lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <71582fee-257c-3ef4-7c03-3d43651898ff@suse.cz>
Date:   Fri, 28 Feb 2020 13:59:36 +0100
From:   Jiri Slaby <jslaby@...e.cz>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     linux-serial@...r.kernel.org, linux-kernel@...r.kernel.org,
        syzbot+26183d9746e62da329b8@...kaller.appspotmail.com
Subject: Re: [PATCH 2/2] vt: selection, push sel_lock up

On 28. 02. 20, 13:03, Greg KH wrote:
> On Fri, Feb 28, 2020 at 12:54:06PM +0100, Jiri Slaby wrote:
>> sel_lock cannot nest in the console lock. Thanks to syzkaller, the
>> kernel states firmly:
>>
>>> WARNING: possible circular locking dependency detected
>>> 5.6.0-rc3-syzkaller #0 Not tainted
>>> ------------------------------------------------------
>>> syz-executor.4/20336 is trying to acquire lock:
>>> ffff8880a2e952a0 (&tty->termios_rwsem){++++}, at: tty_unthrottle+0x22/0x100 drivers/tty/tty_ioctl.c:136
...
>>> other info that might help us debug this:
>>>
>>> Chain exists of:
>>>   &tty->termios_rwsem --> console_lock --> sel_lock
>>
>> Clearly. From the above, we have:
>>  console_lock -> sel_lock
>>  sel_lock -> termios_rwsem
>>  termios_rwsem -> console_lock
>>
>> Fix this by reversing the console_lock -> sel_lock dependency in
>> ioctl(TIOCL_SETSEL). First, lock sel_lock, then console_lock.
>>
>> Signed-off-by: Jiri Slaby <jslaby@...e.cz>
>> Reported-by: syzbot+26183d9746e62da329b8@...kaller.appspotmail.com
>> Fixes: 07e6124a1a46 ("vt: selection, close sel_buffer race")
> 
> As 07e6124a1a46 was marked for stable, both of these should be as well,
> right?

Ah, yes. My bad again, sorry.

> And did you happen to test these two with the syzbot tool to see if it
> really did fix the report?

Nope, this syz* stuff is a black magic for me. How can I do that?

thanks,
-- 
js
suse labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ