lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20200228130400.GA3017265@kroah.com>
Date:   Fri, 28 Feb 2020 14:04:00 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Jiri Slaby <jslaby@...e.cz>
Cc:     linux-serial@...r.kernel.org, linux-kernel@...r.kernel.org,
        syzbot+26183d9746e62da329b8@...kaller.appspotmail.com
Subject: Re: [PATCH 2/2] vt: selection, push sel_lock up

On Fri, Feb 28, 2020 at 01:59:36PM +0100, Jiri Slaby wrote:
> On 28. 02. 20, 13:03, Greg KH wrote:
> > On Fri, Feb 28, 2020 at 12:54:06PM +0100, Jiri Slaby wrote:
> >> sel_lock cannot nest in the console lock. Thanks to syzkaller, the
> >> kernel states firmly:
> >>
> >>> WARNING: possible circular locking dependency detected
> >>> 5.6.0-rc3-syzkaller #0 Not tainted
> >>> ------------------------------------------------------
> >>> syz-executor.4/20336 is trying to acquire lock:
> >>> ffff8880a2e952a0 (&tty->termios_rwsem){++++}, at: tty_unthrottle+0x22/0x100 drivers/tty/tty_ioctl.c:136
> ...
> >>> other info that might help us debug this:
> >>>
> >>> Chain exists of:
> >>>   &tty->termios_rwsem --> console_lock --> sel_lock
> >>
> >> Clearly. From the above, we have:
> >>  console_lock -> sel_lock
> >>  sel_lock -> termios_rwsem
> >>  termios_rwsem -> console_lock
> >>
> >> Fix this by reversing the console_lock -> sel_lock dependency in
> >> ioctl(TIOCL_SETSEL). First, lock sel_lock, then console_lock.
> >>
> >> Signed-off-by: Jiri Slaby <jslaby@...e.cz>
> >> Reported-by: syzbot+26183d9746e62da329b8@...kaller.appspotmail.com
> >> Fixes: 07e6124a1a46 ("vt: selection, close sel_buffer race")
> > 
> > As 07e6124a1a46 was marked for stable, both of these should be as well,
> > right?
> 
> Ah, yes. My bad again, sorry.
> 
> > And did you happen to test these two with the syzbot tool to see if it
> > really did fix the report?
> 
> Nope, this syz* stuff is a black magic for me. How can I do that?

>From the syzbot report at the bottom it says:
	syzbot will keep track of this bug report. See:
	https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
	syzbot can test patches for this bug, for details see:
	https://goo.gl/tpsmEJ#testing-patches

Try running these through that and let's see if we get a "success"
report or not.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ