| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170801124204.GA457@jagdpanzerIV.localdomain>
Date: Tue, 1 Aug 2017 21:42:04 +0900
From: Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>
To: Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Linux-Next Mailing List <linux-next@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Stephen Rothwell <sfr@...b.auug.org.au>,
Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>
Subject: Re: linux-next: Tree for Aug 1
Hello,
seems that commit 979990c6284814617 ("tty: improve tty_insert_flip_char()
fast path") panics my kernel.
in particular, this part
@@ -26,7 +27,7 @@ static inline int tty_insert_flip_char(struct tty_port *port,
*char_buf_ptr(tb, tb->used++) = ch;
return 1;
}
- return tty_insert_flip_string_flags(port, &ch, &flag, 1);
+ return __tty_insert_flip_char(port, ch, flag);
}
I see various callstacks, but all endup in llist_del_first() -> fatal exception
in interrupt -> panic()
...
uart_insert_char()
__tty_insert_flip_char()
__tty_buffer_request_room()
llist_del_first()
or
...
kdb_event()
puts_queue()
__tty_insert_flip_char()
__tty_buffer_request_room()
llist_del_first()
to reproduce:
1) screen /dev/ttyS0 115200
2) send several chars down to /dev/ttyS0, enough to panic() the kernel.
reverting that __tty_insert_flip_char(port, ch, flag) seems to work
on my side.
-ss
Powered by blists - more mailing lists