Commit 4bb1a53
tty: n_gsm: initialize more members at gsm_alloc_mux()
syzbot is reporting use of uninitialized spinlock at gsmld_write() [1], for
commit 32dd59f ("tty: n_gsm: fix race condition in gsmld_write()")
allows accessing gsm->tx_lock before gsm_activate_mux() initializes it.
Since object initialization should be done right after allocation in order
to avoid accessing uninitialized memory, move initialization of
timer/work/waitqueue/spinlock from gsmld_open()/gsm_activate_mux() to
gsm_alloc_mux().
Link: https://syzkaller.appspot.com/bug?extid=cf155def4e717db68a12 [1]
Fixes: 32dd59f ("tty: n_gsm: fix race condition in gsmld_write()")
Reported-by: syzbot <syzbot+cf155def4e717db68a12@syzkaller.appspotmail.com>
Tested-by: syzbot <syzbot+cf155def4e717db68a12@syzkaller.appspotmail.com>
Cc: stable <stable@kernel.org>
Acked-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/2110618e-57f0-c1ce-b2ad-b6cacef3f60e@I-love.SAKURA.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>1 parent f16c6d2 commit 4bb1a53
1 file changed
Lines changed: 6 additions & 11 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
2501 | 2501 | | |
2502 | 2502 | | |
2503 | 2503 | | |
2504 | | - | |
2505 | | - | |
2506 | | - | |
2507 | | - | |
2508 | | - | |
2509 | | - | |
2510 | | - | |
2511 | 2504 | | |
2512 | 2505 | | |
2513 | 2506 | | |
| |||
2612 | 2605 | | |
2613 | 2606 | | |
2614 | 2607 | | |
| 2608 | + | |
| 2609 | + | |
| 2610 | + | |
| 2611 | + | |
| 2612 | + | |
| 2613 | + | |
2615 | 2614 | | |
2616 | 2615 | | |
2617 | 2616 | | |
| |||
2947 | 2946 | | |
2948 | 2947 | | |
2949 | 2948 | | |
2950 | | - | |
2951 | | - | |
2952 | | - | |
2953 | | - | |
2954 | 2949 | | |
2955 | 2950 | | |
2956 | 2951 | | |
| |||
0 commit comments