Re: [PATCH] tty: n_tty: fix KCSAN data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl

Next message: Ioana Ciornei: "[PATCH net-next v2 2/9] selftests: net: extend lib.sh to parse drivers/net/net.config"
Previous message: Ioana Ciornei: "[PATCH net-next v2 1/9] selftests: forwarding: extend ethtool_std_stats_get with pause statistics"
Next in thread: Osama Abdelkader: "Re: [PATCH] tty: n_tty: fix KCSAN data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg Kroah-Hartman

Date: Thu Mar 12 2026 - 10:21:21 EST

On Wed, Feb 11, 2026 at 10:08:38PM +0100, Osama Abdelkader wrote:
> n_tty_lookahead_flow_ctrl() accesses ldata->lookahead_count without
> holding termios_rwsem, while reset_buffer_flags() in n_tty_flush_buffer()
> resets it with exclusive termios_rwsem held. This causes a data race
> reported by KCSAN when a PTY is closed while flush_to_ldisc is still
> processing lookahead data.

A data race of what exactly? lookahead_count?

> Fix by taking termios_rwsem (read) in n_tty_lookahead_flow_ctrl(),
> consistent with __receive_buf() which also modifies lookahead_count
> under the read lock.

This feels wrong. I would like to see a LOT of testing and validation
that this is correct before being able to take this patch. How was that
done?

thanks,

greg k-h