tty: n_gsm: replace kicktimer with delayed_work

A kick_timer timer_list is replaced with kick_timeout delayed_work to be
able to synchronize with mutexes as a prerequisite for the introduction
of tx_mutex.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Fixes: c568f7086c6e ("tty: n_gsm: fix missing timer to handle stalled links")
Cc: stable <stable@kernel.org>
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Suggested-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Link: https://lore.kernel.org/r/20220829131640.69254-2-pchelkin@ispras.ru
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index d6598ca..e23225a 100644 (file)
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -256,7 +256,7 @@ struct gsm_mux {
        struct list_head tx_data_list;  /* Pending data packets */
 
        /* Control messages */
-       struct timer_list kick_timer;   /* Kick TX queuing on timeout */
+       struct delayed_work kick_timeout;       /* Kick TX queuing on timeout */
        struct timer_list t2_timer;     /* Retransmit timer for commands */
        int cretries;                   /* Command retry counter */
        struct gsm_control *pending_cmd;/* Our current pending command */
@@ -1009,7 +1009,7 @@ static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
        gsm->tx_bytes += msg->len;
 
        gsmld_write_trigger(gsm);
-       mod_timer(&gsm->kick_timer, jiffies + 10 * gsm->t1 * HZ / 100);
+       schedule_delayed_work(&gsm->kick_timeout, 10 * gsm->t1 * HZ / 100);
 }
 
 /**
@@ -1984,16 +1984,16 @@ static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
 }
 
 /**
- *     gsm_kick_timer  -       transmit if possible
- *     @t: timer contained in our gsm object
+ *     gsm_kick_timeout        -       transmit if possible
+ *     @work: work contained in our gsm object
  *
  *     Transmit data from DLCIs if the queue is empty. We can't rely on
  *     a tty wakeup except when we filled the pipe so we need to fire off
  *     new data ourselves in other cases.
  */
-static void gsm_kick_timer(struct timer_list *t)
+static void gsm_kick_timeout(struct work_struct *work)
 {
-       struct gsm_mux *gsm = from_timer(gsm, t, kick_timer);
+       struct gsm_mux *gsm = container_of(work, struct gsm_mux, kick_timeout.work);
        unsigned long flags;
        int sent = 0;
 
@@ -2458,7 +2458,7 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
        }
 
        /* Finish outstanding timers, making sure they are done */
-       del_timer_sync(&gsm->kick_timer);
+       cancel_delayed_work_sync(&gsm->kick_timeout);
        del_timer_sync(&gsm->t2_timer);
 
        /* Finish writing to ldisc */
@@ -2605,7 +2605,7 @@ static struct gsm_mux *gsm_alloc_mux(void)
        kref_init(&gsm->ref);
        INIT_LIST_HEAD(&gsm->tx_ctrl_list);
        INIT_LIST_HEAD(&gsm->tx_data_list);
-       timer_setup(&gsm->kick_timer, gsm_kick_timer, 0);
+       INIT_DELAYED_WORK(&gsm->kick_timeout, gsm_kick_timeout);
        timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
        INIT_WORK(&gsm->tx_work, gsmld_write_task);
        init_waitqueue_head(&gsm->event);