s390-smp-fix-cpu-hotplug-deadlock-with-cpu-rescan.patch
char-mwave-fix-potential-spectre-v1-vulnerability.patch
staging-rtl8188eu-add-device-code-for-d-link-dwa-121-rev-b1.patch
+tty-handle-problem-if-line-discipline-does-not-have-receive_buf.patch
+tty-n_hdlc-fix-__might_sleep-warning.patch
--- /dev/null
+From 27cfb3a53be46a54ec5e0bd04e51995b74c90343 Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Sun, 20 Jan 2019 10:46:58 +0100
+Subject: tty: Handle problem if line discipline does not have receive_buf
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+commit 27cfb3a53be46a54ec5e0bd04e51995b74c90343 upstream.
+
+Some tty line disciplines do not have a receive buf callback, so
+properly check for that before calling it. If they do not have this
+callback, just eat the character quietly, as we can't fail this call.
+
+Reported-by: Jann Horn <jannh@google.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/tty_io.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/tty/tty_io.c
++++ b/drivers/tty/tty_io.c
+@@ -2297,7 +2297,8 @@ static int tiocsti(struct tty_struct *tt
+ return -EFAULT;
+ tty_audit_tiocsti(tty, ch);
+ ld = tty_ldisc_ref_wait(tty);
+- ld->ops->receive_buf(tty, &ch, &mbz, 1);
++ if (ld->ops->receive_buf)
++ ld->ops->receive_buf(tty, &ch, &mbz, 1);
+ tty_ldisc_deref(ld);
+ return 0;
+ }
--- /dev/null
+From fc01d8c61ce02c034e67378cd3e645734bc18c8c Mon Sep 17 00:00:00 2001
+From: Paul Fulghum <paulkf@microgate.com>
+Date: Tue, 1 Jan 2019 12:28:53 -0800
+Subject: tty/n_hdlc: fix __might_sleep warning
+
+From: Paul Fulghum <paulkf@microgate.com>
+
+commit fc01d8c61ce02c034e67378cd3e645734bc18c8c upstream.
+
+Fix __might_sleep warning[1] in tty/n_hdlc.c read due to copy_to_user
+call while current is TASK_INTERRUPTIBLE. This is a false positive
+since the code path does not depend on current state remaining
+TASK_INTERRUPTIBLE. The loop breaks out and sets TASK_RUNNING after
+calling copy_to_user.
+
+This patch supresses the warning by setting TASK_RUNNING before calling
+copy_to_user.
+
+[1] https://syzkaller.appspot.com/bug?id=17d5de7f1fcab794cb8c40032f893f52de899324
+
+Signed-off-by: Paul Fulghum <paulkf@microgate.com>
+Reported-by: syzbot <syzbot+c244af085a0159d22879@syzkaller.appspotmail.com>
+Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
+Cc: stable <stable@vger.kernel.org>
+Acked-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/n_hdlc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/tty/n_hdlc.c
++++ b/drivers/tty/n_hdlc.c
+@@ -598,6 +598,7 @@ static ssize_t n_hdlc_tty_read(struct tt
+ /* too large for caller's buffer */
+ ret = -EOVERFLOW;
+ } else {
++ __set_current_state(TASK_RUNNING);
+ if (copy_to_user(buf, rbuf->buf, rbuf->count))
+ ret = -EFAULT;
+ else
projects / thirdparty / kernel / stable-queue.git / commitdiff
