3.18-stable review patch. If anyone has any objections, please let me know.
------------------ From: Paul Fulghum <pau...@microgate.com> commit fc01d8c61ce02c034e67378cd3e645734bc18c8c upstream. Fix __might_sleep warning[1] in tty/n_hdlc.c read due to copy_to_user call while current is TASK_INTERRUPTIBLE. This is a false positive since the code path does not depend on current state remaining TASK_INTERRUPTIBLE. The loop breaks out and sets TASK_RUNNING after calling copy_to_user. This patch supresses the warning by setting TASK_RUNNING before calling copy_to_user. [1] https://syzkaller.appspot.com/bug?id=17d5de7f1fcab794cb8c40032f893f52de899324 Signed-off-by: Paul Fulghum <pau...@microgate.com> Reported-by: syzbot <syzbot+c244af085a0159d22...@syzkaller.appspotmail.com> Cc: Tetsuo Handa <penguin-ker...@i-love.sakura.ne.jp> Cc: Alan Cox <a...@lxorguk.ukuu.org.uk> Cc: stable <sta...@vger.kernel.org> Acked-by: Arnd Bergmann <a...@arndb.de> Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> --- drivers/tty/n_hdlc.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/tty/n_hdlc.c +++ b/drivers/tty/n_hdlc.c @@ -598,6 +598,7 @@ static ssize_t n_hdlc_tty_read(struct tt /* too large for caller's buffer */ ret = -EOVERFLOW; } else { + __set_current_state(TASK_RUNNING); if (copy_to_user(buf, rbuf->buf, rbuf->count)) ret = -EFAULT; else
