Re: [PATCH] pty: do tty_flip_buffer_push without port->lock in pty_write

From: Sergey Senozhatsky
Date: Fri Sep 04 2020 - 03:43:39 EST

Next message: Elaine Zhang: "[PATCH v3 0/6] clk: rockchip: Support module build"
Previous message: Michal Hocko: "Re: [RFC PATCH 00/16] 1GB THP support on x86_64"
In reply to: Artem Savkov: "[PATCH v2] pty: do tty_flip_buffer_push without port->lock in pty_write"
Next in thread: Artem Savkov: "Re: [PATCH] pty: do tty_flip_buffer_push without port->lock in pty_write"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On (20/09/01 14:01), Artem Savkov wrote:
[..]
> It looks like the commit was aimed to protect tty_insert_flip_string and
> there is no need for tty_flip_buffer_push to be under this lock.
>
[..]
> @@ -120,10 +120,10 @@ static int pty_write(struct tty_struct *tty, const unsigned char *buf, int c)
> spin_lock_irqsave(&to->port->lock, flags);
> /* Stuff the data into the input queue of the other end */
> c = tty_insert_flip_string(to->port, buf, c);
> + spin_unlock_irqrestore(&to->port->lock, flags);
> /* And shovel */
> if (c)
> tty_flip_buffer_push(to->port);
> - spin_unlock_irqrestore(&to->port->lock, flags);

Performing unprotected

smp_store_release(&buf->tail->commit, buf->tail->used);

does not look safe to me.

This path can be called concurrently - "pty_write vs console's IRQ handler
(TX/RX)", for instance.

Doing this

queue_work(system_unbound_wq, &buf->work);

outside of port->lock scope also sounds like possible concurrent data
modification.

I'm not sure I see how this patch is safe.

-ss

Next message: Elaine Zhang: "[PATCH v3 0/6] clk: rockchip: Support module build"
Previous message: Michal Hocko: "Re: [RFC PATCH 00/16] 1GB THP support on x86_64"
In reply to: Artem Savkov: "[PATCH v2] pty: do tty_flip_buffer_push without port->lock in pty_write"
Next in thread: Artem Savkov: "Re: [PATCH] pty: do tty_flip_buffer_push without port->lock in pty_write"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]