From: Greg Kroah-Hartman Date: Sun, 27 Jan 2019 15:53:13 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v4.9.154~52 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1a693cac24becb34d684d66e87233e689ae2dec6;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: tty-handle-problem-if-line-discipline-does-not-have-receive_buf.patch tty-n_hdlc-fix-__might_sleep-warning.patch --- diff --git a/queue-4.4/series b/queue-4.4/series index 66f9d70910d..6de5ccf8e3b 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -12,3 +12,5 @@ s390-early-improve-machine-detection.patch s390-smp-fix-cpu-hotplug-deadlock-with-cpu-rescan.patch char-mwave-fix-potential-spectre-v1-vulnerability.patch staging-rtl8188eu-add-device-code-for-d-link-dwa-121-rev-b1.patch +tty-handle-problem-if-line-discipline-does-not-have-receive_buf.patch +tty-n_hdlc-fix-__might_sleep-warning.patch diff --git a/queue-4.4/tty-handle-problem-if-line-discipline-does-not-have-receive_buf.patch b/queue-4.4/tty-handle-problem-if-line-discipline-does-not-have-receive_buf.patch new file mode 100644 index 00000000000..77cc79ba8d0 --- /dev/null +++ b/queue-4.4/tty-handle-problem-if-line-discipline-does-not-have-receive_buf.patch @@ -0,0 +1,33 @@ +From 27cfb3a53be46a54ec5e0bd04e51995b74c90343 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Sun, 20 Jan 2019 10:46:58 +0100 +Subject: tty: Handle problem if line discipline does not have receive_buf + +From: Greg Kroah-Hartman + +commit 27cfb3a53be46a54ec5e0bd04e51995b74c90343 upstream. + +Some tty line disciplines do not have a receive buf callback, so +properly check for that before calling it. If they do not have this +callback, just eat the character quietly, as we can't fail this call. + +Reported-by: Jann Horn +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/tty_io.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/tty/tty_io.c ++++ b/drivers/tty/tty_io.c +@@ -2297,7 +2297,8 @@ static int tiocsti(struct tty_struct *tt + return -EFAULT; + tty_audit_tiocsti(tty, ch); + ld = tty_ldisc_ref_wait(tty); +- ld->ops->receive_buf(tty, &ch, &mbz, 1); ++ if (ld->ops->receive_buf) ++ ld->ops->receive_buf(tty, &ch, &mbz, 1); + tty_ldisc_deref(ld); + return 0; + } diff --git a/queue-4.4/tty-n_hdlc-fix-__might_sleep-warning.patch b/queue-4.4/tty-n_hdlc-fix-__might_sleep-warning.patch new file mode 100644 index 00000000000..d643f20c223 --- /dev/null +++ b/queue-4.4/tty-n_hdlc-fix-__might_sleep-warning.patch @@ -0,0 +1,42 @@ +From fc01d8c61ce02c034e67378cd3e645734bc18c8c Mon Sep 17 00:00:00 2001 +From: Paul Fulghum +Date: Tue, 1 Jan 2019 12:28:53 -0800 +Subject: tty/n_hdlc: fix __might_sleep warning + +From: Paul Fulghum + +commit fc01d8c61ce02c034e67378cd3e645734bc18c8c upstream. + +Fix __might_sleep warning[1] in tty/n_hdlc.c read due to copy_to_user +call while current is TASK_INTERRUPTIBLE. This is a false positive +since the code path does not depend on current state remaining +TASK_INTERRUPTIBLE. The loop breaks out and sets TASK_RUNNING after +calling copy_to_user. + +This patch supresses the warning by setting TASK_RUNNING before calling +copy_to_user. + +[1] https://syzkaller.appspot.com/bug?id=17d5de7f1fcab794cb8c40032f893f52de899324 + +Signed-off-by: Paul Fulghum +Reported-by: syzbot +Cc: Tetsuo Handa +Cc: Alan Cox +Cc: stable +Acked-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/n_hdlc.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/tty/n_hdlc.c ++++ b/drivers/tty/n_hdlc.c +@@ -598,6 +598,7 @@ static ssize_t n_hdlc_tty_read(struct tt + /* too large for caller's buffer */ + ret = -EOVERFLOW; + } else { ++ __set_current_state(TASK_RUNNING); + if (copy_to_user(buf, rbuf->buf, rbuf->count)) + ret = -EFAULT; + else