APPLIED(X, B, D, E): [X][B][D][E][F][SRU][PATCH 0/1] Fix for pty03 test in LTP
Khaled Elmously
khalid.elmously at canonical.com
Fri Feb 14 04:25:22 UTC 2020
On 2020-02-06 18:37:50 , Po-Hsu Lin wrote:
> BugLink: https://bugs.launchpad.net/bugs/1862114
>
> == Justification ==
> The test case pty03 from pty in ubuntu_ltp is failing with kernel NULL
> pointer dereference:
>
> [ 951.306823] BUG: kernel NULL pointer dereference, address: 0000000000000020
> [ 951.309960] #PF: supervisor write access in kernel mode
> [ 951.312130] #PF: error_code(0x0002) - not-present page
> [ 951.314227] PGD 0 P4D 0
> [ 951.315278] Oops: 0002 [#1] SMP PTI
> [ 951.316705] CPU: 1 PID: 39102 Comm: pty03 Not tainted 5.4.0-12-generic #15-Ubuntu
> [ 951.319737] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
> [ 951.322713] RIP: 0010:queue_work_on+0x1b/0x50
>
> [ 951.352494] Call Trace:
> [ 951.353244] slip_write_wakeup+0x25/0x30 [slip]
> [ 951.354600] tty_wakeup+0x5b/0x70
> [ 951.355539] pty_unthrottle+0x19/0x30
> [ 951.356560] tty_unthrottle+0x42/0x60
> [ 951.357566] __tty_perform_flush+0x87/0x90
> [ 951.358768] n_tty_ioctl_helper+0xcc/0x150
> [ 951.359955] n_tty_ioctl+0x2d/0x100
> [ 951.360930] tty_ioctl+0x3c0/0x8e0
> [ 951.361882] ? __switch_to_asm+0x34/0x70
> [ 951.363049] ? __switch_to_asm+0x40/0x70
> [ 951.364191] ? __switch_to_asm+0x34/0x70
> [ 951.365261] ? __switch_to_asm+0x40/0x70
> [ 951.366382] ? __switch_to_asm+0x34/0x70
> [ 951.367452] ? __switch_to_asm+0x40/0x70
> [ 951.368523] ? __switch_to_asm+0x34/0x70
> [ 951.369693] ? __switch_to_asm+0x40/0x70
> [ 951.370829] ? __switch_to_asm+0x34/0x70
> [ 951.371923] ? __switch_to_asm+0x40/0x70
> [ 951.372998] ? __switch_to_asm+0x34/0x70
> [ 951.374097] ? __switch_to_asm+0x40/0x70
> [ 951.375183] ? __switch_to_asm+0x34/0x70
> [ 951.376288] ? __switch_to_asm+0x40/0x70
> [ 951.377390] ? __switch_to+0x110/0x470
> [ 951.378863] do_vfs_ioctl+0x407/0x670
> [ 951.380269] ? __schedule+0x2eb/0x740
> [ 951.381761] ksys_ioctl+0x67/0x90
> [ 951.383076] __x64_sys_ioctl+0x1a/0x20
> [ 951.384510] do_syscall_64+0x57/0x190
> [ 951.385896] entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> == Fixes ==
> Indicated by the test case, this issue can be fixed by:
> * 0ace17d5 (can, slip: Protect tty->disc_data in write_wakeup and
> close with RCU)
>
> This patch can be cherry-picked into all of our kernels.
>
> == Test ==
> Test kernels could be found here:
> https://people.canonical.com/~phlin/kernel/lp-1862114-pty03/
>
> Tested on KVM nodes and the patched kernels work as expected, there
> will be no more kernel null pointer dereference issue, and the test
> can finish properly.
>
> == Regression potential ==
> Low, changes limited to two specific drivers for serial line TTY. This
> issue can be reproduced quite easily and the patched kernels show
> positive results.
>
> Richard Palethorpe (1):
> can, slip: Protect tty->disc_data in write_wakeup and close with RCU
>
> drivers/net/can/slcan.c | 12 ++++++++++--
> drivers/net/slip/slip.c | 12 ++++++++++--
> 2 files changed, 20 insertions(+), 4 deletions(-)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list