Thread (24 messages) 24 messages, 8 authors, 2018-09-10

Re: [PATCH 2/4] tty: Hold tty_ldisc_lock() during tty_reopen()

From: Dmitry Safonov <hidden>
Date: 2018-08-29 14:30:27
Also in: lkml

Hi Sergey,

On Wed, 2018-08-29 at 13:34 +0900, Sergey Senozhatsky wrote:
Hi,

Cc-ing Benjamin on this.
Thanks!
On (08/29/18 03:23), Dmitry Safonov wrote:
quoted
BUG: unable to handle kernel paging request at 0000000000002260
IP: [..] n_tty_receive_buf_common+0x5f/0x86d
Workqueue: events_unbound flush_to_ldisc
Call Trace:
 [..] n_tty_receive_buf2
 [..] tty_ldisc_receive_buf
 [..] flush_to_ldisc
 [..] process_one_work
 [..] worker_thread
 [..] kthread
 [..] ret_from_fork
Seems that you are not the first one to hit this NULL deref.
quoted
I think, tty_ldisc_reinit() should be called with ldisc_sem hold
for
writing, which will protect any reader against line discipline
changes.
Per https://lore.kernel.org/patchwork/patch/777220/

: Note that we noticed one path that called reinit without the ldisc
lock
: held for writing, we added that, but it didn't fix the problem.
Probably, it's worth to know what exactly has he tried and what was the
backtrace he got in the result..
Hopefully, we'll hear more.

It might be also worth to review tty_ldisc_deinit(), I thought it's
safe to destroy ldisc there under tty lock during tty release, but may
be that is another non-safe place.

-- 
Thanks again,
             Dmitry
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help