AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-14 14:36:40 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
71472fa9c5
linux_dsm_epyc7002/drivers/tty
History
Peter Hurley 71472fa9c5 tty: Fix ldisc crash on reopened tty 
If the tty has been hungup, the ldisc instance may have been destroyed.
Continued input to the tty will be ignored as long as the ldisc instance
is not visible to the flush_to_ldisc kworker. However, when the tty
is reopened and a new ldisc instance is created, the flush_to_ldisc
kworker can obtain an ldisc reference before the new ldisc is
completely initialized. This will likely crash:

 BUG: unable to handle kernel paging request at 0000000000002260
 IP: [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80
 PGD 2ab581067 PUD 290c11067 PMD 0
 Oops: 0000 [#1] PREEMPT SMP
 Modules linked in: nls_iso8859_1 ip6table_filter [.....]
 CPU: 2 PID: 103 Comm: kworker/u16:1 Not tainted 4.6.0-rc7+wip-xeon+debug #rc7+wip
 Hardware name: Dell Inc. Precision WorkStation T5400  /0RW203, BIOS A11 04/30/2012
 Workqueue: events_unbound flush_to_ldisc
 task: ffff8802ad16d100 ti: ffff8802ad31c000 task.ti: ffff8802ad31c000
 RIP: 0010:[<ffffffff8152dc5d>]  [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80
 RSP: 0018:ffff8802ad31fc70  EFLAGS: 00010296
 RAX: 0000000000000000 RBX: ffff8802aaddd800 RCX: 0000000000000001
 RDX: 00000000ffffffff RSI: ffffffff810db48f RDI: 0000000000000246
 RBP: ffff8802ad31fd08 R08: 0000000000000000 R09: 0000000000000001
 R10: ffff8802aadddb28 R11: 0000000000000001 R12: ffff8800ba6da808
 R13: ffff8802ad18be80 R14: ffff8800ba6da858 R15: ffff8800ba6da800
 FS:  0000000000000000(0000) GS:ffff8802b0a00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000002260 CR3: 000000028ee5d000 CR4: 00000000000006e0
 Stack:
  ffffffff81531219 ffff8802aadddab8 ffff8802aadddde0 ffff8802aadddd78
  ffffffff00000001 ffff8800ba6da858 ffff8800ba6da860 ffff8802ad31fd30
  ffffffff81885f78 ffffffff81531219 0000000000000000 0000000200000000
 Call Trace:
  [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0
  [<ffffffff81885f78>] ? mutex_lock_nested+0x2c8/0x430
  [<ffffffff81531219>] ? flush_to_ldisc+0x49/0xd0
  [<ffffffff8152e784>] n_tty_receive_buf2+0x14/0x20
  [<ffffffff81530cb2>] tty_ldisc_receive_buf+0x22/0x50
  [<ffffffff8153128e>] flush_to_ldisc+0xbe/0xd0
  [<ffffffff810a0ebd>] process_one_work+0x1ed/0x6e0
  [<ffffffff810a0e3f>] ? process_one_work+0x16f/0x6e0
  [<ffffffff810a13fe>] worker_thread+0x4e/0x490
  [<ffffffff810a13b0>] ? process_one_work+0x6e0/0x6e0
  [<ffffffff810a7ef2>] kthread+0xf2/0x110
  [<ffffffff810ae68c>] ? preempt_count_sub+0x4c/0x80
  [<ffffffff8188ab52>] ret_from_fork+0x22/0x50
  [<ffffffff810a7e00>] ? kthread_create_on_node+0x220/0x220
 Code: ff ff e8 27 a0 35 00 48 8d 83 78 05 00 00 c7 45 c0 00 00 00 00 48 89 45 80 48
       8d 83 e0 05 00 00 48 89 85 78 ff ff ff 48 8b 45 b8 <48> 8b b8 60 22 00 00 48
       8b 30 89 f8 8b 8b 88 04 00 00 29 f0 8d
 RIP  [<ffffffff8152dc5d>] n_tty_receive_buf_common+0x6d/0xb80
  RSP <ffff8802ad31fc70>
 CR2: 0000000000002260

Ensure the kworker cannot obtain the ldisc reference until the new ldisc
is completely initialized.

Fixes: 892d1fa7ea ("tty: Destroy ldisc instance on hangup")
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-17 14:16:09 +09:00
..
hvc drivers/tty: Convert remaining uses of pr_warning to pr_warn 2017-03-17 14:14:00 +09:00
ipwireless tty: ipwireless, cleanup TIOCGSERIAL 2016-06-25 08:56:30 -07:00
serdev serdev: ttyport: check whether tty_init_dev() fails 2017-02-09 13:54:49 +01:00
serial uartlite: Adding a kernel parameter for the number of uartlites 2017-03-17 14:14:30 +09:00
vt sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h> 2017-03-02 08:42:34 +01:00
amiserial.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
bfin_jtag_comm.c TTY: bfin_jtag_comm: remove incorrect wait_until_sent operation 2015-03-07 03:44:14 +01:00
cyclades.c tty: stop defining STD_COM_FLAGS in drivers 2016-06-25 08:56:30 -07:00
ehv_bytechan.c drivers/tty: make ehv_bytechan.c explicitly non-modular 2016-02-06 23:26:43 -08:00
goldfish.c tty: goldfish: Fix a parameter of a call to free_irq 2017-01-12 11:51:25 +01:00
isicom.c tty: Replace ASYNC_INITIALIZED bit and update atomically 2016-04-30 09:26:55 -07:00
Kconfig devpts: Make each mount of devpts an independent filesystem. 2016-06-05 10:36:01 -07:00
Makefile serdev: Introduce new bus for serial attached devices 2017-02-03 10:17:02 +01:00
metag_da.c timers, drivers/tty/metag_da: Initialize the poll timer as pinned 2016-07-07 10:25:14 +02:00
mips_ejtag_fdc.c timers, drivers/tty/mips_ejtag: Initialize the poll timer as pinned 2016-07-07 10:34:59 +02:00
moxa.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
moxa.h
mxser.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
mxser.h
n_gsm.c tty: n_gsm: Use net_device_stats from struct net_device 2017-03-17 14:14:00 +09:00
n_hdlc.c tty: n_hdlc: get rid of racy n_hdlc.tbuf 2017-03-07 18:54:30 +01:00
n_r3964.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
n_tracerouter.c n_tracerouter: stop including <asm-generic/bug> 2015-10-15 00:21:10 +02:00
n_tracesink.c n_tracesink: stop including <asm-generic/bug> 2015-10-15 00:21:11 +02:00
n_tracesink.h
n_tty.c Fix OpenSSH pty regression on close 2016-05-01 13:22:54 -07:00
nozomi.c tty: nozomi: avoid sprintf buffer overflow 2016-11-29 20:20:07 +01:00
pty.c tty: pty: Fix ldisc flush after userspace become aware of the data already 2017-03-17 14:16:09 +09:00
rocket_int.h tty: rocket: Remove private close_wait 2016-01-28 14:13:44 -08:00
rocket.c tty: rocket: fix invalid user-pointer checks 2016-11-10 14:41:25 +01:00
rocket.h tty: rocket: fix comment of ROCKET_SPD_HI 2015-05-24 12:49:16 -07:00
synclink_gt.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
synclink.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
synclinkmp.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
sysrq.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h> 2017-03-02 08:42:35 +01:00
tty_audit.c tty: audit: remove unused variable 2016-03-07 16:11:14 -08:00
tty_buffer.c tty_port: Add port client functions 2017-02-03 10:17:02 +01:00
tty_io.c drivers/tty: Convert remaining uses of pr_warning to pr_warn 2017-03-17 14:14:00 +09:00
tty_ioctl.c sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
tty_ldisc.c tty: Fix ldisc crash on reopened tty 2017-03-17 14:16:09 +09:00
tty_ldsem.c sched/headers: Prepare to move the get_task_struct()/put_task_struct() and related APIs from <linux/sched.h> to <linux/sched/task.h> 2017-03-02 08:42:40 +01:00
tty_mutex.c Merge 4.5-rc4 into tty-next 2016-02-14 14:36:04 -08:00
tty_port.c sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00