mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-20 17:41:09 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/tty
History
Peter Hurley cf872776fc tty: Fix hang at ldsem_down_read() 
When a controlling tty is being hung up and the hang up is
waiting for a just-signalled tty reader or writer to exit, and a new tty
reader/writer tries to acquire an ldisc reference concurrently with the
ldisc reference release from the signalled reader/writer, the hangup
can hang. The new reader/writer is sleeping in ldsem_down_read() and the
hangup is sleeping in ldsem_down_write() [1].

The new reader/writer fails to wakeup the waiting hangup because the
wrong lock count value is checked (the old lock count rather than the new
lock count) to see if the lock is unowned.

Change helper function to return the new lock count if the cmpxchg was
successful; document this behavior.

[1] edited dmesg log from reporter

SysRq : Show Blocked State
  task                        PC stack   pid father
systemd         D ffff88040c4f0000     0     1      0 0x00000000
 ffff88040c49fbe0 0000000000000046 ffff88040c4a0000 ffff88040c49ffd8
 00000000001d3980 00000000001d3980 ffff88040c4a0000 ffff88040593d840
 ffff88040c49fb40 ffffffff810a4cc0 0000000000000006 0000000000000023
Call Trace:
 [<ffffffff810a4cc0>] ? sched_clock_cpu+0x9f/0xe4
 [<ffffffff810a4cc0>] ? sched_clock_cpu+0x9f/0xe4
 [<ffffffff810a4cc0>] ? sched_clock_cpu+0x9f/0xe4
 [<ffffffff810a4cc0>] ? sched_clock_cpu+0x9f/0xe4
 [<ffffffff817a6649>] schedule+0x24/0x5e
 [<ffffffff817a588b>] schedule_timeout+0x15b/0x1ec
 [<ffffffff810a4cc0>] ? sched_clock_cpu+0x9f/0xe4
 [<ffffffff817aa691>] ? _raw_spin_unlock_irq+0x24/0x26
 [<ffffffff817aa10c>] down_read_failed+0xe3/0x1b9
 [<ffffffff817aa26d>] ldsem_down_read+0x8b/0xa5
 [<ffffffff8142b5ca>] ? tty_ldisc_ref_wait+0x1b/0x44
 [<ffffffff8142b5ca>] tty_ldisc_ref_wait+0x1b/0x44
 [<ffffffff81423f5b>] tty_write+0x7d/0x28a
 [<ffffffff814241f5>] redirected_tty_write+0x8d/0x98
 [<ffffffff81424168>] ? tty_write+0x28a/0x28a
 [<ffffffff8115d03f>] do_loop_readv_writev+0x56/0x79
 [<ffffffff8115e604>] do_readv_writev+0x1b0/0x1ff
 [<ffffffff8116ea0b>] ? do_vfs_ioctl+0x32a/0x489
 [<ffffffff81167d9d>] ? final_putname+0x1d/0x3a
 [<ffffffff8115e6c7>] vfs_writev+0x2e/0x49
 [<ffffffff8115e7d3>] SyS_writev+0x47/0xaa
 [<ffffffff817ab822>] system_call_fastpath+0x16/0x1b
bash            D ffffffff81c104c0     0  5469   5302 0x00000082
 ffff8800cf817ac0 0000000000000046 ffff8804086b22a0 ffff8800cf817fd8
 00000000001d3980 00000000001d3980 ffff8804086b22a0 ffff8800cf817a48
 000000000000b9a0 ffff8800cf817a78 ffffffff81004675 ffff8800cf817a44
Call Trace:
 [<ffffffff81004675>] ? dump_trace+0x165/0x29c
 [<ffffffff810a4cc0>] ? sched_clock_cpu+0x9f/0xe4
 [<ffffffff8100edda>] ? save_stack_trace+0x26/0x41
 [<ffffffff817a6649>] schedule+0x24/0x5e
 [<ffffffff817a588b>] schedule_timeout+0x15b/0x1ec
 [<ffffffff810a4cc0>] ? sched_clock_cpu+0x9f/0xe4
 [<ffffffff817a9f03>] ? down_write_failed+0xa3/0x1c9
 [<ffffffff817aa691>] ? _raw_spin_unlock_irq+0x24/0x26
 [<ffffffff817a9f0b>] down_write_failed+0xab/0x1c9
 [<ffffffff817aa300>] ldsem_down_write+0x79/0xb1
 [<ffffffff817aada3>] ? tty_ldisc_lock_pair_timeout+0xa5/0xd9
 [<ffffffff817aada3>] tty_ldisc_lock_pair_timeout+0xa5/0xd9
 [<ffffffff8142bf33>] tty_ldisc_hangup+0xc4/0x218
 [<ffffffff81423ab3>] __tty_hangup+0x2e2/0x3ed
 [<ffffffff81424a76>] disassociate_ctty+0x63/0x226
 [<ffffffff81078aa7>] do_exit+0x79f/0xa11
 [<ffffffff81086bdb>] ? get_signal_to_deliver+0x206/0x62f
 [<ffffffff810b4bfb>] ? lock_release_holdtime.part.8+0xf/0x16e
 [<ffffffff81079b05>] do_group_exit+0x47/0xb5
 [<ffffffff81086c16>] get_signal_to_deliver+0x241/0x62f
 [<ffffffff810020a7>] do_signal+0x43/0x59d
 [<ffffffff810f2af7>] ? __audit_syscall_exit+0x21a/0x2a8
 [<ffffffff810b4bfb>] ? lock_release_holdtime.part.8+0xf/0x16e
 [<ffffffff81002655>] do_notify_resume+0x54/0x6c
 [<ffffffff817abaf8>] int_signal+0x12/0x17

Reported-by: Sami Farin <sami.farin@gmail.com>
Cc: <stable@vger.kernel.org> # 3.12.x
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-12-16 16:55:43 -08:00
..
hvc Features: 2013-11-15 13:34:37 +09:00
ipwireless tty: ipwireless: Remove redundant NULL check before kfree 2013-03-15 13:58:32 -07:00
serial TTY: pmac_zilog, check existence of ports in pmz_console_init() 2013-11-25 08:54:25 -08:00
vt vt: properly ignore xterm-256 colour codes 2013-09-26 15:58:27 -07:00
amiserial.c TTY: amiserial, add missing platform check 2013-11-25 08:54:25 -08:00
bfin_jtag_comm.c TTY: bfin_jtag_comm: fix incorrect placement of __initdata tag 2013-09-30 19:09:37 -07:00
cyclades.c TTY: add tty_port_tty_hangup helper 2013-03-18 16:24:29 -07:00
ehv_bytechan.c drivers: clean-up prom.h implicit includes 2013-10-09 20:04:04 -05:00
goldfish.c goldfish: move to tty_port for flip buffers 2013-01-25 08:09:38 -08:00
isicom.c TTY: switch tty_flip_buffer_push 2013-01-15 22:30:15 -08:00
Kconfig tty: metag_da: Add metag DA TTY driver 2013-02-06 11:10:17 -08:00
Makefile tty: Add timed, writer-prioritized rw semaphore 2013-05-20 12:30:32 -07:00
metag_da.c tree-wide: use reinit_completion instead of INIT_COMPLETION 2013-11-15 09:32:21 +09:00
moxa.c TTY: add tty_port_tty_hangup helper 2013-03-18 16:24:29 -07:00
moxa.h
mxser.c tty: mxser: Fix build warning introduced by dfc7b837c7 (Re: linux-next: build warning after merge of the tty.current tree) 2013-05-22 10:26:02 -07:00
mxser.h
n_gsm.c Revert "n_gsm: race between ld close and gsmtty open" 2013-11-25 18:30:21 -08:00
n_hdlc.c
n_r3964.c
n_tracerouter.c
n_tracesink.c
n_tracesink.h
n_tty.c n_tty: Fix missing newline echo 2013-11-29 12:53:19 -08:00
nozomi.c tty: Remove unnecessary semicolons 2013-10-16 13:08:16 -07:00
pty.c tty: Fix lock order in tty_do_resize() 2013-07-24 15:12:53 -07:00
rocket.c TTY: rocket, fix more no-PCI warnings 2013-05-20 12:15:59 -07:00
rocket.h
rocket_int.h
synclink.c TTY: synclink: replace bitmasks add operation with OR operation. 2013-07-29 12:47:37 -07:00
synclink_gt.c TTY: synclink_gt: fix DTR being raised on hang up 2013-04-12 14:08:17 -07:00
synclinkmp.c TTY: snyclinkmp: calculating wrong addresses 2013-07-24 15:23:38 -07:00
sysrq.c sysrq: Allow magic SysRq key functions to be disabled through Kconfig 2013-10-16 13:01:44 -07:00
tty_audit.c audit: do not needlessly take a lock in tty_audit_exit 2013-04-30 15:31:28 -04:00
tty_buffer.c tty: Remove private constant from global namespace 2013-07-23 16:47:10 -07:00
tty_io.c tty: Reset hupped state on open 2013-11-25 08:56:49 -08:00
tty_ioctl.c tty: Fix SIGTTOU not sent with tcflush() 2013-09-25 17:52:17 -07:00
tty_ldisc.c tty: Convert termios_mutex to termios_rwsem 2013-07-23 16:43:01 -07:00
tty_ldsem.c tty: Fix hang at ldsem_down_read() 2013-12-16 16:55:43 -08:00
tty_mutex.c
tty_port.c tty: Remove unused drop() method from tty_port interface 2013-09-25 18:08:34 -07:00