lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 1 Jan 2019 12:28:53 -0800
From:   Paul Fulghum <paulkf@...rogate.com>
To:     "linux-kernel@...r.kernel.org Mailing List" 
        <linux-kernel@...r.kernel.org>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
        Arnd Bergmann <arnd@...db.de>,
        Alan Cox <alan@...rguk.ukuu.org.uk>,
        syzbot <syzbot+c244af085a0159d22879@...kaller.appspotmail.com>,
        jslaby@...e.com, syzkaller-bugs@...glegroups.com
Subject: [PATCH] tty/n_hdlc: fix __might_sleep warning

Fix __might_sleep warning in tty/n_hdlc.c read due to copy_to_user call while current is TASK_INTERRUPTIBLE.
This is a false positive since the code path does not depend on current state remaining TASK_INTERRUPTIBLE.
The loop breaks out and sets TASK_RUNNING after calling copy_to_user. 
This patch supresses the warning by setting TASK_RUNNING before calling copy_to_user.

[1] https://syzkaller.appspot.com/bug?id=17d5de7f1fcab794cb8c40032f893f52de899324

Signed-off-by: Paul Fulghum <paulkf@...rogate.com>
Reported-by: syzbot <syzbot+c244af085a0159d22879@...kaller.appspotmail.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc: Arnd Bergmann <arnd@...db.de>
Cc: Alan Cox <alan@...rguk.ukuu.org.uk>
—
--- a/drivers/tty/n_hdlc.c	2018-12-23 15:55:59.000000000 -0800
+++ b/drivers/tty/n_hdlc.c	2019-01-01 11:44:47.148153954 -0800
@@ -597,6 +597,7 @@ static ssize_t n_hdlc_tty_read(struct tt
 				/* too large for caller's buffer */
 				ret = -EOVERFLOW;
 			} else {
+				__set_current_state(TASK_RUNNING);
 				if (copy_to_user(buf, rbuf->buf, rbuf->count))
 					ret = -EFAULT;
 				else

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ