A kick_timer timer_list is replaced with kick_timeout delayed_work to be
able to synchronize with mutexes as a prerequisite for the introduction
of tx_mutex.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: c568f7086c6e ("tty: n_gsm: fix missing timer to handle stalled links")
Suggested-by: Hillf Danton <[email protected]>
Signed-off-by: Fedor Pchelkin <[email protected]>
Signed-off-by: Alexey Khoroshilov <[email protected]>
---
v1->v2: sorry, now adapted patch from 5.10 to upstream
v2->v3: replaced a kick_timer with a delayed_work
v3->v4: separated kick_timer and tx_mutex into different patches
drivers/tty/n_gsm.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index caa5c14ed57f..c4164c85ffd4 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -256,7 +256,7 @@ struct gsm_mux {
struct list_head tx_data_list; /* Pending data packets */
/* Control messages */
- struct timer_list kick_timer; /* Kick TX queuing on timeout */
+ struct delayed_work kick_timeout; /* Kick TX queuing on timeout */
struct timer_list t2_timer; /* Retransmit timer for commands */
int cretries; /* Command retry counter */
struct gsm_control *pending_cmd;/* Our current pending command */
@@ -1009,7 +1009,7 @@ static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
gsm->tx_bytes += msg->len;
gsmld_write_trigger(gsm);
- mod_timer(&gsm->kick_timer, jiffies + 10 * gsm->t1 * HZ / 100);
+ schedule_delayed_work(&gsm->kick_timeout, 10 * gsm->t1 * HZ / 100);
}
/**
@@ -1984,16 +1984,16 @@ static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
}
/**
- * gsm_kick_timer - transmit if possible
- * @t: timer contained in our gsm object
+ * gsm_kick_timeout - transmit if possible
+ * @work: work contained in our gsm object
*
* Transmit data from DLCIs if the queue is empty. We can't rely on
* a tty wakeup except when we filled the pipe so we need to fire off
* new data ourselves in other cases.
*/
-static void gsm_kick_timer(struct timer_list *t)
+static void gsm_kick_timeout(struct work_struct *work)
{
- struct gsm_mux *gsm = from_timer(gsm, t, kick_timer);
+ struct gsm_mux *gsm = container_of(work, struct gsm_mux, kick_timeout.work);
unsigned long flags;
int sent = 0;
@@ -2458,7 +2458,7 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
}
/* Finish outstanding timers, making sure they are done */
- del_timer_sync(&gsm->kick_timer);
+ cancel_delayed_work_sync(&gsm->kick_timeout);
del_timer_sync(&gsm->t2_timer);
/* Finish writing to ldisc */
@@ -2501,7 +2501,7 @@ static int gsm_activate_mux(struct gsm_mux *gsm)
if (dlci == NULL)
return -ENOMEM;
- timer_setup(&gsm->kick_timer, gsm_kick_timer, 0);
+ INIT_DELAYED_WORK(&gsm->kick_timeout, gsm_kick_timeout);
timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
INIT_WORK(&gsm->tx_work, gsmld_write_task);
init_waitqueue_head(&gsm->event);
@@ -2946,7 +2946,7 @@ static int gsmld_open(struct tty_struct *tty)
gsmld_attach_gsm(tty, gsm);
- timer_setup(&gsm->kick_timer, gsm_kick_timer, 0);
+ INIT_DELAYED_WORK(&gsm->kick_timeout, gsm_kick_timeout);
timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
INIT_WORK(&gsm->tx_work, gsmld_write_task);
--
2.25.1
On 29. 08. 22, 15:16, Fedor Pchelkin wrote:
> A kick_timer timer_list is replaced with kick_timeout delayed_work to be
> able to synchronize with mutexes as a prerequisite for the introduction
> of tx_mutex.
>
> Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Reviewed-by: Jiri Slaby <[email protected]>
But I think this conflicts with Tetsuo's cleanup [1]. So one of you will
likely have to rebase and resubmit.
[1]
https://lore.kernel.org/all/[email protected]/
> Fixes: c568f7086c6e ("tty: n_gsm: fix missing timer to handle stalled links")
> Suggested-by: Hillf Danton <[email protected]>
> Signed-off-by: Fedor Pchelkin <[email protected]>
> Signed-off-by: Alexey Khoroshilov <[email protected]>
> ---
> v1->v2: sorry, now adapted patch from 5.10 to upstream
> v2->v3: replaced a kick_timer with a delayed_work
> v3->v4: separated kick_timer and tx_mutex into different patches
>
> drivers/tty/n_gsm.c | 18 +++++++++---------
> 1 file changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
> index caa5c14ed57f..c4164c85ffd4 100644
> --- a/drivers/tty/n_gsm.c
> +++ b/drivers/tty/n_gsm.c
> @@ -256,7 +256,7 @@ struct gsm_mux {
> struct list_head tx_data_list; /* Pending data packets */
>
> /* Control messages */
> - struct timer_list kick_timer; /* Kick TX queuing on timeout */
> + struct delayed_work kick_timeout; /* Kick TX queuing on timeout */
> struct timer_list t2_timer; /* Retransmit timer for commands */
> int cretries; /* Command retry counter */
> struct gsm_control *pending_cmd;/* Our current pending command */
> @@ -1009,7 +1009,7 @@ static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
> gsm->tx_bytes += msg->len;
>
> gsmld_write_trigger(gsm);
> - mod_timer(&gsm->kick_timer, jiffies + 10 * gsm->t1 * HZ / 100);
> + schedule_delayed_work(&gsm->kick_timeout, 10 * gsm->t1 * HZ / 100);
> }
>
> /**
> @@ -1984,16 +1984,16 @@ static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
> }
>
> /**
> - * gsm_kick_timer - transmit if possible
> - * @t: timer contained in our gsm object
> + * gsm_kick_timeout - transmit if possible
> + * @work: work contained in our gsm object
> *
> * Transmit data from DLCIs if the queue is empty. We can't rely on
> * a tty wakeup except when we filled the pipe so we need to fire off
> * new data ourselves in other cases.
> */
> -static void gsm_kick_timer(struct timer_list *t)
> +static void gsm_kick_timeout(struct work_struct *work)
> {
> - struct gsm_mux *gsm = from_timer(gsm, t, kick_timer);
> + struct gsm_mux *gsm = container_of(work, struct gsm_mux, kick_timeout.work);
> unsigned long flags;
> int sent = 0;
>
> @@ -2458,7 +2458,7 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
> }
>
> /* Finish outstanding timers, making sure they are done */
> - del_timer_sync(&gsm->kick_timer);
> + cancel_delayed_work_sync(&gsm->kick_timeout);
> del_timer_sync(&gsm->t2_timer);
>
> /* Finish writing to ldisc */
> @@ -2501,7 +2501,7 @@ static int gsm_activate_mux(struct gsm_mux *gsm)
> if (dlci == NULL)
> return -ENOMEM;
>
> - timer_setup(&gsm->kick_timer, gsm_kick_timer, 0);
> + INIT_DELAYED_WORK(&gsm->kick_timeout, gsm_kick_timeout);
> timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
> INIT_WORK(&gsm->tx_work, gsmld_write_task);
> init_waitqueue_head(&gsm->event);
> @@ -2946,7 +2946,7 @@ static int gsmld_open(struct tty_struct *tty)
>
> gsmld_attach_gsm(tty, gsm);
>
> - timer_setup(&gsm->kick_timer, gsm_kick_timer, 0);
> + INIT_DELAYED_WORK(&gsm->kick_timeout, gsm_kick_timeout);
> timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
> INIT_WORK(&gsm->tx_work, gsmld_write_task);
>
--
js
suse labs
On Tue, Aug 30, 2022 at 09:30:27AM +0200, Jiri Slaby wrote:
> On 29. 08. 22, 15:16, Fedor Pchelkin wrote:
> > A kick_timer timer_list is replaced with kick_timeout delayed_work to be
> > able to synchronize with mutexes as a prerequisite for the introduction
> > of tx_mutex.
> >
> > Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
>
> Reviewed-by: Jiri Slaby <[email protected]>
>
> But I think this conflicts with Tetsuo's cleanup [1]. So one of you will
> likely have to rebase and resubmit.
>
> [1] https://lore.kernel.org/all/[email protected]/
I've fixed it up by hand now, no worries.
greg k-h