lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 20 May 2021 11:23:31 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     linux-kernel@...r.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        stable@...r.kernel.org, Tomas Melin <tomas.melin@...sala.com>,
        Sasha Levin <sashal@...nel.org>
Subject: [PATCH 4.14 319/323] serial: 8250: fix potential deadlock in rs485-mode

From: Tomas Melin <tomas.melin@...sala.com>

[ Upstream commit b86f86e8e7c5264bb8f5835d60f9ec840d9f5a7a ]

Canceling hrtimer when holding uart spinlock can deadlock.

CPU0: syscall write
          -> get uart port spinlock
              -> write uart
                  -> start_tx_rs485
                      -> hrtimer_cancel
                          -> wait for hrtimer callback to finish

CPU1: hrtimer IRQ
          -> run hrtimer
              -> em485_handle_stop_tx
                  -> get uart port spinlock

CPU0 is waiting for the hrtimer callback to finish, but the hrtimer
callback running on CPU1 is waiting to get the uart port spinlock.

This deadlock can be avoided by not canceling the hrtimers in these paths.
Setting active_timer=NULL can be done without accessing hrtimer,
and that will effectively cancel operations that would otherwise have been
performed by the hrtimer callback.

Signed-off-by: Tomas Melin <tomas.melin@...sala.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
 drivers/tty/serial/8250/8250_port.c |    3 ---
 1 file changed, 3 deletions(-)

--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -1527,7 +1527,6 @@ static inline void __stop_tx(struct uart
 			return;
 
 		em485->active_timer = NULL;
-		hrtimer_cancel(&em485->start_tx_timer);
 
 		__stop_tx_rs485(p);
 	}
@@ -1591,8 +1590,6 @@ static inline void start_tx_rs485(struct
 		serial8250_stop_rx(&up->port);
 
 	em485->active_timer = NULL;
-	if (hrtimer_is_queued(&em485->stop_tx_timer))
-		hrtimer_cancel(&em485->stop_tx_timer);
 
 	mcr = serial8250_in_MCR(up);
 	if (!!(up->port.rs485.flags & SER_RS485_RTS_ON_SEND) !=

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ