CVE-2021-47185

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc<br /> <br /> When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup,<br /> which look like this one:<br /> <br /> Workqueue: events_unbound flush_to_ldisc<br /> Call trace:<br /> dump_backtrace+0x0/0x1ec<br /> show_stack+0x24/0x30<br /> dump_stack+0xd0/0x128<br /> panic+0x15c/0x374<br /> watchdog_timer_fn+0x2b8/0x304<br /> __run_hrtimer+0x88/0x2c0<br /> __hrtimer_run_queues+0xa4/0x120<br /> hrtimer_interrupt+0xfc/0x270<br /> arch_timer_handler_phys+0x40/0x50<br /> handle_percpu_devid_irq+0x94/0x220<br /> __handle_domain_irq+0x88/0xf0<br /> gic_handle_irq+0x84/0xfc<br /> el1_irq+0xc8/0x180<br /> slip_unesc+0x80/0x214 [slip]<br /> tty_ldisc_receive_buf+0x64/0x80<br /> tty_port_default_receive_buf+0x50/0x90<br /> flush_to_ldisc+0xbc/0x110<br /> process_one_work+0x1d4/0x4b0<br /> worker_thread+0x180/0x430<br /> kthread+0x11c/0x120<br /> <br /> In the testcase pty04, The first process call the write syscall to send<br /> data to the pty master. At the same time, the workqueue will do the<br /> flush_to_ldisc to pop data in a loop until there is no more data left.<br /> When the sender and workqueue running in different core, the sender sends<br /> data fastly in full time which will result in workqueue doing work in loop<br /> for a long time and occuring softlockup in flush_to_ldisc with kernel<br /> configured without preempt. So I add need_resched check and cond_resched<br /> in the flush_to_ldisc loop to avoid it.