On Thu, Jun 01, 2017 at 02:06:08PM +0200, Dmitry Vyukov wrote: > On Wed, May 31, 2017 at 5:04 PM, Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx> wrote: > > On Wed, 31 May 2017 20:16:12 +0900 > > Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > >> On Wed, May 31, 2017 at 10:39:23AM +0200, Dmitry Vyukov wrote: > >> > On Tue, May 30, 2017 at 2:09 PM, Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx> wrote: > >> > >> >> I'll think about possible solutions, but I have no prior experience > >> > >> >> with the tty code. In the meantime syzkaller also hit a couple of > >> > >> >> other fun tty/pty bugs including a write/ioctl race that results in > >> > >> >> buffer overflow :-/ > >> > > > >> > > There are several of those, including some of that have been documented > >> > > for years but nobody ever volunteered to fix - in particular all the > >> > > interfaces that push characters to the tty other than via the normal > >> > > interrupt receive path are dodgy (console selection in particular) > >> > > > >> > > The original tty model btw was that setting the ldisc to n_tty cannot > >> > > fail, and the structure allocated was smaller than a page size so was > >> > > safe. > >> > > > >> > > The simple way to fix it is to restore that behaviour by adding a 'null' > >> > > ldisc that we can fail to instead of N_TTY since the N_TTY failback path > >> > > is long broken. > >> > > >> > Greg, what do you think about this patch? Are you ready to accept > >> > something like this? > >> > Definitely shorter than changing all drivers. > >> > >> Yes, it looks reasonable to me. > > > > > > > > Ok try this > > > I've applied the patch and run syzkaller with it. I don't see kernel > panics in tty_ldisc_restore any more. Also don't see any new > tty-related crashes. > > Greg, will you take it from here? I can if Alan sends it to me in a form I can apply it in (i.e. it has a siged-off-by line...) thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-serial" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
