From: syzbot <syzbot+df3f3ef31f60781fa911@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org
Subject: Re: [syzbot] [PATCH] Test for 2030579113a1
Date: Fri, 03 Nov 2023 04:29:23 -0700 [thread overview]
Message-ID: <000000000000ec590706093dd043@google.com> (raw)
In-Reply-To: <000000000000910ad106089f45eb@google.com>
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: [PATCH] Test for 2030579113a1
Author: eadavis@qq.com
please test BUG: corrupted list in ptp_open
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 2dac75696c6d
diff --git a/drivers/ptp/ptp_chardev.c b/drivers/ptp/ptp_chardev.c
index 282cd7d24077..6e9762a54b14 100644
--- a/drivers/ptp/ptp_chardev.c
+++ b/drivers/ptp/ptp_chardev.c
@@ -119,8 +119,13 @@ int ptp_open(struct posix_clock_context *pccontext, fmode_t fmode)
}
bitmap_set(queue->mask, 0, PTP_MAX_CHANNELS);
spin_lock_init(&queue->lock);
+ if (mutex_lock_interruptible(&ptp->tsevq_mux)) {
+ kfree(queue);
+ return -ERESTARTSYS;
+ }
list_add_tail(&queue->qlist, &ptp->tsevqs);
pccontext->private_clkdata = queue;
+ mutex_unlock(&ptp->tsevq_mux);
/* Debugfs contents */
sprintf(debugfsname, "0x%p", queue);
@@ -138,14 +143,19 @@ int ptp_open(struct posix_clock_context *pccontext, fmode_t fmode)
int ptp_release(struct posix_clock_context *pccontext)
{
struct timestamp_event_queue *queue = pccontext->private_clkdata;
+ struct ptp_clock *ptp =
+ container_of(pccontext->clk, struct ptp_clock, clock);
unsigned long flags;
if (queue) {
+ if (mutex_lock_interruptible(&ptp->tsevq_mux))
+ return -ERESTARTSYS;
debugfs_remove(queue->debugfs_instance);
pccontext->private_clkdata = NULL;
spin_lock_irqsave(&queue->lock, flags);
list_del(&queue->qlist);
spin_unlock_irqrestore(&queue->lock, flags);
+ mutex_unlock(&ptp->tsevq_mux);
bitmap_free(queue->mask);
kfree(queue);
}
@@ -585,7 +595,5 @@ ssize_t ptp_read(struct posix_clock_context *pccontext, uint rdflags,
free_event:
kfree(event);
exit:
- if (result < 0)
- ptp_release(pccontext);
return result;
}
diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c
index 3d1b0a97301c..7930db6ec18d 100644
--- a/drivers/ptp/ptp_clock.c
+++ b/drivers/ptp/ptp_clock.c
@@ -176,6 +176,7 @@ static void ptp_clock_release(struct device *dev)
ptp_cleanup_pin_groups(ptp);
kfree(ptp->vclock_index);
+ mutex_destroy(&ptp->tsevq_mux);
mutex_destroy(&ptp->pincfg_mux);
mutex_destroy(&ptp->n_vclocks_mux);
/* Delete first entry */
@@ -247,6 +248,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
if (!queue)
goto no_memory_queue;
list_add_tail(&queue->qlist, &ptp->tsevqs);
+ mutex_init(&ptp->tsevq_mux);
queue->mask = bitmap_alloc(PTP_MAX_CHANNELS, GFP_KERNEL);
if (!queue->mask)
goto no_memory_bitmap;
@@ -356,6 +358,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
if (ptp->kworker)
kthread_destroy_worker(ptp->kworker);
kworker_err:
+ mutex_destroy(&ptp->tsevq_mux);
mutex_destroy(&ptp->pincfg_mux);
mutex_destroy(&ptp->n_vclocks_mux);
bitmap_free(queue->mask);
diff --git a/drivers/ptp/ptp_private.h b/drivers/ptp/ptp_private.h
index 52f87e394aa6..1525bd2059ba 100644
--- a/drivers/ptp/ptp_private.h
+++ b/drivers/ptp/ptp_private.h
@@ -44,6 +44,7 @@ struct ptp_clock {
struct pps_device *pps_source;
long dialed_frequency; /* remembers the frequency adjustment */
struct list_head tsevqs; /* timestamp fifo list */
+ struct mutex tsevq_mux; /* one process at a time reading the fifo */
struct mutex pincfg_mux; /* protect concurrent info->pin_config access */
wait_queue_head_t tsev_wq;
int defunct; /* tells readers to go away when clock is being removed */
--
2.25.1
next prev parent reply other threads:[~2023-11-03 11:29 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-26 14:20 [syzbot] [net?] BUG: corrupted list in ptp_open syzbot
2023-10-27 0:03 ` [PATCH net-next] ptp: ptp_read should not release queue Edward Adam davis
2023-10-27 4:02 ` Edward Adam Davis
2023-10-29 2:09 ` [PATCH-net-next] ptp: fix corrupted list in ptp_open Edward Adam Davis
2023-10-29 19:49 ` Richard Cochran
2023-10-30 20:59 ` Edward Adam Davis
2023-10-29 19:57 ` Richard Cochran
2023-10-30 21:07 ` [PATCH net-next V2] " Edward Adam Davis
2023-10-31 9:28 ` Martin Habets
2023-11-02 0:12 ` Richard Cochran
2023-11-02 11:16 ` Edward Adam Davis
2023-11-03 23:15 ` Richard Cochran
2023-11-03 11:29 ` syzbot [this message]
2023-11-04 2:43 ` [syzbot] [PATCH] Test for 2030579113a1 syzbot
2023-11-05 1:27 ` syzbot
2023-11-05 1:44 ` syzbot
2023-11-06 11:05 ` syzbot
2023-11-06 11:37 ` syzbot
2023-11-06 13:58 ` syzbot
-- strict thread matches above, loose matches on Subject: below --
2023-10-29 17:09 [syzbot] [mm?] general protection fault in __hugetlb_zap_begin syzbot
2023-11-03 11:36 ` [syzbot] [PATCH] Test for 2030579113a1 syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000ec590706093dd043@google.com \
--to=syzbot+df3f3ef31f60781fa911@syzkaller.appspotmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.