lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <50897E98.5080502@gmail.com>
Date:	Thu, 25 Oct 2012 14:02:00 -0400
From:	Sasha Levin <levinsasha928@...il.com>
To:	Jiri Slaby <jslaby@...e.cz>
CC:	gregkh@...uxfoundation.org, alan@...ux.intel.com,
	linux-kernel@...r.kernel.org, jirislaby@...il.com,
	Dave Jones <davej@...hat.com>
Subject: Re: [PATCH 21/21] TTY: move tty buffers to tty_port

Hi guys,

On 10/18/2012 04:26 PM, Jiri Slaby wrote:
> So this is it. The big step why we did all the work over the past
> kernel releases. Now everything is prepared, so nothing protects us
> from doing that big step.
> 
>            |  |            \  \ nnnn/^l      |  |
>            |  |             \  /     /       |  |
>            |  '-,.__   =>    \/   ,-`    =>  |  '-,.__
>            | O __.´´)        (  .`           | O __.´´)
>             ~~~   ~~          ``              ~~~   ~~
> The buffers are now in the tty_port structure and we can start
> teaching the buffer helpers (insert char/string, flip etc.) to use
> tty_port instead of tty_struct all around.
> 
> Signed-off-by: Jiri Slaby <jslaby@...e.cz>
> ---

Fuzzing with trinity inside a KVM tools (lkvm) guest with -next kernel
uncovered the following warning:

[ 1339.448706] ------------[ cut here ]------------
[ 1339.451224] WARNING: at drivers/tty/tty_buffer.c:476 flush_to_ldisc+0x60/0x200()
[ 1339.454272] tty is NULLPid: 7147, comm: kworker/4:0 Tainted: G        W    3.7.0-rc2-next-20121025-sasha-00001-g673f98e-dirty #75
[ 1339.458693] Call Trace:
[ 1339.459410]  [<ffffffff81bb1ea0>] ? flush_to_ldisc+0x60/0x200
[ 1339.461289]  [<ffffffff81109b86>] warn_slowpath_common+0x86/0xb0
[ 1339.462992]  [<ffffffff81109c11>] warn_slowpath_fmt+0x41/0x50
[ 1339.464772]  [<ffffffff81bb1ea0>] flush_to_ldisc+0x60/0x200
[ 1339.467076]  [<ffffffff8112d5a9>] process_one_work+0x3b9/0x770
[ 1339.469501]  [<ffffffff8112d458>] ? process_one_work+0x268/0x770
[ 1339.472053]  [<ffffffff8112dcc1>] ? worker_thread+0x51/0x3f0
[ 1339.473831]  [<ffffffff81bb1e40>] ? __tty_buffer_request_room+0x180/0x180
[ 1339.475834]  [<ffffffff8112df2a>] worker_thread+0x2ba/0x3f0
[ 1339.478027]  [<ffffffff8112dc70>] ? rescuer_thread+0x2d0/0x2d0
[ 1339.480431]  [<ffffffff81138c33>] kthread+0xe3/0xf0
[ 1339.482383]  [<ffffffff8117d7be>] ? put_lock_stats.isra.16+0xe/0x40
[ 1339.484171]  [<ffffffff81138b50>] ? insert_kthread_work+0x90/0x90
[ 1339.485886]  [<ffffffff83aedebc>] ret_from_fork+0x7c/0xb0
[ 1339.487943]  [<ffffffff81138b50>] ? insert_kthread_work+0x90/0x90
[ 1339.490435] ---[ end trace e01a8b0af77894c4 ]---

I'm guessing it happens because we never cancel the scheduled work when we
free the buffer, so the scheduled work may run even after we freed the buffer.

Besides the warning itself, I think that 'tty is NULL' would need a newline
after it. Greg, should I send a patch for that?


Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ