android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
598c2d41ff
android_kernel_samsung_sm8650/drivers/tty
History
Tetsuo Handa 598c2d41ff tty: Avoid possible error pointer dereference at tty_ldisc_restore(). 
syzbot is reporting crashes [1] triggered by memory allocation failure at
tty_ldisc_get() from tty_ldisc_restore(). While syzbot stops at WARN_ON()
due to panic_on_warn == true, panic_on_warn == false will after all trigger
an OOPS by dereferencing old->ops->num if IS_ERR(old) == true.

We can simplify tty_ldisc_restore() as three calls (old->ops->num, N_TTY,
N_NULL) to tty_ldisc_failto() in addition to avoiding possible error
pointer dereference.

If someone reports kernel panic triggered by forcing all memory allocations
for tty_ldisc_restore() to fail, we can consider adding __GFP_NOFAIL for
tty_ldisc_restore() case.

[1] https://syzkaller.appspot.com/bug?id=6ac359c61e71d22e06db7f8f88243feb11d927e7

Reported-by: syzbot+40b7287c2dc987c48c81@syzkaller.appspotmail.com
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Alan Cox <alan@llwyncelyn.cymru>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Michal Hocko <mhocko@suse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-04-23 11:05:52 +02:00
..
hvc TTY/Serial driver patches for 4.17-rc1 2018-04-04 18:43:49 -07:00
ipwireless treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
serdev serdev: Fix typo in serdev_device_alloc 2018-03-14 15:02:45 +01:00
serial tty: serial: qcom_geni_serial: Use signed variable to get IRQ 2018-04-23 10:22:30 +02:00
vt TTY/Serial driver patches for 4.17-rc1 2018-04-04 18:43:49 -07:00
amiserial.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
cyclades.c treewide: Switch DEFINE_TIMER callbacks to struct timer_list * 2017-11-21 15:57:05 -08:00
ehv_bytechan.c tty: ehv_bytechan: fix spelling mistake 2017-11-08 14:27:10 +01:00
goldfish.c tty: goldfish: Enable 'earlycon' only if built-in 2017-12-15 20:27:44 +01:00
isicom.c tty/isicom: Fix a possible sleep-in-atomic bug in WaitTillCardIsFree 2017-12-15 20:24:14 +01:00
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2018-04-09 09:04:10 -07:00
Makefile tty: remove bfin_jtag_comm and hvc_bfin_jtag drivers 2018-03-26 15:57:24 +02:00
mips_ejtag_fdc.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
moxa.c tty: moxa: Add support for CMSPAR 2017-11-28 15:32:33 +01:00
moxa.h tty: moxa: Add support for CMSPAR 2017-11-28 15:32:33 +01:00
mxser.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
mxser.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
n_gsm.c tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set 2018-04-22 17:34:40 +02:00
n_hdlc.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
n_null.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
n_r3964.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
n_tracerouter.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
n_tracesink.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
n_tracesink.h tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
n_tty.c tty: make n_tty_read() always abort if hangup is in progress 2018-02-28 13:21:10 +01:00
nozomi.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
pty.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
rocket_int.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rocket.c treewide: Switch DEFINE_TIMER callbacks to struct timer_list * 2017-11-21 15:57:05 -08:00
rocket.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
synclink_gt.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
synclink.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
synclinkmp.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
sysrq.c fs: add ksys_sync() helper; remove in-kernel calls to sys_sync() 2018-04-02 20:16:05 +02:00
tty_audit.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
tty_baudrate.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
tty_buffer.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
tty_io.c tty: make n_tty_read() always abort if hangup is in progress 2018-02-28 13:21:10 +01:00
tty_ioctl.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
tty_jobctrl.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
tty_ldisc.c tty: Avoid possible error pointer dereference at tty_ldisc_restore(). 2018-04-23 11:05:52 +02:00
tty_ldsem.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
tty_mutex.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tty_port.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
vcc.c tty: vcc: Convert timers to use timer_setup() 2017-11-04 12:01:54 +01:00