Received: by 10.213.65.68 with SMTP id h4csp1938810imn;
        Thu, 5 Apr 2018 06:26:46 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49wpWDzB3pC49f2Pas8WPoYGTWnMbbSk7u/TCtmfXWiCVLKDnfI5WMEe2M8SVwpRqFw4hsU
X-Received: by 10.101.102.197 with SMTP id c5mr4623033pgw.93.1522934806870;
        Thu, 05 Apr 2018 06:26:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522934806; cv=none;
        d=google.com; s=arc-20160816;
        b=uDQH9wdTjNmEn7OVKqcvQ6T5rbUTxSfQJc5Dixq3IOO6oITGmC8hJrYG8S5vJ0y2wu
         4ojNg/vtyDV87Un1lQKdnA7DMWW0q39O3aT+yB13uUjTBrt/UVECtxmThbge6WHXgbaT
         J+LWv8T1Hi6ZLDMlJN/Hgc4E7NgXIFbiSGPI1grULX/F0ywf5mcuXKWmziUtTVkuWK4M
         xikMAqGTLogg5ZX6QUa6MyRlWWuHYL5SdjCMJkK81nk++thWjL615iT+S993nG+e93Xg
         21KlDLxwDlUsqP+FOWN9W3TfEPIqgPmGTIiExBgVAnC4GCO0eEQAT3v4euNyO9fCq0ea
         4bkA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :organization:references:in-reply-to:message-id:subject:cc:to:from
         :date:arc-authentication-results;
        bh=rI0yRdXCjN9vaU4siIBnNU/MnCOWyvTKrL446IxUk1g=;
        b=nNSbjEJoH5Jul5LyKyloSfegeg+blWQuXZdm/5XtNsTE+EpMCi+RjBmYaAkPJ1LlmQ
         GQpKbdNRgF28DasBM9P4DTgk3KK3xNQN6cX2ZNdVvL3iDWgomc3DZb3ztAZrwXj0NnNZ
         Dz/BCb1jurJGanEEBdBtSO75nxR+0tJTnba0P7NAHlAYJCOZtWOyZtn3sGocODDJf1Zu
         qLEvoiHoyiyIt5cYJLzUmewI/l5t+4WxLCU+ZDxWmLYUZFIykiDfdB5tYClXR6zGSjbY
         VXRMx1XA0XjRatlwBsG7Y1GxkuqCeZMi2Uw0hP2bJ4Nx+kt9PpahqcmQ5I0XASL9Jpzt
         w7ew==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q19-v6si8551083pls.457.2018.04.05.06.26.30;
        Thu, 05 Apr 2018 06:26:46 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751262AbeDENZV (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Thu, 5 Apr 2018 09:25:21 -0400
Received: from www.llwyncelyn.cymru ([82.70.14.225]:50294 "EHLO fuzix.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750835AbeDENZU (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 5 Apr 2018 09:25:20 -0400
Received: from alans-desktop (82-70-14-226.dsl.in-addr.zen.co.uk [82.70.14.226])
        by fuzix.org (8.15.2/8.15.2) with ESMTP id w35DP3Tl012484;
        Thu, 5 Apr 2018 14:25:03 +0100
Date:   Thu, 5 Apr 2018 14:25:03 +0100
From:   Alan Cox <alan@llwyncelyn.cymru>
To:     Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc:     Greg KH <gregkh@linuxfoundation.org>, jslaby@suse.com,
        syzbot 
        <bot+1a77aeddeaf63317949b59c3df98f139a1ca34f9@syzkaller.appspotmail.com>,
        linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
        Dmitry Vyukov <dvyukov@google.com>,
        Johannes Weiner <hannes@cmpxchg.org>,
        Christoph Hellwig <hch@lst.de>, Michal Hocko <mhocko@suse.com>
Subject: Re: WARNING in tty_set_ldisc
Message-ID: <20180405142503.627552ca@alans-desktop>
In-Reply-To: <2e8fd7a6-6841-d660-8e1c-17b5a07618fa@I-love.SAKURA.ne.jp>
References: <001a1141f0c87da52c055d385a4d@google.com>
        <20171105103404.GB1487@kroah.com>
        <2e8fd7a6-6841-d660-8e1c-17b5a07618fa@I-love.SAKURA.ne.jp>
Organization: is over-rated
X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

rror pointer dereference at tty_ldisc_restore().
> 
> syzbot is reporting crashes [1] triggered by memory allocation failure at
> tty_ldisc_get() from tty_ldisc_restore(). While syzbot stops at WARN_ON()
> due to panic_on_warn == true, panic_on_warn == false will after all trigger
> an OOPS by dereferencing old->ops->num if IS_ERR(old) == true.
> 
> We can simplify tty_ldisc_restore() as three calls (old->ops->num, N_TTY,
> N_NULL) to tty_ldisc_failto() in addition to avoiding possible error
> pointer dereference.
> 
> If someone reports kernel panic triggered by forcing all memory allocations
> for tty_ldisc_restore() to fail, we can consider adding __GFP_NOFAIL for
> tty_ldisc_restore() case.
> 
> [1] https://syzkaller.appspot.com/bug?id=6ac359c61e71d22e06db7f8f88243feb11d927e7
> 
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: Jiri Slaby <jslaby@suse.com>
> Cc: Dmitry Vyukov <dvyukov@google.com>
> Cc: Johannes Weiner <hannes@cmpxchg.org>
> Cc: Alan Cox <alan@llwyncelyn.cymru>
> Cc: Christoph Hellwig <hch@lst.de>
> Cc: Michal Hocko <mhocko@suse.com>

Seems reasonable to me

Alan