lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 29 Aug 2022 08:59:31 +0200
From:   Jiri Slaby <jirislaby@...nel.org>
To:     Fedor Pchelkin <pchelkin@...ras.ru>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Daniel Starke <daniel.starke@...mens.com>
Cc:     linux-kernel@...r.kernel.org,
        Alexey Khoroshilov <khoroshilov@...ras.ru>,
        ldv-project@...uxtesting.org, Hillf Danton <hdanton@...a.com>
Subject: Re: [PATCH v3] tty: n_gsm: avoid call of sleeping functions from
 atomic context

On 27. 08. 22, 21:55, Fedor Pchelkin wrote:
> Syzkaller reports the following problem:
...
> The patch replaces tx_lock spinlock with mutex in order to avoid the
> problem. Also kick_timer timer_list is replaced with kick_timeout
> delayed_work to be able to synchronize with mutexes, as suggested by
> Hillf Danton <hdanton@...a.com>.
> 
> Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
> 
> Fixes: 32dd59f96924 ("tty: n_gsm: fix race condition in gsmld_write()")
> Fixes: c568f7086c6e ("tty: n_gsm: fix missing timer to handle stalled links")
> Signed-off-by: Fedor Pchelkin <pchelkin@...ras.ru>
> Signed-off-by: Alexey Khoroshilov <khoroshilov@...ras.ru>
> ---
> v1->v2: sorry, now adapted patch from 5.10 to upstream
> v2->v3: replaced a kick_timer with a delayed_work

Please do so separately. That is, split the below 2 changes into two 
patches.

> --- a/drivers/tty/n_gsm.c
> +++ b/drivers/tty/n_gsm.c
> @@ -248,7 +248,7 @@ struct gsm_mux {
>   	bool constipated;		/* Asked by remote to shut up */
>   	bool has_devices;		/* Devices were registered */
>   
> -	spinlock_t tx_lock;
> +	struct mutex tx_mutex;
>   	unsigned int tx_bytes;		/* TX data outstanding */
>   #define TX_THRESH_HI		8192
>   #define TX_THRESH_LO		2048
> @@ -256,7 +256,7 @@ struct gsm_mux {
>   	struct list_head tx_data_list;	/* Pending data packets */
>   
>   	/* Control messages */
> -	struct timer_list kick_timer;	/* Kick TX queuing on timeout */
> +	struct delayed_work kick_timeout;	/* Kick TX queuing on timeout */
>   	struct timer_list t2_timer;	/* Retransmit timer for commands */
>   	int cretries;			/* Command retry counter */
>   	struct gsm_control *pending_cmd;/* Our current pending command */

thanks,
-- 
js
suse labs

Powered by blists - more mailing lists