[PATCH 5.19 0933/1157] tty: n_gsm: fix resource allocation order in gsm_activate_mux()

From: Greg Kroah-Hartman
Date: Mon Aug 15 2022 - 20:47:49 EST


From: Daniel Starke <daniel.starke@xxxxxxxxxxx>

[ Upstream commit 7349660438603ed19282e75949561406531785a5 ]

Within gsm_activate_mux() all timers and locks are initiated before the
actual resource for the control channel is allocated. This can lead to race
conditions.

Allocate the control channel DLCI object first to avoid race conditions.

Fixes: e1eaea46bb40 ("tty: n_gsm line discipline")
Signed-off-by: Daniel Starke <daniel.starke@xxxxxxxxxxx>
Link: https://lore.kernel.org/r/20220701122332.2039-2-daniel.starke@xxxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/tty/n_gsm.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 79869f2b570c..ba399a660573 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -2497,6 +2497,10 @@ static int gsm_activate_mux(struct gsm_mux *gsm)
struct gsm_dlci *dlci;
int ret;

+ dlci = gsm_dlci_alloc(gsm, 0);
+ if (dlci == NULL)
+ return -ENOMEM;
+
timer_setup(&gsm->kick_timer, gsm_kick_timer, 0);
timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
INIT_WORK(&gsm->tx_work, gsmld_write_task);
@@ -2513,9 +2517,6 @@ static int gsm_activate_mux(struct gsm_mux *gsm)
if (ret)
return ret;

- dlci = gsm_dlci_alloc(gsm, 0);
- if (dlci == NULL)
- return -ENOMEM;
gsm->has_devices = true;
gsm->dead = false; /* Tty opens are now permissible */
return 0;
--
2.35.1