[X][B][D][E][F][SRU][PATCH 0/1] Fix for pty03 test in LTP
Po-Hsu Lin
po-hsu.lin at canonical.com
Thu Feb 6 10:37:50 UTC 2020
BugLink: https://bugs.launchpad.net/bugs/1862114
== Justification ==
The test case pty03 from pty in ubuntu_ltp is failing with kernel NULL
pointer dereference:
[ 951.306823] BUG: kernel NULL pointer dereference, address: 0000000000000020
[ 951.309960] #PF: supervisor write access in kernel mode
[ 951.312130] #PF: error_code(0x0002) - not-present page
[ 951.314227] PGD 0 P4D 0
[ 951.315278] Oops: 0002 [#1] SMP PTI
[ 951.316705] CPU: 1 PID: 39102 Comm: pty03 Not tainted 5.4.0-12-generic #15-Ubuntu
[ 951.319737] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 951.322713] RIP: 0010:queue_work_on+0x1b/0x50
[ 951.352494] Call Trace:
[ 951.353244] slip_write_wakeup+0x25/0x30 [slip]
[ 951.354600] tty_wakeup+0x5b/0x70
[ 951.355539] pty_unthrottle+0x19/0x30
[ 951.356560] tty_unthrottle+0x42/0x60
[ 951.357566] __tty_perform_flush+0x87/0x90
[ 951.358768] n_tty_ioctl_helper+0xcc/0x150
[ 951.359955] n_tty_ioctl+0x2d/0x100
[ 951.360930] tty_ioctl+0x3c0/0x8e0
[ 951.361882] ? __switch_to_asm+0x34/0x70
[ 951.363049] ? __switch_to_asm+0x40/0x70
[ 951.364191] ? __switch_to_asm+0x34/0x70
[ 951.365261] ? __switch_to_asm+0x40/0x70
[ 951.366382] ? __switch_to_asm+0x34/0x70
[ 951.367452] ? __switch_to_asm+0x40/0x70
[ 951.368523] ? __switch_to_asm+0x34/0x70
[ 951.369693] ? __switch_to_asm+0x40/0x70
[ 951.370829] ? __switch_to_asm+0x34/0x70
[ 951.371923] ? __switch_to_asm+0x40/0x70
[ 951.372998] ? __switch_to_asm+0x34/0x70
[ 951.374097] ? __switch_to_asm+0x40/0x70
[ 951.375183] ? __switch_to_asm+0x34/0x70
[ 951.376288] ? __switch_to_asm+0x40/0x70
[ 951.377390] ? __switch_to+0x110/0x470
[ 951.378863] do_vfs_ioctl+0x407/0x670
[ 951.380269] ? __schedule+0x2eb/0x740
[ 951.381761] ksys_ioctl+0x67/0x90
[ 951.383076] __x64_sys_ioctl+0x1a/0x20
[ 951.384510] do_syscall_64+0x57/0x190
[ 951.385896] entry_SYSCALL_64_after_hwframe+0x44/0xa9
== Fixes ==
Indicated by the test case, this issue can be fixed by:
* 0ace17d5 (can, slip: Protect tty->disc_data in write_wakeup and
close with RCU)
This patch can be cherry-picked into all of our kernels.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1862114-pty03/
Tested on KVM nodes and the patched kernels work as expected, there
will be no more kernel null pointer dereference issue, and the test
can finish properly.
== Regression potential ==
Low, changes limited to two specific drivers for serial line TTY. This
issue can be reproduced quite easily and the patched kernels show
positive results.
Richard Palethorpe (1):
can, slip: Protect tty->disc_data in write_wakeup and close with RCU
drivers/net/can/slcan.c | 12 ++++++++++--
drivers/net/slip/slip.c | 12 ++++++++++--
2 files changed, 20 insertions(+), 4 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list