| Message ID | 20200206103751.28983-1-po-hsu.lin@canonical.com |
|---|---|
| Headers | show |
| Series | Fix for pty03 test in LTP | expand |
On Thu, Feb 06, 2020 at 06:37:50PM +0800, Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1862114 > > == Justification == > The test case pty03 from pty in ubuntu_ltp is failing with kernel NULL > pointer dereference: > > [ 951.306823] BUG: kernel NULL pointer dereference, address: 0000000000000020 > [ 951.309960] #PF: supervisor write access in kernel mode > [ 951.312130] #PF: error_code(0x0002) - not-present page > [ 951.314227] PGD 0 P4D 0 > [ 951.315278] Oops: 0002 [#1] SMP PTI > [ 951.316705] CPU: 1 PID: 39102 Comm: pty03 Not tainted 5.4.0-12-generic #15-Ubuntu > [ 951.319737] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 > [ 951.322713] RIP: 0010:queue_work_on+0x1b/0x50 > > [ 951.352494] Call Trace: > [ 951.353244] slip_write_wakeup+0x25/0x30 [slip] > [ 951.354600] tty_wakeup+0x5b/0x70 > [ 951.355539] pty_unthrottle+0x19/0x30 > [ 951.356560] tty_unthrottle+0x42/0x60 > [ 951.357566] __tty_perform_flush+0x87/0x90 > [ 951.358768] n_tty_ioctl_helper+0xcc/0x150 > [ 951.359955] n_tty_ioctl+0x2d/0x100 > [ 951.360930] tty_ioctl+0x3c0/0x8e0 > [ 951.361882] ? __switch_to_asm+0x34/0x70 > [ 951.363049] ? __switch_to_asm+0x40/0x70 > [ 951.364191] ? __switch_to_asm+0x34/0x70 > [ 951.365261] ? __switch_to_asm+0x40/0x70 > [ 951.366382] ? __switch_to_asm+0x34/0x70 > [ 951.367452] ? __switch_to_asm+0x40/0x70 > [ 951.368523] ? __switch_to_asm+0x34/0x70 > [ 951.369693] ? __switch_to_asm+0x40/0x70 > [ 951.370829] ? __switch_to_asm+0x34/0x70 > [ 951.371923] ? __switch_to_asm+0x40/0x70 > [ 951.372998] ? __switch_to_asm+0x34/0x70 > [ 951.374097] ? __switch_to_asm+0x40/0x70 > [ 951.375183] ? __switch_to_asm+0x34/0x70 > [ 951.376288] ? __switch_to_asm+0x40/0x70 > [ 951.377390] ? __switch_to+0x110/0x470 > [ 951.378863] do_vfs_ioctl+0x407/0x670 > [ 951.380269] ? __schedule+0x2eb/0x740 > [ 951.381761] ksys_ioctl+0x67/0x90 > [ 951.383076] __x64_sys_ioctl+0x1a/0x20 > [ 951.384510] do_syscall_64+0x57/0x190 > [ 951.385896] entry_SYSCALL_64_after_hwframe+0x44/0xa9 > > == Fixes == > Indicated by the test case, this issue can be fixed by: > * 0ace17d5 (can, slip: Protect tty->disc_data in write_wakeup and > close with RCU) > > This patch can be cherry-picked into all of our kernels. > > == Test == > Test kernels could be found here: > https://people.canonical.com/~phlin/kernel/lp-1862114-pty03/ > > Tested on KVM nodes and the patched kernels work as expected, there > will be no more kernel null pointer dereference issue, and the test > can finish properly. > > == Regression potential == > Low, changes limited to two specific drivers for serial line TTY. This > issue can be reproduced quite easily and the patched kernels show > positive results. This has already been applied to focal via upstream stable updates.
On 2020-02-06 18:37:50 , Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1862114 > > == Justification == > The test case pty03 from pty in ubuntu_ltp is failing with kernel NULL > pointer dereference: > > [ 951.306823] BUG: kernel NULL pointer dereference, address: 0000000000000020 > [ 951.309960] #PF: supervisor write access in kernel mode > [ 951.312130] #PF: error_code(0x0002) - not-present page > [ 951.314227] PGD 0 P4D 0 > [ 951.315278] Oops: 0002 [#1] SMP PTI > [ 951.316705] CPU: 1 PID: 39102 Comm: pty03 Not tainted 5.4.0-12-generic #15-Ubuntu > [ 951.319737] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 > [ 951.322713] RIP: 0010:queue_work_on+0x1b/0x50 > > [ 951.352494] Call Trace: > [ 951.353244] slip_write_wakeup+0x25/0x30 [slip] > [ 951.354600] tty_wakeup+0x5b/0x70 > [ 951.355539] pty_unthrottle+0x19/0x30 > [ 951.356560] tty_unthrottle+0x42/0x60 > [ 951.357566] __tty_perform_flush+0x87/0x90 > [ 951.358768] n_tty_ioctl_helper+0xcc/0x150 > [ 951.359955] n_tty_ioctl+0x2d/0x100 > [ 951.360930] tty_ioctl+0x3c0/0x8e0 > [ 951.361882] ? __switch_to_asm+0x34/0x70 > [ 951.363049] ? __switch_to_asm+0x40/0x70 > [ 951.364191] ? __switch_to_asm+0x34/0x70 > [ 951.365261] ? __switch_to_asm+0x40/0x70 > [ 951.366382] ? __switch_to_asm+0x34/0x70 > [ 951.367452] ? __switch_to_asm+0x40/0x70 > [ 951.368523] ? __switch_to_asm+0x34/0x70 > [ 951.369693] ? __switch_to_asm+0x40/0x70 > [ 951.370829] ? __switch_to_asm+0x34/0x70 > [ 951.371923] ? __switch_to_asm+0x40/0x70 > [ 951.372998] ? __switch_to_asm+0x34/0x70 > [ 951.374097] ? __switch_to_asm+0x40/0x70 > [ 951.375183] ? __switch_to_asm+0x34/0x70 > [ 951.376288] ? __switch_to_asm+0x40/0x70 > [ 951.377390] ? __switch_to+0x110/0x470 > [ 951.378863] do_vfs_ioctl+0x407/0x670 > [ 951.380269] ? __schedule+0x2eb/0x740 > [ 951.381761] ksys_ioctl+0x67/0x90 > [ 951.383076] __x64_sys_ioctl+0x1a/0x20 > [ 951.384510] do_syscall_64+0x57/0x190 > [ 951.385896] entry_SYSCALL_64_after_hwframe+0x44/0xa9 > > == Fixes == > Indicated by the test case, this issue can be fixed by: > * 0ace17d5 (can, slip: Protect tty->disc_data in write_wakeup and > close with RCU) > > This patch can be cherry-picked into all of our kernels. > > == Test == > Test kernels could be found here: > https://people.canonical.com/~phlin/kernel/lp-1862114-pty03/ > > Tested on KVM nodes and the patched kernels work as expected, there > will be no more kernel null pointer dereference issue, and the test > can finish properly. > > == Regression potential == > Low, changes limited to two specific drivers for serial line TTY. This > issue can be reproduced quite easily and the patched kernels show > positive results. > > Richard Palethorpe (1): > can, slip: Protect tty->disc_data in write_wakeup and close with RCU > > drivers/net/can/slcan.c | 12 ++++++++++-- > drivers/net/slip/slip.c | 12 ++++++++++-- > 2 files changed, 20 insertions(+), 4 deletions(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team