From: Jakub Kicinski <kuba@kernel.org>
To: hramamurthy@google.com
Cc: Jakub Kicinski <kuba@kernel.org>,
netdev@vger.kernel.org, joshwash@google.com,
andrew+netdev@lunn.ch, davem@davemloft.net, edumazet@google.com,
pabeni@redhat.com, richardcochran@gmail.com, willemb@google.com,
nktgrg@google.com, jfraker@google.com, ziweixiao@google.com,
maolson@google.com, thostet@google.com, jordanrhee@google.com,
jefrogers@google.com, alok.a.tiwari@oracle.com, yyd@google.com,
linux-kernel@vger.kernel.org, namangulati@google.com
Subject: Re: [PATCH net-next v2 2/3] gve: make nic clock reads thread safe
Date: Sun, 29 Mar 2026 14:19:58 -0700 [thread overview]
Message-ID: <20260329211958.2875749-1-kuba@kernel.org> (raw)
In-Reply-To: <20260326224527.1044097-3-hramamurthy@google.com>
This is an AI-generated review of your patch. The human sending this
email has considered the AI review valid, or at least plausible.
---
gve: make nic clock reads thread safe
This commit adds a mutex to protect the shared DMA buffer used for receiving
NIC timestamp reports. The lock is needed to synchronize the periodic worker
and the upcoming gettimex64 ioctl.
> diff --git a/drivers/net/ethernet/google/gve/gve_ptp.c b/drivers/net/ethernet/google/gve/gve_ptp.c
> index 06b1cf4a5efc..140b8fbce4f4 100644
> --- a/drivers/net/ethernet/google/gve/gve_ptp.c
> +++ b/drivers/net/ethernet/google/gve/gve_ptp.c
[ ... ]
> @@ -109,6 +114,7 @@ static void gve_ptp_release(struct gve_priv *priv)
>
> int gve_init_clock(struct gve_priv *priv)
> {
> + u64 nic_raw;
> int err;
>
> err = gve_ptp_init(priv);
[ ... ]
> @@ -125,17 +131,20 @@ int gve_init_clock(struct gve_priv *priv)
> err = -ENOMEM;
> goto release_ptp;
> }
> - err = gve_clock_nic_ts_read(priv);
> + mutex_init(&priv->nic_ts_read_lock);
> + err = gve_clock_nic_ts_read(priv, &nic_raw);
Could this lead to a race condition with userspace?
If gve_ptp_init() registers the PTP clock via ptp_clock_register(), the
device is exposed to userspace immediately. If a userspace process opens the
device and calls the gettimex64 ioctl before the mutex and DMA buffer are
initialized here, it could cause a NULL pointer dereference or operate on an
uninitialized mutex.
> if (err) {
> dev_err(&priv->pdev->dev, "failed to read NIC clock %d\n", err);
> goto release_nic_ts_report;
> }
> + WRITE_ONCE(priv->last_sync_nic_counter, nic_raw);
> ptp_schedule_worker(priv->ptp->clock,
> msecs_to_jiffies(GVE_NIC_TS_SYNC_INTERVAL_MS));
>
> return 0;
>
> release_nic_ts_report:
> + mutex_destroy(&priv->nic_ts_read_lock);
> dma_free_coherent(&priv->pdev->dev,
> sizeof(struct gve_nic_ts_report),
> priv->nic_ts_report, priv->nic_ts_report_bus);
Is it safe to destroy the mutex and free the DMA buffer before calling
gve_ptp_release() here?
If the PTP clock is already registered and exposed to userspace by
gve_ptp_init(), this error path frees resources while the clock is still
active. A concurrent userspace ioctl could access the destroyed mutex or
freed buffer before gve_ptp_release() unregisters the clock.
Should all resource allocation and initialization strictly precede
ptp_clock_register(), and the error path unregister the clock before tearing
down the resources?
--
pw-bot: cr
next prev parent reply other threads:[~2026-03-29 21:20 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-26 22:45 [PATCH net-next v2 0/3] gve: add support for PTP gettimex64 Harshitha Ramamurthy
2026-03-26 22:45 ` [PATCH net-next v2 1/3] gve: skip error logging for retryable AdminQ commands Harshitha Ramamurthy
2026-03-27 2:28 ` Li Xiasong
2026-03-27 3:56 ` Jordan Rhee
2026-03-27 5:06 ` Li Xiasong
2026-03-26 22:45 ` [PATCH net-next v2 2/3] gve: make nic clock reads thread safe Harshitha Ramamurthy
2026-03-29 21:19 ` Jakub Kicinski [this message]
2026-03-30 4:06 ` Jordan Rhee
2026-03-26 22:45 ` [PATCH net-next v2 3/3] gve: implement PTP gettimex64 Harshitha Ramamurthy
2026-03-29 21:20 ` Jakub Kicinski
2026-03-30 4:31 ` Jordan Rhee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260329211958.2875749-1-kuba@kernel.org \
--to=kuba@kernel.org \
--cc=alok.a.tiwari@oracle.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hramamurthy@google.com \
--cc=jefrogers@google.com \
--cc=jfraker@google.com \
--cc=jordanrhee@google.com \
--cc=joshwash@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=maolson@google.com \
--cc=namangulati@google.com \
--cc=netdev@vger.kernel.org \
--cc=nktgrg@google.com \
--cc=pabeni@redhat.com \
--cc=richardcochran@gmail.com \
--cc=thostet@google.com \
--cc=willemb@google.com \
--cc=yyd@google.com \
--cc=ziweixiao@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox