| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Oct 2023 10:34:40 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: "D. Starke" <daniel.starke@...mens.com>
Cc: linux-serial@...r.kernel.org, jirislaby@...nel.org,
ilpo.jarvinen@...ux.intel.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] tty: n_gsm: fix race condition in status line change
on dead connections
On Thu, Oct 26, 2023 at 10:27:37AM +0200, Greg KH wrote:
> On Thu, Oct 26, 2023 at 07:58:43AM +0200, D. Starke wrote:
> > From: Daniel Starke <daniel.starke@...mens.com>
> >
> > gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all
> > timers, removing the virtual tty devices and clearing the data queues.
> > This procedure, however, may cause subsequent changes of the virtual modem
> > status lines of a DLCI. More data is being added the outgoing data queue
> > and the deleted kick timer is restarted to handle this. At this point many
> > resources have already been removed by the cleanup procedure. Thus, a
> > kernel panic occurs.
> >
> > Fix this by proving in gsm_modem_update() that the cleanup procedure has
> > not been started and the mux is still alive.
> >
> > Note that writing to a virtual tty is already protected by checks against
> > the DLCI specific connection state.
> >
> > Fixes: c568f7086c6e ("tty: n_gsm: fix missing timer to handle stalled links")
> > Signed-off-by: Daniel Starke <daniel.starke@...mens.com>
> > ---
> > drivers/tty/n_gsm.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
> > index 1f3aba607cd5..0ee7531c9201 100644
> > --- a/drivers/tty/n_gsm.c
> > +++ b/drivers/tty/n_gsm.c
> > @@ -4108,6 +4108,8 @@ static int gsm_modem_upd_via_msc(struct gsm_dlci *dlci, u8 brk)
> >
> > static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk)
> > {
> > + if (dlci->gsm->dead)
> > + return -EL2HLT;
> > if (dlci->adaption == 2) {
> > /* Send convergence layer type 2 empty data frame. */
> > gsm_modem_upd_via_data(dlci, brk);
> > --
> > 2.34.1
> >
>
> Hi,
>
> This is the friendly patch-bot of Greg Kroah-Hartman. You have sent him
> a patch that has triggered this response. He used to manually respond
> to these common problems, but in order to save his sanity (he kept
> writing the same thing over and over, yet to different people), I was
> created. Hopefully you will not take offence and will fix the problem
> in your patch and resubmit it so that it can be accepted into the Linux
> kernel tree.
>
> You are receiving this message because of the following common error(s)
> as indicated below:
>
> - You have marked a patch with a "Fixes:" tag for a commit that is in an
> older released kernel, yet you do not have a cc: stable line in the
> signed-off-by area at all, which means that the patch will not be
> applied to any older kernel releases. To properly fix this, please
> follow the documented rules in the
> Documentation/process/stable-kernel-rules.rst file for how to resolve
> this.
>
> If you wish to discuss this problem further, or you have questions about
> how to resolve this issue, please feel free to respond to this email and
> Greg will reply once he has dug out from the pending patches received
> from other developers.
>
Note, I'll take this now, and add the tag by hand, just try to remember
it for the future.
thanks,
greg k-h
Powered by blists - more mailing lists