CVE-2021-47185: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc

CVE-2021-47185: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc

[Greg Kroah-Hartman]

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc

When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup,
which look like this one:

  Workqueue: events_unbound flush_to_ldisc
  Call trace:
   dump_backtrace+0x0/0x1ec
   show_stack+0x24/0x30
   dump_stack+0xd0/0x128
   panic+0x15c/0x374
   watchdog_timer_fn+0x2b8/0x304
   __run_hrtimer+0x88/0x2c0
   __hrtimer_run_queues+0xa4/0x120
   hrtimer_interrupt+0xfc/0x270
   arch_timer_handler_phys+0x40/0x50
   handle_percpu_devid_irq+0x94/0x220
   __handle_domain_irq+0x88/0xf0
   gic_handle_irq+0x84/0xfc
   el1_irq+0xc8/0x180
   slip_unesc+0x80/0x214 [slip]
   tty_ldisc_receive_buf+0x64/0x80
   tty_port_default_receive_buf+0x50/0x90
   flush_to_ldisc+0xbc/0x110
   process_one_work+0x1d4/0x4b0
   worker_thread+0x180/0x430
   kthread+0x11c/0x120

In the testcase pty04, The first process call the write syscall to send
data to the pty master. At the same time, the workqueue will do the
flush_to_ldisc to pop data in a loop until there is no more data left.
When the sender and workqueue running in different core, the sender sends
data fastly in full time which will result in workqueue doing work in loop
for a long time and occuring softlockup in flush_to_ldisc with kernel
configured without preempt. So I add need_resched check and cond_resched
in the flush_to_ldisc loop to avoid it.

The Linux kernel CVE team has assigned CVE-2021-47185 to this issue.


Affected and fixed versions
===========================

	Fixed in 4.4.293 with commit 0380f643f3a7
	Fixed in 4.9.291 with commit b1ffc16ec05a
	Fixed in 4.14.256 with commit 4c1623651a09
	Fixed in 4.19.218 with commit 4f300f47dbcf
	Fixed in 5.4.162 with commit d491c84df5c4
	Fixed in 5.10.82 with commit 77e9fed33056
	Fixed in 5.15.5 with commit 5c34486f0470
	Fixed in 5.16 with commit 3968ddcf05fb

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47185
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/tty/tty_buffer.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/0380f643f3a7a61b0845cdc738959c2ad5735d61
	https://git.kernel.org/stable/c/b1ffc16ec05ae40d82b6e373322d62e9d6b54fbc
	https://git.kernel.org/stable/c/4c1623651a0936ee197859824cdae6ebbd04d3ed
	https://git.kernel.org/stable/c/4f300f47dbcf9c3d4b2ea76c8554c8f360400725
	https://git.kernel.org/stable/c/d491c84df5c469dd9621863b6a770b3428137063
	https://git.kernel.org/stable/c/77e9fed33056f2a88eba9dd4d2d5412f0c7d1f41
	https://git.kernel.org/stable/c/5c34486f04700f1ba04907231dce0cc2705c2d7d
	https://git.kernel.org/stable/c/3968ddcf05fb4b9409cd1859feb06a5b0550a1c1