• Eric Dumazet's avatar
    net/hamradio/6pack: use mod_timer() to rearm timers · 6bc55a3b
    Eric Dumazet authored
    [ Upstream commit 202700e3 ]
    
    Using del_timer() + add_timer() is generally unsafe on SMP,
    as noticed by syzbot. Use mod_timer() instead.
    
    kernel BUG at kernel/time/timer.c:1136!
    invalid opcode: 0000 [#1] PREEMPT SMP KASAN
    CPU: 1 PID: 1026 Comm: kworker/u4:4 Not tainted 4.20.0+ #2
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
    Workqueue: events_unbound flush_to_ldisc
    RIP: 0010:add_timer kernel/time/timer.c:1136 [inline]
    RIP: 0010:add_timer+0xa81/0x1470 kernel/time/timer.c:1134
    Code: 4d 89 7d 40 48 c7 85 70 fe ff ff 00 00 00 00 c7 85 7c fe ff ff ff ff ff ff 48 89 85 90 fe ff ff e9 e6 f7 ff ff e8 cf 42 12 00 <0f> 0b e8 c8 42 12 00 0f 0b e8 c1 42 12 00 4c 89 bd 60 fe ff ff e9
    RSP: 0018:ffff8880a7fdf5a8 EFLAGS: 00010293
    RAX: ffff8880a7846340 RBX: dffffc0000000000 RCX: 0000000000000000
    RDX: 0000000000000000 RSI: ffffffff816f3ee1 RDI: ffff88808a514ff8
    RBP: ffff8880a7fdf760 R08: 0000000000000007 R09: ffff8880a7846c58
    R10: ffff8880a7846340 R11: 0000000000000000 R12: ffff88808a514ff8
    R13: ffff88808a514ff8 R14: ffff88808a514dc0 R15: 0000000000000030
    FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 000000000061c500 CR3: 00000000994d9000 CR4: 00000000001406e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    Call Trace:
     decode_prio_command drivers/net/hamradio/6pack.c:903 [inline]
     sixpack_decode drivers/net/hamradio/6pack.c:971 [inline]
     sixpack_receive_buf drivers/net/hamradio/6pack.c:457 [inline]
     sixpack_receive_buf+0xf9c/0x1470 drivers/net/hamradio/6pack.c:434
     tty_ldisc_receive_buf+0x164/0x1c0 drivers/tty/tty_buffer.c:465
     tty_port_default_receive_buf+0x114/0x190 drivers/tty/tty_port.c:38
     receive_buf drivers/tty/tty_buffer.c:481 [inline]
     flush_to_ldisc+0x3b2/0x590 drivers/tty/tty_buffer.c:533
     process_one_work+0xd0c/0x1ce0 kernel/workqueue.c:2153
     worker_thread+0x143/0x14a0 kernel/workqueue.c:2296
     kthread+0x357/0x430 kernel/kthread.c:246
     ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
    
    Fixes: 1da177e4 ("Linux-2.6.12-rc2")
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
    Cc: Andreas Koensgen <ajk@comnets.uni-bremen.de>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    6bc55a3b
Name
Last commit
Last update
..
6pack.c Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
baycom_epp.c Loading commit data...
baycom_par.c Loading commit data...
baycom_ser_fdx.c Loading commit data...
baycom_ser_hdx.c Loading commit data...
bpqether.c Loading commit data...
dmascc.c Loading commit data...
hdlcdrv.c Loading commit data...
mkiss.c Loading commit data...
scc.c Loading commit data...
yam.c Loading commit data...
z8530.h Loading commit data...