lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Feb 2020 14:04:00 +0100 From: Greg KH <gregkh@...uxfoundation.org> To: Jiri Slaby <jslaby@...e.cz> Cc: linux-serial@...r.kernel.org, linux-kernel@...r.kernel.org, syzbot+26183d9746e62da329b8@...kaller.appspotmail.com Subject: Re: [PATCH 2/2] vt: selection, push sel_lock up On Fri, Feb 28, 2020 at 01:59:36PM +0100, Jiri Slaby wrote: > On 28. 02. 20, 13:03, Greg KH wrote: > > On Fri, Feb 28, 2020 at 12:54:06PM +0100, Jiri Slaby wrote: > >> sel_lock cannot nest in the console lock. Thanks to syzkaller, the > >> kernel states firmly: > >> > >>> WARNING: possible circular locking dependency detected > >>> 5.6.0-rc3-syzkaller #0 Not tainted > >>> ------------------------------------------------------ > >>> syz-executor.4/20336 is trying to acquire lock: > >>> ffff8880a2e952a0 (&tty->termios_rwsem){++++}, at: tty_unthrottle+0x22/0x100 drivers/tty/tty_ioctl.c:136 > ... > >>> other info that might help us debug this: > >>> > >>> Chain exists of: > >>> &tty->termios_rwsem --> console_lock --> sel_lock > >> > >> Clearly. From the above, we have: > >> console_lock -> sel_lock > >> sel_lock -> termios_rwsem > >> termios_rwsem -> console_lock > >> > >> Fix this by reversing the console_lock -> sel_lock dependency in > >> ioctl(TIOCL_SETSEL). First, lock sel_lock, then console_lock. > >> > >> Signed-off-by: Jiri Slaby <jslaby@...e.cz> > >> Reported-by: syzbot+26183d9746e62da329b8@...kaller.appspotmail.com > >> Fixes: 07e6124a1a46 ("vt: selection, close sel_buffer race") > > > > As 07e6124a1a46 was marked for stable, both of these should be as well, > > right? > > Ah, yes. My bad again, sorry. > > > And did you happen to test these two with the syzbot tool to see if it > > really did fix the report? > > Nope, this syz* stuff is a black magic for me. How can I do that? >From the syzbot report at the bottom it says: syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this bug, for details see: https://goo.gl/tpsmEJ#testing-patches Try running these through that and let's see if we get a "success" report or not. thanks, greg k-h
Powered by blists - more mailing lists