From nobody Thu Oct 10 20:28:29 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XPhCx47p1z5Yb0D; Thu, 10 Oct 2024 20:28:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XPhCx3bbxz4TYw; Thu, 10 Oct 2024 20:28:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1728592109; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3xvHAtNDZBEa6SWZOJpTRS2jr6JC8VOQcCPMrmBwVPY=; b=JcvQjTf6dgU/bjGiFi9NmMscnIHmL0oMU6a+mPzrQbO5UvA2Bg8mptr+I82c0K49tyxTSM BlVzGCRZvxTeafvtcmLZ7c0pMdQC28iTUQaa3cREQAFe7eMa0qFmPgrfUvkanRQZpQA/kx y0PR6Sr4sm5uqykyfoYJcjzv9vPeDwsIJnasiNCo95iNA+IYWoy58fplE31unI3BoVAxKO qlTcYio6NB8+R/+962dH6dS18loL9VIuoTdUVoshl9BEbKNpAXiJDoHLthFJBO0RFAcNhs DmUjk24fUisj3aNaysHfZ9D3ucQePqhPm3nJGYzOOcTMaXj4TtCgCos2f12Vww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1728592109; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3xvHAtNDZBEa6SWZOJpTRS2jr6JC8VOQcCPMrmBwVPY=; b=UIoMCcDexhojm9ASQwfjp2yvS8/BeYVV4mWFXDg9aC5PNPJsbXb1sgXnrEBe9pRttgu6HI yUZHGW03taXPNYNTZyCWJG4ZE4ss+gofEpbqraePdhj8dQaes5EJpStKe6dt5Vlt4ZQl9l tz/qiqRpxxNCEP3dqOslOJYGf/aySSzOTUO7kaTLpko9ehexyeh7xTTh5crLLTnucrsUxj xk1Z4txocjr1JbklqArRur4254nc+ZoUwoCBe4KkvXnwspCkCDNKpOK+HXbtU2Ya9maIvs 3OIKuP96K2GovlLVPsgAAoeiYBjiP5vpXGy8oT6zjmt2Fr3Pzw+7xBrnj21RVg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1728592109; a=rsa-sha256; cv=none; b=PK4dsdtebMC4GF/FG3mQInEUodb/+43Q7yqtJy+ReyBcG2XOt9OUoU8f3Ivvve8HczMV2a U2qNlB9wNeigdYnJ2biyBG9JIlfuMO5qAcW3wcYGQ8/wIhtaoMGVaCVsz7JTrAlTXChWie qZl5E+b5r2VcLOvXbp+WrkKe1Ax9BsYzowpXatCD0qXhiAt0tBLrG2PVUgPqxp1DK899gp eHv2Jw5gjueRKuhxrQfEcWZcTohLNyy4q0lOzFplWSsnYYavTPND2B5EFI6De6VyA04ftm NVietfm3ku06tLCSWiPHYIbCOBG1tu+iGHUi50SVEgxtN0ZFXF+gzGY2IMrFTg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XPhCx1qv5z1BWb; Thu, 10 Oct 2024 20:28:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 49AKSTdo005305; Thu, 10 Oct 2024 20:28:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 49AKSTis005302; Thu, 10 Oct 2024 20:28:29 GMT (envelope-from git) Date: Thu, 10 Oct 2024 20:28:29 GMT Message-Id: <202410102028.49AKSTis005302@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 012c194f39e8 - stable/14 - tty: delete knotes when TTY is revoked List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 012c194f39e872aad9e7a9798ef94662832bd11d Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=012c194f39e872aad9e7a9798ef94662832bd11d commit 012c194f39e872aad9e7a9798ef94662832bd11d Author: Robert Wing AuthorDate: 2023-12-19 00:40:46 +0000 Commit: Mark Johnston CommitDate: 2024-10-10 20:28:20 +0000 tty: delete knotes when TTY is revoked Do not clear knotes from the TTY until it gets dealloc'ed, unless the TTY is being revoked, in that case delete the knotes when closed is called on the TTY. When knotes are cleared from a knlist, those knotes become detached from the knlist. And when an event is triggered on a detached knote there isn't an associated knlist and therefore no lock will be taken when the event is triggered. This becomes a problem when a detached knote is triggered on a TTY since the mutex for a TTY is also used as the lock for its knlists. This scenario ends up calling the TTY event handlers without the TTY lock being held and tripping on asserts in the event handlers. PR: 272151 Reviewed by: kib, markj Differential Revision: https://reviews.freebsd.org/D41605 (cherry picked from commit acd5638e268a6706f6b7ad84947a8425e8d51ef7) --- sys/kern/tty.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 6848fbf558b0..b6e300321e9c 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -254,9 +254,6 @@ ttydev_leave(struct tty *tp) ttyoutq_free(&tp->t_outq); tp->t_outlow = 0; - knlist_clear(&tp->t_inpoll.si_note, 1); - knlist_clear(&tp->t_outpoll.si_note, 1); - if (!tty_gone(tp)) ttydevsw_close(tp); @@ -370,7 +367,7 @@ done: tp->t_flags &= ~TF_OPENCLOSE; static int ttydev_close(struct cdev *dev, int fflag, int devtype __unused, - struct thread *td __unused) + struct thread *td) { struct tty *tp = dev->si_drv1; @@ -393,8 +390,11 @@ ttydev_close(struct cdev *dev, int fflag, int devtype __unused, } /* If revoking, flush output now to avoid draining it later. */ - if (fflag & FREVOKE) + if ((fflag & FREVOKE) != 0) { tty_flush(tp, FWRITE); + knlist_delete(&tp->t_inpoll.si_note, td, 1); + knlist_delete(&tp->t_outpoll.si_note, td, 1); + } tp->t_flags &= ~TF_EXCLUDE; @@ -1121,6 +1121,8 @@ tty_dealloc(void *arg) ttyoutq_free(&tp->t_outq); seldrain(&tp->t_inpoll); seldrain(&tp->t_outpoll); + knlist_clear(&tp->t_inpoll.si_note, 0); + knlist_clear(&tp->t_outpoll.si_note, 0); knlist_destroy(&tp->t_inpoll.si_note); knlist_destroy(&tp->t_outpoll.si_note);