[PATCH] tty: vt: check for atomic context in con_write()

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To: syzbot <syzbot+06fa1063cca8163ea541@syzkaller.appspotmail.com>,
	syzkaller-bugs@googlegroups.com,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Jiri Slaby <jirislaby@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org,
	linux-serial <linux-serial@vger.kernel.org>
Subject: [PATCH] tty: vt: check for atomic context in con_write()
Date: Sat, 20 Jan 2024 19:34:02 +0900	[thread overview]
Message-ID: <9cd9d3eb-418f-44cc-afcf-7283d51252d6@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <83414cb6-df16-4b6d-92e3-d54d22ba26cc@I-love.SAKURA.ne.jp>

syzbot is reporting sleep in atomic context, for gsmld_write() is calling
con_write() with spinlock held and IRQs disabled.

Since include/linux/tty_ldisc.h says that "struct tty_ldisc_ops"->write
(e.g. gsmld_write()) is allowed to sleep and include/linux/tty_driver.h
says that "struct tty_operations"->write (e.g. con_write()) is not
allowed to sleep, we should handle this problem on the con_write() side.

It seems that "Andrew Morton: console locking merge" in 2.4.10-pre11 added
in_interrupt() check to do_con_write()/con_put_char()/con_flush_chars()
in order to handle exceptional caller.

Since include/linux/preempt.h says that in_atomic() cannot know about held
spinlocks in non-preemptible kernels, but gsmld_write() is calling
con_write() with IRQs disabled, we can add irqs_disabled() check to
do_con_write()/con_flush_chars() in order to handle this case. Though,
I'm not sure whether returning the bytes to write is appropriate behavior
when do_con_write() can't work...

Reported-by: syzbot+06fa1063cca8163ea541@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=06fa1063cca8163ea541
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 drivers/tty/vt/vt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 156efda7c80d..0d3d602ae147 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -2856,7 +2856,7 @@ static int do_con_write(struct tty_struct *tty, const u8 *buf, int count)
 	struct vt_notifier_param param;
 	bool rescan;

-	if (in_interrupt())
+	if (in_interrupt() || irqs_disabled())
 		return count;

 	console_lock();
@@ -3314,7 +3314,7 @@ static void con_flush_chars(struct tty_struct *tty)
 {
 	struct vc_data *vc;

-	if (in_interrupt())	/* from flush_to_ldisc */
+	if (in_interrupt() || irqs_disabled()) /* from flush_to_ldisc */
 		return;

 	/* if we race with con_close(), vt may be null */
-- 
2.18.4

next prev parent reply	other threads:[~2024-01-20 10:34 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-18  9:51 [syzbot] [dri?] BUG: scheduling while atomic in drm_atomic_helper_wait_for_flip_done syzbot
2024-01-18 14:18 ` Tetsuo Handa
2024-01-20 10:34   ` Tetsuo Handa [this message]
2024-01-21  3:48     ` [PATCH] tty: vt: check for atomic context in con_write() Hillf Danton
2024-01-21 11:34       ` Tetsuo Handa
2024-01-22  6:48     ` Jiri Slaby
2024-01-22 14:08       ` Tetsuo Handa
2024-01-24 10:06         ` [PATCH] tty: n_gsm: restrict tty devices to attach Tetsuo Handa
2024-01-24 13:14           ` Greg Kroah-Hartman
2024-02-03 13:45             ` Tetsuo Handa
2024-02-06 14:28               ` Greg Kroah-Hartman
2024-04-20 11:17 ` [syzbot] [dri?] BUG: scheduling while atomic in drm_atomic_helper_wait_for_flip_done Tetsuo Handa

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:156efda7c80 dfblob:0d3d602ae14
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9cd9d3eb-418f-44cc-afcf-7283d51252d6@I-love.SAKURA.ne.jp \
    --to=penguin-kernel@i-love.sakura.ne.jp \
    --cc=akpm@linux-foundation.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=jirislaby@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-serial@vger.kernel.org \
    --cc=syzbot+06fa1063cca8163ea541@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.