lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 29 Dec 2018 20:48:42 +0900
From:   Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To:     Paul Fulghum <paulkf@...rogate.com>, Arnd Bergmann <arnd@...db.de>,
        Alan Cox <alan@...rguk.ukuu.org.uk>
Cc:     syzbot <syzbot+c244af085a0159d22879@...kaller.appspotmail.com>,
        gregkh@...uxfoundation.org, jslaby@...e.com,
        linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: [PATCH] tty/n_hdlc: fix sleep in !TASK_RUNNING state warning

syzbot is hitting __might_sleep() warning [1], for commit 1035b63d3c6fc34a
("n_hdlc: fix read and write locking") changed to set TASK_INTERRUPTIBLE
state before calling copy_to_user(). Let's set TASK_INTERRUPTIBLE state
immediately before calling schedule().

[1] https://syzkaller.appspot.com/bug?id=17d5de7f1fcab794cb8c40032f893f52de899324

Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Reported-by: syzbot <syzbot+c244af085a0159d22879@...kaller.appspotmail.com>
Cc: Paul Fulghum <paulkf@...rogate.com>
Cc: Arnd Bergmann <arnd@...db.de>
Cc: Alan Cox <alan@...rguk.ukuu.org.uk>
---
 drivers/tty/n_hdlc.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/drivers/tty/n_hdlc.c b/drivers/tty/n_hdlc.c
index dabb391..7835489 100644
--- a/drivers/tty/n_hdlc.c
+++ b/drivers/tty/n_hdlc.c
@@ -589,8 +589,6 @@ static ssize_t n_hdlc_tty_read(struct tty_struct *tty, struct file *file,
 		if (tty_hung_up_p(file))
 			break;
 
-		set_current_state(TASK_INTERRUPTIBLE);
-
 		rbuf = n_hdlc_buf_get(&n_hdlc->rx_buf_list);
 		if (rbuf) {
 			if (rbuf->count > nr) {
@@ -617,6 +615,7 @@ static ssize_t n_hdlc_tty_read(struct tty_struct *tty, struct file *file,
 			break;
 		}
 
+		set_current_state(TASK_INTERRUPTIBLE);
 		schedule();
 
 		if (signal_pending(current)) {
@@ -673,8 +672,6 @@ static ssize_t n_hdlc_tty_write(struct tty_struct *tty, struct file *file,
 	add_wait_queue(&tty->write_wait, &wait);
 
 	for (;;) {
-		set_current_state(TASK_INTERRUPTIBLE);
-	
 		tbuf = n_hdlc_buf_get(&n_hdlc->tx_free_buf_list);
 		if (tbuf)
 			break;
@@ -683,6 +680,8 @@ static ssize_t n_hdlc_tty_write(struct tty_struct *tty, struct file *file,
 			error = -EAGAIN;
 			break;
 		}
+
+		set_current_state(TASK_INTERRUPTIBLE);
 		schedule();
 			
 		n_hdlc = tty2n_hdlc (tty);
-- 
1.8.3.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ