From: syzbot <syzbot+df3f3ef31f60781fa911@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org
Subject: Re: [syzbot] [PATCH] Test for 2030579113a1
Date: Sat, 04 Nov 2023 18:27:49 -0700 [thread overview]
Message-ID: <000000000000471df406095da542@google.com> (raw)
In-Reply-To: <000000000000910ad106089f45eb@google.com>
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: [PATCH] Test for 2030579113a1
Author: eadavis@qq.com
please test BUG: corrupted list in ptp_open
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 2dac75696c6d
diff --git a/drivers/ptp/ptp_chardev.c b/drivers/ptp/ptp_chardev.c
index 282cd7d24077..eb4015ae93a2 100644
--- a/drivers/ptp/ptp_chardev.c
+++ b/drivers/ptp/ptp_chardev.c
@@ -108,6 +108,7 @@ int ptp_open(struct posix_clock_context *pccontext, fmode_t fmode)
container_of(pccontext->clk, struct ptp_clock, clock);
struct timestamp_event_queue *queue;
char debugfsname[32];
+ unsigned long flags;
queue = kzalloc(sizeof(*queue), GFP_KERNEL);
if (!queue)
@@ -119,8 +120,10 @@ int ptp_open(struct posix_clock_context *pccontext, fmode_t fmode)
}
bitmap_set(queue->mask, 0, PTP_MAX_CHANNELS);
spin_lock_init(&queue->lock);
+ spin_lock_irqsave(&ptp->tsevq_lock, flags);
list_add_tail(&queue->qlist, &ptp->tsevqs);
pccontext->private_clkdata = queue;
+ spin_unlock_irqrestore(&ptp->tsevq_lock, flags);
/* Debugfs contents */
sprintf(debugfsname, "0x%p", queue);
@@ -139,13 +142,15 @@ int ptp_release(struct posix_clock_context *pccontext)
{
struct timestamp_event_queue *queue = pccontext->private_clkdata;
unsigned long flags;
+ struct ptp_clock *ptp =
+ container_of(pccontext->clk, struct ptp_clock, clock);
if (queue) {
debugfs_remove(queue->debugfs_instance);
+ spin_lock_irqsave(&ptp->tsevq_lock, flags);
pccontext->private_clkdata = NULL;
- spin_lock_irqsave(&queue->lock, flags);
list_del(&queue->qlist);
- spin_unlock_irqrestore(&queue->lock, flags);
+ spin_unlock_irqrestore(&ptp->tsevq_lock, flags);
bitmap_free(queue->mask);
kfree(queue);
}
@@ -585,7 +590,5 @@ ssize_t ptp_read(struct posix_clock_context *pccontext, uint rdflags,
free_event:
kfree(event);
exit:
- if (result < 0)
- ptp_release(pccontext);
return result;
}
diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c
index 3d1b0a97301c..d813bf25dffc 100644
--- a/drivers/ptp/ptp_clock.c
+++ b/drivers/ptp/ptp_clock.c
@@ -247,6 +247,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
if (!queue)
goto no_memory_queue;
list_add_tail(&queue->qlist, &ptp->tsevqs);
+ spin_lock_init(&ptp->tsevq_lock);
queue->mask = bitmap_alloc(PTP_MAX_CHANNELS, GFP_KERNEL);
if (!queue->mask)
goto no_memory_bitmap;
diff --git a/drivers/ptp/ptp_private.h b/drivers/ptp/ptp_private.h
index 52f87e394aa6..63af246f17eb 100644
--- a/drivers/ptp/ptp_private.h
+++ b/drivers/ptp/ptp_private.h
@@ -44,6 +44,7 @@ struct ptp_clock {
struct pps_device *pps_source;
long dialed_frequency; /* remembers the frequency adjustment */
struct list_head tsevqs; /* timestamp fifo list */
+ spinlock_t tsevqs_lock; /* one process at a time writing the timestamp fifo list*/
struct mutex pincfg_mux; /* protect concurrent info->pin_config access */
wait_queue_head_t tsev_wq;
int defunct; /* tells readers to go away when clock is being removed */
--
2.25.1
next prev parent reply other threads:[~2023-11-05 1:37 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-26 14:20 [syzbot] [net?] BUG: corrupted list in ptp_open syzbot
2023-10-27 0:03 ` [PATCH net-next] ptp: ptp_read should not release queue Edward Adam davis
2023-10-27 4:02 ` Edward Adam Davis
2023-10-29 2:09 ` [PATCH-net-next] ptp: fix corrupted list in ptp_open Edward Adam Davis
2023-10-29 19:49 ` Richard Cochran
2023-10-30 20:59 ` Edward Adam Davis
2023-10-29 19:57 ` Richard Cochran
2023-10-30 21:07 ` [PATCH net-next V2] " Edward Adam Davis
2023-10-31 9:28 ` Martin Habets
2023-11-02 0:12 ` Richard Cochran
2023-11-02 11:16 ` Edward Adam Davis
2023-11-03 23:15 ` Richard Cochran
2023-11-03 11:29 ` [syzbot] [PATCH] Test for 2030579113a1 syzbot
2023-11-04 2:43 ` syzbot
2023-11-05 1:27 ` syzbot [this message]
2023-11-05 1:44 ` syzbot
2023-11-06 11:05 ` syzbot
2023-11-06 11:37 ` syzbot
2023-11-06 13:58 ` syzbot
-- strict thread matches above, loose matches on Subject: below --
2023-10-29 17:09 [syzbot] [mm?] general protection fault in __hugetlb_zap_begin syzbot
2023-11-03 11:36 ` [syzbot] [PATCH] Test for 2030579113a1 syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000471df406095da542@google.com \
--to=syzbot+df3f3ef31f60781fa911@syzkaller.appspotmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.