From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To: Greg KH <gregkh@linuxfoundation.org>,
syzbot
<bot+57840b4d2cc5c46981d5b9e07c9b7b06d5bcf064@syzkaller.appspotmail.com>,
jslaby@suse.com
Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: [PATCH] tty: Don't call panic() at tty_ldisc_init()
Date: Thu, 5 Apr 2018 19:40:16 +0900 [thread overview]
Message-ID: <15c6c6bc-6592-8f0c-db84-647c5760f1d2@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <20171105103434.GC1487@kroah.com>
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
syzbot is reporting kernel panic [1] triggered by memory allocation failure
at tty_ldisc_get() from tty_ldisc_init(). But since both tty_ldisc_get()
and caller of tty_ldisc_init() can cleanly handle errors, tty_ldisc_init()
does not need to call panic() when tty_ldisc_get() failed.
[1] https://syzkaller.appspot.com/bug?id=883431818e036ae6a9981156a64b821110f39187
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: stable <stable@vger.kernel.org>
---
drivers/tty/tty_io.c | 5 ++++-
drivers/tty/tty_ldisc.c | 5 +++--
include/linux/tty.h | 2 +-
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index 63114ea..7c838b9 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -2816,7 +2816,10 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
kref_init(&tty->kref);
tty->magic = TTY_MAGIC;
- tty_ldisc_init(tty);
+ if (tty_ldisc_init(tty)) {
+ kfree(tty);
+ return NULL;
+ }
tty->session = NULL;
tty->pgrp = NULL;
mutex_init(&tty->legacy_mutex);
diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
index 050f4d6..08ddb2c 100644
--- a/drivers/tty/tty_ldisc.c
+++ b/drivers/tty/tty_ldisc.c
@@ -824,12 +824,13 @@ void tty_ldisc_release(struct tty_struct *tty)
* the tty structure is not completely set up when this call is made.
*/
-void tty_ldisc_init(struct tty_struct *tty)
+int tty_ldisc_init(struct tty_struct *tty)
{
struct tty_ldisc *ld = tty_ldisc_get(tty, N_TTY);
if (IS_ERR(ld))
- panic("n_tty: init_tty");
+ return PTR_ERR(ld);
tty->ldisc = ld;
+ return 0;
}
/**
diff --git a/include/linux/tty.h b/include/linux/tty.h
index 47f8af2..1dd587ba 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -701,7 +701,7 @@ static inline int tty_port_users(struct tty_port *port)
extern int tty_set_ldisc(struct tty_struct *tty, int disc);
extern int tty_ldisc_setup(struct tty_struct *tty, struct tty_struct *o_tty);
extern void tty_ldisc_release(struct tty_struct *tty);
-extern void tty_ldisc_init(struct tty_struct *tty);
+extern int __must_check tty_ldisc_init(struct tty_struct *tty);
extern void tty_ldisc_deinit(struct tty_struct *tty);
extern int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p,
char *f, int count);
--
1.8.3.1
next prev parent reply other threads:[~2018-04-05 10:40 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <94eb2c0630b4161a5e055d38a2e3@google.com>
2017-11-05 10:34 ` kernel panic: n_tty: init_tty Greg KH
2017-11-05 22:04 ` Eric Biggers
2017-11-06 12:14 ` Dmitry Vyukov
2017-11-06 12:37 ` Greg KH
2017-11-06 12:33 ` Greg KH
2017-11-06 17:26 ` Eric Biggers
2017-11-07 10:37 ` Dmitry Vyukov
2017-11-07 17:18 ` Alan Cox
2017-11-06 12:13 ` Dmitry Vyukov
2018-04-05 10:40 ` Tetsuo Handa [this message]
2018-04-25 11:04 ` Tetsuo Handa
2017-12-29 8:32 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=15c6c6bc-6592-8f0c-db84-647c5760f1d2@I-love.SAKURA.ne.jp \
--to=penguin-kernel@i-love.sakura.ne.jp \
--cc=bot+57840b4d2cc5c46981d5b9e07c9b7b06d5bcf064@syzkaller.appspotmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.