Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-27 06:31:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
fb855e9f3b
linux/drivers
History
Jiri Slaby (SUSE) fb855e9f3b can: slcan: fix freed work crash 
The LTP test pty03 is causing a crash in slcan:
  BUG: kernel NULL pointer dereference, address: 0000000000000008
  #PF: supervisor read access in kernel mode
  #PF: error_code(0x0000) - not-present page
  PGD 0 P4D 0
  Oops: 0000 [#1] PREEMPT SMP NOPTI
  CPU: 0 PID: 348 Comm: kworker/0:3 Not tainted 6.0.8-1-default #1 openSUSE Tumbleweed 9d20364b934f5aab0a9bdf84e8f45cfdfae39dab
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014
  Workqueue:  0x0 (events)
  RIP: 0010:process_one_work (/home/rich/kernel/linux/kernel/workqueue.c:706 /home/rich/kernel/linux/kernel/workqueue.c:2185)
  Code: 49 89 ff 41 56 41 55 41 54 55 53 48 89 f3 48 83 ec 10 48 8b 06 48 8b 6f 48 49 89 c4 45 30 e4 a8 04 b8 00 00 00 00 4c 0f 44 e0 <49> 8b 44 24 08 44 8b a8 00 01 00 00 41 83 e5 20 f6 45 10 04 75 0e
  RSP: 0018:ffffaf7b40f47e98 EFLAGS: 00010046
  RAX: 0000000000000000 RBX: ffff9d644e1b8b48 RCX: ffff9d649e439968
  RDX: 00000000ffff8455 RSI: ffff9d644e1b8b48 RDI: ffff9d64764aa6c0
  RBP: ffff9d649e4335c0 R08: 0000000000000c00 R09: ffff9d64764aa734
  R10: 0000000000000007 R11: 0000000000000001 R12: 0000000000000000
  R13: ffff9d649e4335e8 R14: ffff9d64490da780 R15: ffff9d64764aa6c0
  FS:  0000000000000000(0000) GS:ffff9d649e400000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000008 CR3: 0000000036424000 CR4: 00000000000006f0
  Call Trace:
   <TASK>
  worker_thread (/home/rich/kernel/linux/kernel/workqueue.c:2436)
  kthread (/home/rich/kernel/linux/kernel/kthread.c:376)
  ret_from_fork (/home/rich/kernel/linux/arch/x86/entry/entry_64.S:312)

Apparently, the slcan's tx_work is freed while being scheduled. While
slcan_netdev_close() (netdev side) calls flush_work(&sl->tx_work),
slcan_close() (tty side) does not. So when the netdev is never set UP,
but the tty is stuffed with bytes and forced to wakeup write, the work
is scheduled, but never flushed.

So add an additional flush_work() to slcan_close() to be sure the work
is flushed under all circumstances.

The Fixes commit below moved flush_work() from slcan_close() to
slcan_netdev_close(). What was the rationale behind it? Maybe we can
drop the one in slcan_netdev_close()?

I see the same pattern in can327. So it perhaps needs the very same fix.

Fixes: cfcb4465e9 ("can: slcan: remove legacy infrastructure")
Link: https://bugzilla.suse.com/show_bug.cgi?id=1205597
Reported-by: Richard Palethorpe <richard.palethorpe@suse.com>
Tested-by: Petr Vorel <petr.vorel@suse.com>
Cc: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Cc: Wolfgang Grandegger <wg@grandegger.com>
Cc: Marc Kleine-Budde <mkl@pengutronix.de>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: linux-can@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: stable@vger.kernel.org
Cc: Max Staudt <max@enpas.org>
Signed-off-by: Jiri Slaby (SUSE) <jirislaby@kernel.org>
Reviewed-by: Max Staudt <max@enpas.org>
Link: https://lore.kernel.org/all/20221201073426.17328-1-jirislaby@kernel.org
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2022-12-07 10:32:24 +01:00
..
accessibility speakup: replace utils' u_char with unsigned char 2022-11-09 15:25:24 +01:00
acpi platform-drivers-x86 for v6.1-3 2022-11-07 10:19:04 -08:00
amba
android binder: validate alloc->mm in ->mmap() handler 2022-11-09 15:41:27 +01:00
ata ata: libata-core: do not issue non-internal commands once EH is pending 2022-11-12 07:51:06 +09:00
atm
auxdisplay
base ACPI and device properties fixes for 6.1-rc3 2022-10-28 16:48:29 -07:00
bcma Interrupt subsystem updates: 2022-10-12 10:23:24 -07:00
block block-6.1-2022-11-25 2022-11-25 17:50:57 -08:00
bluetooth Bluetooth: btusb: Add debug message for CSR controllers 2022-12-02 13:09:30 -08:00
bus bus: ixp4xx: Don't touch bit 7 on IXP42x 2022-11-22 23:12:18 +01:00
cdrom
char random: use arch_get_random*_early() in random_init() 2022-10-29 00:24:03 +02:00
clk clk: qcom: Update the force mem core bit for GPU clocks 2022-10-27 17:23:29 -07:00
clocksource clocksource/drivers/arm_arch_timer: Fix XGene-1 TVAL register math error 2022-11-21 16:01:56 +01:00
comedi
connector
counter counter: 104-quad-8: Fix race getting function mode and direction 2022-10-23 20:39:26 -04:00
cpufreq cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection 2022-11-22 19:57:15 +01:00
cpuidle RISC-V Patches for the 6.1 Merge Window, Part 1 2022-10-09 13:24:01 -07:00
crypto This update includes the following changes: 2022-10-10 13:04:25 -07:00
cxl cxl/region: Recycle region ids 2022-11-04 16:03:43 -07:00
dax libnvdimm for 6.1 2022-10-14 18:41:41 -07:00
dca
devfreq PM / devfreq: rockchip-dfi: Fix an error message 2022-09-26 03:59:43 +09:00
dio
dma dmaengine: at_hdmac: Check return code of dma_async_device_register 2022-11-08 10:43:57 +05:30
dma-buf dma-buf: fix racing conflict of dma_heap_add() 2022-11-22 18:27:56 +05:30
edac Merge patch series "Use composable cache instead of L2 cache" 2022-10-13 11:07:13 -07:00
eisa
extcon extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered 2022-11-08 16:45:31 +01:00
firewire
firmware Char/Misc driver fixes for 6.1-rc6 2022-11-18 10:29:25 -08:00
fpga fpga: m10bmc-sec: Fix kconfig dependencies 2022-11-15 21:46:58 +08:00
fsi fsi: core: Check error number after calling ida_simple_get 2022-09-28 21:10:57 +09:30
gnss
gpio gpio: tegra: Convert to immutable irq chip 2022-10-20 13:47:54 +02:00
gpu Merge tag 'amd-drm-fixes-6.1-2022-11-23' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes 2022-11-25 10:55:23 +10:00
greybus
hid for-linus-2022111101 2022-11-11 09:03:19 -08:00
hsi HSI: nokia-modem: Replace of_gpio_count() by gpiod_count() 2022-09-20 17:29:29 +02:00
hte
hv Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() 2022-11-21 10:57:42 +00:00
hwmon Revert "hwmon: (pmbus) Add regulator supply into macro" 2022-11-04 16:47:01 -07:00
hwspinlock
hwtracing coresight: cti: Fix hang in cti_disable_hw() 2022-10-25 19:08:07 +02:00
i2c i2c: i801: add lis3lv02d's I2C address for Vostro 5568 2022-11-01 13:46:30 +01:00
i3c i3c: master: Remove the wrong place of reattach. 2022-10-12 23:45:29 +02:00
idle intel_idle: Add AlderLake-N support 2022-09-21 20:33:49 +02:00
iio iio: adc: aspeed: Remove the trim valid dts property. 2022-11-14 20:20:08 +00:00
infiniband RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() 2022-10-28 12:59:40 -03:00
input Input updates for v6.1-rc5 2022-11-18 17:56:29 -08:00
interconnect Merge branch 'icc-ignore-return-val' into icc-next 2022-09-20 15:57:00 +03:00
iommu iommu/vt-d: Set SRE bit only when hardware has SRS cap 2022-11-19 10:46:52 +01:00
ipack Char/Misc and other driver changes for 6.1-rc1 2022-10-08 08:56:37 -07:00
irqchip Interrupt subsystem updates: 2022-10-12 10:23:24 -07:00
isdn mISDN: fix misuse of put_device() in mISDN_register_device() 2022-11-14 10:43:13 +00:00
leds leds: simatic-ipc-leds-gpio: fix incorrect LED to GPIO mapping 2022-10-24 11:32:10 +02:00
macintosh powerpc updates for 6.1 2022-10-09 14:05:15 -07:00
mailbox mailbox: qcom-ipcc: flag IRQ NO_THREAD 2022-10-05 21:51:58 -05:00
mcb
md block-6.1-2022-11-18 2022-11-18 13:59:45 -08:00
media media: vivid: set num_in/outputs to 0 if not supported 2022-10-25 16:43:34 +01:00
memory
memstick
message
mfd Revert "mfd: syscon: Remove repetition of the regmap_get_val_endian()" 2022-10-23 12:04:56 -07:00
misc misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() 2022-11-09 15:40:03 +01:00
mmc mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() 2022-11-16 17:00:39 +01:00
most
mtd mtd: onenand: omap2: add dependency on GPMC 2022-11-07 16:53:04 +01:00
mux
net can: slcan: fix freed work crash 2022-12-07 10:32:24 +01:00
nfc nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION 2022-11-23 20:01:50 -08:00
ntb
nubus
nvdimm libnvdimm for 6.1 2022-10-14 18:41:41 -07:00
nvme block-6.1-2022-11-18 2022-11-18 13:59:45 -08:00
nvmem nvmem: lan9662-otp: Change return type of lan9662_otp_wait_flag_clear() 2022-11-22 18:22:05 +01:00
of of: property: decrement node refcount in of_fwnode_get_reference_args() 2022-11-22 17:22:52 -06:00
opp
parisc parisc: Export iosapic_serial_irq() symbol for serial port driver 2022-10-27 09:12:05 +02:00
parport parport_pc: Avoid FIFO port location truncation 2022-11-09 15:40:32 +01:00
pci PCI: hv: Only reuse existing IRTE allocation for Multi-MSI 2022-11-12 12:43:59 +00:00
pcmcia pcmcia: remove AT91RM9200 Compact Flash driver 2022-09-27 08:12:16 +02:00
peci
perf arm64 fixes: 2022-10-14 12:38:03 -07:00
phy phy: ralink: mt7621-pci: add sentinel to quirks table 2022-11-05 13:01:25 +05:30
pinctrl pinctrl: mediatek: Export debounce time tables 2022-11-15 09:13:59 +01:00
platform platform-drivers-x86 for v6.1-4 2022-11-16 10:36:13 -08:00
pnp Merge branches 'acpi-apei', 'acpi-wakeup', 'acpi-reboot' and 'acpi-thermal' 2022-10-10 18:11:11 +02:00
power power: supply: ab8500: Defer thermal zone probe 2022-11-01 01:00:32 +01:00
powercap Scheduler changes for v6.1: 2022-10-10 09:10:28 -07:00
pps
ps3
ptp ] ptp: ocp: remove symlink for second GNSS 2022-10-10 08:37:24 +01:00
pwm pwm: Changes for v6.1-rc1 2022-10-07 11:32:10 -07:00
rapidio
ras
regulator regulator: Late fixes for v6.1 2022-11-25 13:54:48 -08:00
remoteproc remoteproc: virtio: Fix warning on bindings by removing the of_match_table 2022-10-05 09:20:44 -06:00
reset Here's the main clk pull request for this merge window. We have some 2022-10-08 10:06:48 -07:00
rpmsg rpmsg: char: Avoid double destroy of default endpoint 2022-09-21 11:21:33 -06:00
rtc rtc: cmos: fix build on non-ACPI platforms 2022-10-18 22:36:54 +02:00
s390 block-6.1-2022-11-25 2022-11-25 17:50:57 -08:00
sbus
scsi hyperv-fixes for 6.1-rc7 2022-11-25 12:32:42 -08:00
sh
siox siox: fix possible memory leak in siox_device_add() 2022-11-09 15:40:14 +01:00
slimbus slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m 2022-11-10 18:45:40 +01:00
soc soc: imx8m: Enable OCOTP clock before reading the register 2022-11-14 15:52:53 +08:00
soundwire soundwire: qcom: check for outanding writes before doing a read 2022-10-28 17:00:38 +05:30
spi spi: Fixes for v6.1 2022-11-23 11:19:06 -08:00
spmi spmi: pmic-arb: increase SPMI transaction timeout delay 2022-09-30 14:33:23 +02:00
ssb
staging Staging driver fix for 6.1-rc6 2022-11-18 12:02:38 -08:00
target scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() 2022-11-17 17:46:16 +00:00
tc
tee tee: optee: fix possible memory leak in optee_register_device() 2022-11-17 09:22:12 +01:00
thermal thermal: intel_powerclamp: Use first online CPU as control_cpu 2022-10-15 19:33:57 +02:00
thunderbolt treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
tty TTY/Serial driver fixes for 6.1-rc6 2022-11-18 10:59:52 -08:00
ufs scsi: ufs: core: Fix typo in comment 2022-10-22 03:29:32 +00:00
uio
usb usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 2022-11-22 16:52:05 +01:00
vdpa virtio: fixes, features 2022-10-10 14:02:53 -07:00
vfio vfio/pci: Check the device set open count on reset 2022-11-10 12:03:36 -07:00
vhost virtio: fixes, features 2022-10-10 14:02:53 -07:00
video Merge tag 'drm-misc-fixes-2022-11-24' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes 2022-11-25 09:21:11 +10:00
virt virt/sev-guest: Prevent IV reuse in the SNP guest driver 2022-11-21 11:03:40 +01:00
virtio virtio_pci: use irq to detect interrupt support 2022-10-13 09:33:03 -04:00
vlynq
w1 Char/Misc and other driver changes for 6.1-rc1 2022-10-08 08:56:37 -07:00
watchdog linux-watchdog 6.1-rc4 tag 2022-11-01 12:21:53 -07:00
xen xen: branch for v6.1-rc6 2022-11-16 10:49:06 -08:00
zorro
Kconfig
Makefile