On 2024/01/22 15:48, Jiri Slaby wrote: > On 20. 01. 24, 11:34, Tetsuo Handa wrote: >> syzbot is reporting sleep in atomic context, for gsmld_write() is calling >> con_write() with spinlock held and IRQs disabled. > > gsm should never be bound to a console in the first place. > > Noone has sent a patch to deny that yet. > > Follow: > https://lore.kernel.org/all/49453ebd-b321-4f34-a1a5-d828d8881010@xxxxxxxxxx/ > > And feel free to patch that ;). > > thanks, OK. Here is a deny-listing based filter using device number of sysfs entry. (We don't want to compare with the function address of con_write(). Thus, this patch is comparing with device major/minor numbers.) ---------- diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index 4036566febcb..6f9730dce5aa 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -3630,6 +3630,10 @@ static int gsmld_open(struct tty_struct *tty) if (tty->ops->write == NULL) return -EINVAL; + /* Can't be attached to virtual consoles. */ + if (tty->dev && MAJOR(tty->dev->devt) == 4 && MINOR(tty->dev->devt) < 64) + return -EINVAL; + /* Attach our ldisc data */ gsm = gsm_alloc_mux(); if (gsm == NULL) ---------- Is it possible to use allow-listing based filtering? (Attaching on /dev/tty (major=5, minor=0) causes current ssh session to be closed. Unexpectedly loosing connection might be a problem for fuzz testing...) ---------- #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <sys/ioctl.h> #include <linux/tty.h> int main(int argc, char *argv[]) { int ldisc = N_GSM0710; return ioctl(open(argv[1], O_RDWR | O_NOCTTY | O_NDELAY), TIOCSETD, &ldisc) == 0; } ----------
