| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1683638872-6885-1-git-send-email-quic_prashk@quicinc.com>
Date: Tue, 9 May 2023 18:57:52 +0530
From: Prashanth K <quic_prashk@...cinc.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC: Xiu Jianfeng <xiujianfeng@...wei.com>,
Christophe JAILLET <christophe.jaillet@...adoo.fr>,
<linux-usb@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
Prashanth K <quic_prashk@...cinc.com>
Subject: [PATCH] usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push
When serial console over USB is enabled, gs_console_connect
queues gs_console_work, where it acquires the spinlock and
queues the usb request, and this request goes to gadget layer.
Now consider a situation where gadget layer prints something
to dmesg, this will eventually call gs_console_write() which
requires cons->lock. And this causes spinlock recursion. Avoid
this by excluding usb_ep_queue from the spinlock.
spin_lock_irqsave //needs cons->lock
gs_console_write
.
.
_printk
__warn_printk
dev_warn/pr_err
.
.
[USB Gadget Layer]
.
.
usb_ep_queue
gs_console_work
__gs_console_push // acquires cons->lock
process_one_work
Signed-off-by: Prashanth K <quic_prashk@...cinc.com>
---
drivers/usb/gadget/function/u_serial.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c
index a0ca47f..1bc96ff 100644
--- a/drivers/usb/gadget/function/u_serial.c
+++ b/drivers/usb/gadget/function/u_serial.c
@@ -916,8 +916,11 @@ static void __gs_console_push(struct gs_console *cons)
}
req->length = size;
+
+ spin_unlock_irq(&cons->lock);
if (usb_ep_queue(ep, req, GFP_ATOMIC))
req->length = 0;
+ spin_lock_irq(&cons->lock);
}
static void gs_console_work(struct work_struct *work)
--
2.7.4
Powered by blists - more mailing lists