linux

History

Jiri Slaby e8c75a30a2 vt: selection, push sel_lock up sel_lock cannot nest in the console lock. Thanks to syzkaller, the kernel states firmly: > WARNING: possible circular locking dependency detected > 5.6.0-rc3-syzkaller #0 Not tainted > ------------------------------------------------------ > syz-executor.4/20336 is trying to acquire lock: > ffff8880a2e952a0 (&tty->termios_rwsem){++++}, at: tty_unthrottle+0x22/0x100 drivers/tty/tty_ioctl.c:136 > > but task is already holding lock: > ffffffff89462e70 (sel_lock){+.+.}, at: paste_selection+0x118/0x470 drivers/tty/vt/selection.c:374 > > which lock already depends on the new lock. > > the existing dependency chain (in reverse order) is: > > -> #2 (sel_lock){+.+.}: > mutex_lock_nested+0x1b/0x30 kernel/locking/mutex.c:1118 > set_selection_kernel+0x3b8/0x18a0 drivers/tty/vt/selection.c:217 > set_selection_user+0x63/0x80 drivers/tty/vt/selection.c:181 > tioclinux+0x103/0x530 drivers/tty/vt/vt.c:3050 > vt_ioctl+0x3f1/0x3a30 drivers/tty/vt/vt_ioctl.c:364 This is ioctl(TIOCL_SETSEL). Locks held on the path: console_lock -> sel_lock > -> #1 (console_lock){+.+.}: > console_lock+0x46/0x70 kernel/printk/printk.c:2289 > con_flush_chars+0x50/0x650 drivers/tty/vt/vt.c:3223 > n_tty_write+0xeae/0x1200 drivers/tty/n_tty.c:2350 > do_tty_write drivers/tty/tty_io.c:962 [inline] > tty_write+0x5a1/0x950 drivers/tty/tty_io.c:1046 This is write(). Locks held on the path: termios_rwsem -> console_lock > -> #0 (&tty->termios_rwsem){++++}: > down_write+0x57/0x140 kernel/locking/rwsem.c:1534 > tty_unthrottle+0x22/0x100 drivers/tty/tty_ioctl.c:136 > mkiss_receive_buf+0x12aa/0x1340 drivers/net/hamradio/mkiss.c:902 > tty_ldisc_receive_buf+0x12f/0x170 drivers/tty/tty_buffer.c:465 > paste_selection+0x346/0x470 drivers/tty/vt/selection.c:389 > tioclinux+0x121/0x530 drivers/tty/vt/vt.c:3055 > vt_ioctl+0x3f1/0x3a30 drivers/tty/vt/vt_ioctl.c:364 This is ioctl(TIOCL_PASTESEL). Locks held on the path: sel_lock -> termios_rwsem > other info that might help us debug this: > > Chain exists of: > &tty->termios_rwsem --> console_lock --> sel_lock Clearly. From the above, we have: console_lock -> sel_lock sel_lock -> termios_rwsem termios_rwsem -> console_lock Fix this by reversing the console_lock -> sel_lock dependency in ioctl(TIOCL_SETSEL). First, lock sel_lock, then console_lock. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Reported-by: syzbot+26183d9746e62da329b8@syzkaller.appspotmail.com Fixes: `07e6124a1a` ("vt: selection, close sel_buffer race") Cc: stable <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20200228115406.5735-2-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-02-28 16:06:49 +01:00
..
accessibility
acpi	ACPI: PM: s2idle: Check fixed wakeup events in acpi_s2idle_wake()	2020-02-21 10:01:25 -08:00
amba
android	for-5.6/io_uring-vfs-2020-01-29	2020-01-29 18:53:37 -08:00
ata	libata-5.6-2020-02-05	2020-02-06 06:11:50 +00:00
atm	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-01-28 16:02:33 -08:00
auxdisplay
base	ARM: SoC-related driver updates	2020-02-08 14:04:19 -08:00
bcma	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-01-28 16:02:33 -08:00
block	Merge branch 'merge.nfs-fs_parse.1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2020-02-08 13:26:41 -08:00
bluetooth	Bluetooth: btrtl: Use kvmalloc for FW allocations	2020-01-24 19:57:53 +01:00
bus	bus: moxtet: fix potential stack buffer overflow	2020-02-15 10:33:19 -08:00
cdrom
char	tpm: Initialize crypto_id of allocated_banks to HASH_ALGO__LAST	2020-02-17 20:47:06 +02:00
clk	ARM: SoC: late updates	2020-02-08 14:17:27 -08:00
clocksource	ARM: SoC: late updates	2020-02-08 14:17:27 -08:00
connector
counter
cpufreq	Merge branch 'pm-cpufreq'	2020-02-14 10:40:48 +01:00
cpuidle	ARM: SoC-related driver updates	2020-02-08 14:04:19 -08:00
crypto	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-01-28 16:02:33 -08:00
dax	dax: Get rid of fs_dax_get_by_host() helper	2020-01-16 09:52:27 -08:00
dca
devfreq	PM / devfreq: Add debugfs support with devfreq_summary file	2020-01-16 19:14:49 +09:00
dio
dma	ARM: Device-tree updates	2020-02-08 13:58:44 -08:00
dma-buf
edac	EDAC/sysfs: Remove csrow objects on errors	2020-02-13 13:29:41 +01:00
eisa
extcon
firewire
firmware	ARM: SoC-related driver updates	2020-02-08 14:04:19 -08:00
fpga
fsi	fsi: aspeed: add unspecified HAS_IOMEM dependency	2020-02-10 13:45:49 -08:00
gnss
gpio	gpio: sifive: fix static checker warning	2020-02-10 13:54:17 +01:00
gpu	Merge tag 'drm-intel-fixes-2020-02-20' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes	2020-02-21 12:46:54 +10:00
greybus
hid	drm pull for 5.6-rc1	2020-01-30 08:04:01 -08:00
hsi
hv	- Most of the commits here are work to enable host-initiated hibernation	2020-02-03 14:42:03 +00:00
hwmon	hwmon: (w83627ehf) Fix crash seen with W83627DHG-P	2020-02-21 09:16:24 -08:00
hwspinlock	hwspinlock: sirf: Use devm_hwspin_lock_register() to register hwlock controller	2020-01-21 16:16:36 -08:00
hwtracing
i2c	Merge branch 'i2c/for-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux	2020-02-07 12:54:13 -08:00
i3c
ide	proc: convert everything to "struct proc_ops"	2020-02-04 03:05:26 +00:00
idle	intel_idle: Introduce 'states_off' module parameter	2020-02-03 11:57:18 +01:00
iio	chrome platform changes for 5.6	2020-02-04 07:17:41 +00:00
infiniband	SCSI fixes on 20200221	2020-02-22 11:00:52 -08:00
input	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input	2020-02-15 16:49:25 -08:00
interconnect
iommu	iommu/arm-smmu: Restore naming of driver parameter prefix	2020-02-19 12:03:21 +01:00
ipack
irqchip	irqchip/gic-v4.1: Avoid 64bit division for the sake of 32bit ARM	2020-02-09 15:47:37 -08:00
isdn	proc: convert everything to "struct proc_ops"	2020-02-04 03:05:26 +00:00
leds	leds: lm3532: add pointer to documentation and fix typo	2020-01-22 21:08:24 +01:00
lightnvm
macintosh	powerpc updates for 5.6	2020-02-04 13:06:46 +00:00
mailbox
mcb
md	block-5.6-2020-02-16	2020-02-16 12:35:52 -08:00
media	chrome platform changes for 5.6	2020-02-04 07:17:41 +00:00
memory	mvebu drivers for 5.6 (part 1)	2020-01-16 10:45:44 -08:00
memstick
message	Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net	2020-01-19 22:10:04 +01:00
mfd	chrome platform changes for 5.6	2020-02-04 07:17:41 +00:00
misc	habanalabs: patched cb equals user cb in device memset	2020-02-11 11:12:47 +02:00
mmc	ioremap changes for 5.6	2020-01-27 13:03:00 -08:00
mtd	treewide: remove redundant IS_ERR() before error code check	2020-02-04 03:05:27 +00:00
mux
net	bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs.	2020-02-20 16:05:42 -08:00
nfc	nfc: pn544: Fix occasional HW initialization failure	2020-02-19 11:09:27 -08:00
ntb
nubus
nvdimm	mm: Cleanup __put_devmap_managed_page() vs ->page_free()	2020-01-31 10:30:37 -08:00
nvme	block-5.6-2020-02-22	2020-02-22 11:09:06 -08:00
nvmem	Merge branch 'i2c/for-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux	2020-02-07 12:54:13 -08:00
of	ARM: SoC-related driver updates	2020-02-08 14:04:19 -08:00
opp	ioremap changes for 5.6	2020-01-27 13:03:00 -08:00
oprofile
parisc	proc: convert everything to "struct proc_ops"	2020-02-04 03:05:26 +00:00
parport
pci	pci-v5.6-fixes-1	2020-02-06 14:17:38 +00:00
pcmcia
perf	perf/smmuv3: Use platform_get_irq_optional() for wired interrupt	2020-02-10 18:14:46 +00:00
phy	treewide: remove redundant IS_ERR() before error code check	2020-02-04 03:05:27 +00:00
pinctrl	pinctrl: fix pxa2xx.c build warnings	2020-02-04 03:05:24 +00:00
platform	Merge branch 'akpm' (patches from Andrew)	2020-02-04 07:24:48 +00:00
pnp	proc: convert everything to "struct proc_ops"	2020-02-04 03:05:26 +00:00
power	ARM: SoC platform updates	2020-02-08 13:55:25 -08:00
powercap
pps
ps3
ptp	Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net	2020-01-19 22:10:04 +01:00
pwm	pwm: Remove set but not set variable 'pwm'	2020-01-20 15:40:49 +01:00
rapidio
ras
regulator	- New Drivers	2020-02-03 14:51:57 +00:00
remoteproc	remoteproc: qcom: q6v5-mss: Improve readability of reset_assert	2020-01-24 09:34:07 -08:00
reset
rpmsg	rpmsg: add rpmsg support for mt8183 SCP.	2020-01-20 10:29:56 -08:00
rtc	chrome platform changes for 5.6	2020-02-04 07:17:41 +00:00
s390	s390 updates for 5.6-rc3	2020-02-22 10:43:41 -08:00
sbus
scsi	scsi: megaraid_sas: silence a warning	2020-02-12 19:13:48 -05:00
sfi
sh
siox
slimbus
soc	soc/tegra: fuse: Fix build with Tegra194 configuration	2020-02-11 15:00:15 -08:00
soundwire	soundwire: cadence: fix kernel-doc parameter descriptions	2020-01-16 17:34:38 +05:30
spi	treewide: remove redundant IS_ERR() before error code check	2020-02-04 03:05:27 +00:00
spmi	spmi: pmic-arb: Set lockdep class for hierarchical irq domains	2020-02-10 13:16:04 +01:00
ssb
staging	vt: selection, push console lock down	2020-02-28 16:06:49 +01:00
target	scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session"	2020-02-14 17:13:54 -05:00
tc	The main MIPS changes for 5.6:	2020-01-31 11:28:31 -08:00
tee	ARM: SoC-related driver updates	2020-02-08 14:04:19 -08:00
thermal	- Fix a SEVERE docs build failure for cpu idle cooling device (Randy Dunlap)	2020-01-31 14:39:21 -08:00
thunderbolt	thunderbolt: Prevent crash if non-active NVMem file is read	2020-02-13 04:59:30 -08:00
tty	vt: selection, push sel_lock up	2020-02-28 16:06:49 +01:00
uio
usb	USB: misc: iowarrior: add support for the 100 device	2020-02-17 10:44:43 +01:00
vfio	VFIO updates for v5.6-rc1	2020-02-03 22:22:05 +00:00
vhost
video	Kbuild updates for v5.6 (2nd)	2020-02-09 16:05:50 -08:00
virt
virtio	virtio_balloon: Fix memory leaks on errors in virtballoon_probe()	2020-02-06 03:40:27 -05:00
visorbus
vlynq
vme	Char/Misc driver changes for 5.6-rc1	2020-01-29 10:35:54 -08:00
w1	Char/Misc driver changes for 5.6-rc1	2020-01-29 10:35:54 -08:00
watchdog	watchdog: da9062: Add dependency on I2C	2020-02-17 13:19:08 +01:00
xen	xen: branch for v5.6-rc3	2020-02-21 16:10:10 -08:00
zorro	Kbuild updates for v5.6 (2nd)	2020-02-09 16:05:50 -08:00
Kconfig
Makefile