)
+void tty_ldisc_unlock(struct tty_struct *tty)
{
clear_bit(TTY_LDISC_HALTED, &tty->flags);
__tty_ldisc_unlock(tty);
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -394,6 +394,8 @@ extern struct tty_struct *get_current_tt
/* tty_io.c */
extern int __init tty_init(void);
extern const char *tty_name(const struct tty_struct *tty);
+extern int tty_ldisc_lock(struct tty_struct *tty, unsigned long timeout);
+extern void tty_ldisc_unlock(struct tty_struct *tty);
#else
static inline void console_init(void)
{ }
next prev parent reply other threads:[~2018-02-02 16:58 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-02 16:57 [PATCH 4.9 00/86] 4.9.80-stable review Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 02/86] net/mlx5: Define interface bits for fencing UMR wqe Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 03/86] RDMA/mlx5: set UMR wqe fence according to HCA cap Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 05/86] gpio: stmpe: i2c transfer are forbiden in atomic context Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 06/86] gpio: Fix kernel stack leak to userspace Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 07/86] crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 08/86] crypto: aesni - handle zero length dst buffer Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 09/86] crypto: sha3-generic - fixes for alignment and big endian operation Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 10/86] crypto: af_alg - whitelist mask and type Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 11/86] HID: wacom: EKR: ensure devres groups at higher indexes are released Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 12/86] power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 13/86] gpio: iop: " Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 14/86] gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 15/86] mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 16/86] igb: Free IRQs when device is hotplugged Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 17/86] drm/vc4: Account for interrupts in flight Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 18/86] cpupowerutils: bench - Fix cpu online check Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 19/86] cpupower : Fix cpupower working when cpu0 is offline Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 25/86] ACPI / bus: Leave modalias empty for devices which are not present Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 27/86] cpufreq: Add Loongson machine dependencies Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 28/86] bcache: check return value of register_shrinker Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 29/86] drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 30/86] drm/amdkfd: Fix SDMA ring buffer size calculation Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 31/86] drm/amdkfd: Fix SDMA oversubsription handling Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 32/86] openvswitch: fix the incorrect flow action alloc size Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 33/86] mac80211: fix the update of path metric for RANN frame Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 34/86] btrfs: fix deadlock when writing out space cache Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 35/86] reiserfs: remove unneeded i_version bump Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 38/86] xfs: always free inline data before resetting inode fork during ifree Greg Kroah-Hartman
2018-02-02 16:57 ` [PATCH 4.9 39/86] xen-netfront: remove warning when unloading module Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 40/86] auxdisplay: img-ascii-lcd: Only build on archs that have IOMEM Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 41/86] nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 42/86] nfsd: Ensure we check stateid validity in the seqid operation checks Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 43/86] grace: replace BUG_ON by WARN_ONCE in exit_net hook Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 44/86] nfsd: check for use of the closed special stateid Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 45/86] lockd: fix "list_add double add" caused by legacy signal interface Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 46/86] hwmon: (pmbus) Use 64bit math for DIRECT format values Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 47/86] bnxt_en: Fix an error handling path in bnxt_get_module_eeprom() Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 48/86] xfs: fortify xfs_alloc_buftarg error handling Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 50/86] net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 51/86] quota: Check for register_shrinker() failure Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 52/86] SUNRPC: Allow connect to return EHOSTUNREACH Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 53/86] kmemleak: add scheduling point to kmemleak_scan() Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 54/86] drm/bridge: tc358767: do no fail on hi-res displays Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 55/86] drm/bridge: tc358767: filter out too high modes Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 56/86] drm/bridge: tc358767: fix DP0_MISC register set Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 57/86] drm/bridge: tc358767: fix timing calculations Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 58/86] drm/bridge: tc358767: fix AUXDATAn registers access Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 59/86] drm/bridge: tc358767: fix 1-lane behavior Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 60/86] drm/omap: Fix error handling path in omap_dmm_probe() Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 61/86] xfs: ubsan fixes Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 62/86] xfs: Properly retry failed dquot items in case of error during buffer writeback Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 63/86] scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 64/86] scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 65/86] iwlwifi: mvm: fix the TX queue hang timeout for MONITOR vif type Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 66/86] ARM: dts: NSP: Fix PPI interrupt types Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 67/86] media: usbtv: add a new usbid Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 68/86] usb: gadget: dont dereference g until after it has been null checked Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 69/86] staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 70/86] drm/vc4: Move IRQ enable to PM path Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 71/86] staging: lustre: separate a connection destroy from free struct kib_conn Greg Kroah-Hartman
2018-02-02 16:58 ` Greg Kroah-Hartman [this message]
2018-02-02 16:58 ` [PATCH 4.9 73/86] usb: option: Add support for FS040U modem Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 75/86] USB: cdc-acm: Do not log urb submission errors on disconnect Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 76/86] CDC-ACM: apply quirk for card reader Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 77/86] USB: serial: io_edgeport: fix possible sleep-in-atomic Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 78/86] usbip: prevent bind loops on devices attached to vhci_hcd Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 79/86] usbip: list: dont list " Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 80/86] USB: serial: simple: add Motorola Tetra driver Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 81/86] usb: f_fs: Prevent gadget unbind if it is already unbound Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 82/86] usb: uas: unconditionally bring back host after reset Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 83/86] usb/gadget: Fix "high bandwidth" check in usb_gadget_ep_match_desc() Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 84/86] usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 85/86] serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS Greg Kroah-Hartman
2018-02-02 16:58 ` [PATCH 4.9 86/86] spi: imx: do not access registers while clocks disabled Greg Kroah-Hartman
2018-02-02 22:19 ` [PATCH 4.9 00/86] 4.9.80-stable review Shuah Khan
2018-02-02 22:45 ` Dan Rue
2018-02-03 15:29 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180202140829.336126023@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alan@linux.intel.com \
--cc=gkohli@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).