From: Rahul Rameshbabu <rrameshbabu@nvidia.com>
To: Lizhi Xu <lizhi.xu@windriver.com>
Cc: <syzbot+8a78ecea7ac1a2ea26e5@syzkaller.appspotmail.com>,
<davem@davemloft.net>, <linux-kernel@vger.kernel.org>,
<netdev@vger.kernel.org>, <reibax@gmail.com>,
<richardcochran@gmail.com>, <syzkaller-bugs@googlegroups.com>
Subject: Re: [PATCH] ptp: fix null ptr deref in ptp_ioctrl
Date: Sun, 05 Nov 2023 18:12:14 -0800 [thread overview]
Message-ID: <877cmvhbpd.fsf@nvidia.com> (raw)
In-Reply-To: <20231106011926.2928881-1-lizhi.xu@windriver.com> (Lizhi Xu's message of "Mon, 6 Nov 2023 09:19:26 +0800")
On Mon, 06 Nov, 2023 09:19:26 +0800 Lizhi Xu <lizhi.xu@windriver.com> wrote:
<snip>
>
> It can be confirmed that after the execution of "read (3, 0x20000080, 90)",
> ptp_release() will be called to release the queue and set
> pccontext->private_clkdata = NULL at the same time, this is unreasonable and
> incorrect. The queue is not the memory requested in ptp_read() and should not
> be released in ptp_read().
>
> Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
> ---
> drivers/ptp/ptp_chardev.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/drivers/ptp/ptp_chardev.c b/drivers/ptp/ptp_chardev.c
> index 282cd7d24077..27c1ef493617 100644
> --- a/drivers/ptp/ptp_chardev.c
> +++ b/drivers/ptp/ptp_chardev.c
> @@ -585,7 +585,5 @@ ssize_t ptp_read(struct posix_clock_context *pccontext, uint rdflags,
> free_event:
> kfree(event);
> exit:
> - if (result < 0)
> - ptp_release(pccontext);
> return result;
> }
There is already an ongoing review for a patch submission that covers this.
https://lore.kernel.org/netdev/tencent_856E1C97CCE9E2ED66CC087B526CD42ED50A@qq.com/
--
Thanks,
Rahul Rameshbabu
prev parent reply other threads:[~2023-11-06 2:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-05 19:10 [syzbot] [net?] general protection fault in ptp_ioctl syzbot
2023-11-06 0:20 ` [syzbot] [PATCH] null pointer dereference syzbot
2023-11-06 0:46 ` [syzbot] test general protection fault in ptp_ioctl syzbot
2023-11-06 1:19 ` [PATCH] ptp: fix null ptr deref in ptp_ioctrl Lizhi Xu
2023-11-06 2:12 ` Rahul Rameshbabu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877cmvhbpd.fsf@nvidia.com \
--to=rrameshbabu@nvidia.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=lizhi.xu@windriver.com \
--cc=netdev@vger.kernel.org \
--cc=reibax@gmail.com \
--cc=richardcochran@gmail.com \
--cc=syzbot+8a78ecea7ac1a2ea26e5@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.