ppp: Fix deadlock caused by unsafe-irq lock in ap_get()

Commit Message

Jeongjun Park April 18, 2024, 5:59 p.m. UTC

read_lock() present in ap_get() is interrupt-vulnerable, so the function needs to be modified.


Reported-by: syzbot+393d0ef63475d9bb1f16@syzkaller.appspotmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
---
 drivers/net/ppp/ppp_async.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Patch

diff --git a/drivers/net/ppp/ppp_async.c b/drivers/net/ppp/ppp_async.c
index c33c3db3cc08..dc1d4633428a 100644
--- a/drivers/net/ppp/ppp_async.c
+++ b/drivers/net/ppp/ppp_async.c
@@ -133,12 +133,13 @@  static DEFINE_RWLOCK(disc_data_lock);
 static struct asyncppp *ap_get(struct tty_struct *tty)
 {
 	struct asyncppp *ap;
+	unsigned long flags;
 
-	read_lock(&disc_data_lock);
+	flags = read_lock_irqsave(&disc_data_lock);
 	ap = tty->disc_data;
 	if (ap != NULL)
 		refcount_inc(&ap->refcnt);
-	read_unlock(&disc_data_lock);
+	read_unlock_irqrestore(&disc_data_lock, flags);
 	return ap;
 }