The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@xxxxxxxxxxxxxxx>.
Possible dependencies:
c9ab053e56ce ("tty: n_gsm: replace kicktimer with delayed_work")
4bb1a53be85f ("tty: n_gsm: initialize more members at gsm_alloc_mux()")
734966043860 ("tty: n_gsm: fix resource allocation order in gsm_activate_mux()")
0af021678d5d ("tty: n_gsm: fix deadlock and link starvation in outgoing data path")
bec0224816d1 ("tty: n_gsm: fix non flow control frames during mux flow off")
c568f7086c6e ("tty: n_gsm: fix missing timer to handle stalled links")
556fc8ac0651 ("tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output()")
01aecd917114 ("tty: n_gsm: fix tty registration before control channel open")
925ea0fa5277 ("tty: n_gsm: Fix packet data hex dump output")
f4f7d6328721 ("tty: n_gsm: fix software flow control handling")
c19ffe00fed6 ("tty: n_gsm: fix invalid use of MSC in advanced option")
a8c5b8255f8a ("tty: n_gsm: fix broken virtual tty handling")
48473802506d ("tty: n_gsm: fix missing update of modem controls after DLCI open")
73029a4d7161 ("tty: n_gsm: fix reset fifo race condition")
398867f59f95 ("tty: n_gsm: fix wrong command frame length field encoding")
17eac6520285 ("tty: n_gsm: fix missing explicit ldisc flush")
deefc58bafb4 ("tty: n_gsm: fix wrong DLCI release order")
7a0e4b1733b6 ("tty: n_gsm: fix frame reception handling")
06d5afd4d640 ("tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2")
284260f278b7 ("tty: n_gsm: fix mux cleanup after unregister tty device")
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From c9ab053e56ce13a949977398c8edc12e6c02fc95 Mon Sep 17 00:00:00 2001
From: Fedor Pchelkin <pchelkin@xxxxxxxxx>
Date: Mon, 29 Aug 2022 16:16:39 +0300
Subject: [PATCH] tty: n_gsm: replace kicktimer with delayed_work
A kick_timer timer_list is replaced with kick_timeout delayed_work to be
able to synchronize with mutexes as a prerequisite for the introduction
of tx_mutex.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: c568f7086c6e ("tty: n_gsm: fix missing timer to handle stalled links")
Cc: stable <stable@xxxxxxxxxx>
Reviewed-by: Jiri Slaby <jirislaby@xxxxxxxxxx>
Suggested-by: Hillf Danton <hdanton@xxxxxxxx>
Signed-off-by: Fedor Pchelkin <pchelkin@xxxxxxxxx>
Signed-off-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>
Link: https://lore.kernel.org/r/20220829131640.69254-2-pchelkin@xxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index d6598ca3640f..e23225aff5d9 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -256,7 +256,7 @@ struct gsm_mux {
struct list_head tx_data_list; /* Pending data packets */
/* Control messages */
- struct timer_list kick_timer; /* Kick TX queuing on timeout */
+ struct delayed_work kick_timeout; /* Kick TX queuing on timeout */
struct timer_list t2_timer; /* Retransmit timer for commands */
int cretries; /* Command retry counter */
struct gsm_control *pending_cmd;/* Our current pending command */
@@ -1009,7 +1009,7 @@ static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
gsm->tx_bytes += msg->len;
gsmld_write_trigger(gsm);
- mod_timer(&gsm->kick_timer, jiffies + 10 * gsm->t1 * HZ / 100);
+ schedule_delayed_work(&gsm->kick_timeout, 10 * gsm->t1 * HZ / 100);
}
/**
@@ -1984,16 +1984,16 @@ static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
}
/**
- * gsm_kick_timer - transmit if possible
- * @t: timer contained in our gsm object
+ * gsm_kick_timeout - transmit if possible
+ * @work: work contained in our gsm object
*
* Transmit data from DLCIs if the queue is empty. We can't rely on
* a tty wakeup except when we filled the pipe so we need to fire off
* new data ourselves in other cases.
*/
-static void gsm_kick_timer(struct timer_list *t)
+static void gsm_kick_timeout(struct work_struct *work)
{
- struct gsm_mux *gsm = from_timer(gsm, t, kick_timer);
+ struct gsm_mux *gsm = container_of(work, struct gsm_mux, kick_timeout.work);
unsigned long flags;
int sent = 0;
@@ -2458,7 +2458,7 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
}
/* Finish outstanding timers, making sure they are done */
- del_timer_sync(&gsm->kick_timer);
+ cancel_delayed_work_sync(&gsm->kick_timeout);
del_timer_sync(&gsm->t2_timer);
/* Finish writing to ldisc */
@@ -2605,7 +2605,7 @@ static struct gsm_mux *gsm_alloc_mux(void)
kref_init(&gsm->ref);
INIT_LIST_HEAD(&gsm->tx_ctrl_list);
INIT_LIST_HEAD(&gsm->tx_data_list);
- timer_setup(&gsm->kick_timer, gsm_kick_timer, 0);
+ INIT_DELAYED_WORK(&gsm->kick_timeout, gsm_kick_timeout);
timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
INIT_WORK(&gsm->tx_work, gsmld_write_task);
init_waitqueue_head(&gsm->event);
