Commit c9ab053e authored by Fedor Pchelkin's avatar Fedor Pchelkin Committed by Greg Kroah-Hartman

tty: n_gsm: replace kicktimer with delayed_work

A kick_timer timer_list is replaced with kick_timeout delayed_work to be
able to synchronize with mutexes as a prerequisite for the introduction
of tx_mutex.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Fixes: c568f708 ("tty: n_gsm: fix missing timer to handle stalled links")
Cc: stable <stable@kernel.org>
Reviewed-by: default avatarJiri Slaby <jirislaby@kernel.org>
Suggested-by: default avatarHillf Danton <hdanton@sina.com>
Signed-off-by: default avatarFedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: default avatarAlexey Khoroshilov <khoroshilov@ispras.ru>
Link: https://lore.kernel.org/r/20220829131640.69254-2-pchelkin@ispras.ruSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 4bb1a53b
...@@ -256,7 +256,7 @@ struct gsm_mux { ...@@ -256,7 +256,7 @@ struct gsm_mux {
struct list_head tx_data_list; /* Pending data packets */ struct list_head tx_data_list; /* Pending data packets */
/* Control messages */ /* Control messages */
struct timer_list kick_timer; /* Kick TX queuing on timeout */ struct delayed_work kick_timeout; /* Kick TX queuing on timeout */
struct timer_list t2_timer; /* Retransmit timer for commands */ struct timer_list t2_timer; /* Retransmit timer for commands */
int cretries; /* Command retry counter */ int cretries; /* Command retry counter */
struct gsm_control *pending_cmd;/* Our current pending command */ struct gsm_control *pending_cmd;/* Our current pending command */
...@@ -1009,7 +1009,7 @@ static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) ...@@ -1009,7 +1009,7 @@ static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
gsm->tx_bytes += msg->len; gsm->tx_bytes += msg->len;
gsmld_write_trigger(gsm); gsmld_write_trigger(gsm);
mod_timer(&gsm->kick_timer, jiffies + 10 * gsm->t1 * HZ / 100); schedule_delayed_work(&gsm->kick_timeout, 10 * gsm->t1 * HZ / 100);
} }
/** /**
...@@ -1984,16 +1984,16 @@ static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len) ...@@ -1984,16 +1984,16 @@ static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
} }
/** /**
* gsm_kick_timer - transmit if possible * gsm_kick_timeout - transmit if possible
* @t: timer contained in our gsm object * @work: work contained in our gsm object
* *
* Transmit data from DLCIs if the queue is empty. We can't rely on * Transmit data from DLCIs if the queue is empty. We can't rely on
* a tty wakeup except when we filled the pipe so we need to fire off * a tty wakeup except when we filled the pipe so we need to fire off
* new data ourselves in other cases. * new data ourselves in other cases.
*/ */
static void gsm_kick_timer(struct timer_list *t) static void gsm_kick_timeout(struct work_struct *work)
{ {
struct gsm_mux *gsm = from_timer(gsm, t, kick_timer); struct gsm_mux *gsm = container_of(work, struct gsm_mux, kick_timeout.work);
unsigned long flags; unsigned long flags;
int sent = 0; int sent = 0;
...@@ -2458,7 +2458,7 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc) ...@@ -2458,7 +2458,7 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
} }
/* Finish outstanding timers, making sure they are done */ /* Finish outstanding timers, making sure they are done */
del_timer_sync(&gsm->kick_timer); cancel_delayed_work_sync(&gsm->kick_timeout);
del_timer_sync(&gsm->t2_timer); del_timer_sync(&gsm->t2_timer);
/* Finish writing to ldisc */ /* Finish writing to ldisc */
...@@ -2605,7 +2605,7 @@ static struct gsm_mux *gsm_alloc_mux(void) ...@@ -2605,7 +2605,7 @@ static struct gsm_mux *gsm_alloc_mux(void)
kref_init(&gsm->ref); kref_init(&gsm->ref);
INIT_LIST_HEAD(&gsm->tx_ctrl_list); INIT_LIST_HEAD(&gsm->tx_ctrl_list);
INIT_LIST_HEAD(&gsm->tx_data_list); INIT_LIST_HEAD(&gsm->tx_data_list);
timer_setup(&gsm->kick_timer, gsm_kick_timer, 0); INIT_DELAYED_WORK(&gsm->kick_timeout, gsm_kick_timeout);
timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0); timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
INIT_WORK(&gsm->tx_work, gsmld_write_task); INIT_WORK(&gsm->tx_work, gsmld_write_task);
init_waitqueue_head(&gsm->event); init_waitqueue_head(&gsm->event);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment