[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <tencent_58E8CAEE52CF6C78226FB82CE56EDC94940A@qq.com>
Date: Tue, 5 Nov 2024 19:22:55 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+73582d08864d8268b6fd@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [sound?] INFO: task hung in snd_card_free
The sound card of usx2y's probe and disconnect need to be protected under mutex.
#syz test
diff --git a/sound/core/control.c b/sound/core/control.c
index 0ddade871b52..b9b9dde9807a 100644
--- a/sound/core/control.c
+++ b/sound/core/control.c
@@ -82,6 +82,7 @@ static int snd_ctl_open(struct inode *inode, struct file *file)
scoped_guard(write_lock_irqsave, &card->controls_rwlock)
list_add_tail(&ctl->list, &card->ctl_files);
snd_card_unref(card);
+ printk("card: %p, dev: %p, %s\n", card, &card->card_dev, __func__);
return 0;
__error:
@@ -91,6 +92,7 @@ static int snd_ctl_open(struct inode *inode, struct file *file)
__error1:
if (card)
snd_card_unref(card);
+ printk("err: %d, card: %p, %s\n", err, card, __func__);
return err;
}
@@ -113,6 +115,9 @@ static int snd_ctl_release(struct inode *inode, struct file *file)
struct snd_kcontrol *control;
unsigned int idx;
+ if (!file->private_data)
+ return 0;
+
ctl = file->private_data;
file->private_data = NULL;
card = ctl->card;
@@ -133,6 +138,7 @@ static int snd_ctl_release(struct inode *inode, struct file *file)
kfree(ctl);
module_put(card->module);
snd_card_file_remove(card, file);
+ printk("card: %p, %s\n", card, __func__);
return 0;
}
@@ -2316,6 +2322,7 @@ static int snd_ctl_dev_disconnect(struct snd_device *device)
}
}
+ printk("card: %p, %s\n", card, __func__);
call_snd_ctl_lops(card, ldisconnect);
return snd_unregister_device(card->ctl_dev);
}
@@ -2339,6 +2346,7 @@ static int snd_ctl_dev_free(struct snd_device *device)
xa_destroy(&card->ctl_hash);
#endif
}
+ printk("card: %p, %s\n", card, __func__);
put_device(card->ctl_dev);
return 0;
}
diff --git a/sound/core/init.c b/sound/core/init.c
index 114fb87de990..70145add5ace 100644
--- a/sound/core/init.c
+++ b/sound/core/init.c
@@ -544,6 +544,8 @@ void snd_card_disconnect(struct snd_card *card)
if (card->registered) {
device_del(&card->card_dev);
+ printk("card: %p, dev: %p, kref: %d, %s\n", card, &card->card_dev,
+ kref_read(&card->card_dev.kobj.kref), __func__);
card->registered = false;
}
@@ -580,6 +582,7 @@ EXPORT_SYMBOL_GPL(snd_card_disconnect_sync);
static int snd_card_do_free(struct snd_card *card)
{
card->releasing = true;
+ printk("card: %p, %s\n", card, __func__);
#if IS_ENABLED(CONFIG_SND_MIXER_OSS)
if (snd_mixer_oss_notify_callback)
snd_mixer_oss_notify_callback(card, SND_MIXER_OSS_NOTIFY_FREE);
@@ -615,6 +618,7 @@ void snd_card_free_when_closed(struct snd_card *card)
return;
snd_card_disconnect(card);
+ printk("card: %p, kref: %d, %s\n", card, kref_read(&card->card_dev.kobj.kref), __func__);
put_device(&card->card_dev);
return;
}
@@ -643,6 +647,7 @@ void snd_card_free(struct snd_card *card)
* may call snd_card_free() twice due to its nature, we need to have
* the check here at the beginning.
*/
+ printk("card: %p, rl: %d, %s\n", card, card->releasing, __func__);
if (card->releasing)
return;
@@ -1074,6 +1079,7 @@ int snd_card_file_add(struct snd_card *card, struct file *file)
return -ENODEV;
}
list_add(&mfile->list, &card->files_list);
+ printk("card: %p, dev: %p, %s\n", card, &card->card_dev, __func__);
get_device(&card->card_dev);
return 0;
}
diff --git a/sound/usb/usx2y/usbusx2y.c b/sound/usb/usx2y/usbusx2y.c
index 2f9cede242b3..129210a81545 100644
--- a/sound/usb/usx2y/usbusx2y.c
+++ b/sound/usb/usx2y/usbusx2y.c
@@ -150,6 +150,7 @@ static int snd_usx2y_card_used[SNDRV_CARDS];
static void snd_usx2y_card_private_free(struct snd_card *card);
static void usx2y_unlinkseq(struct snd_usx2y_async_seq *s);
+static DEFINE_MUTEX(devices_mutex);
/*
* pipe 4 is used for switching the lamps, setting samplerate, volumes ....
@@ -392,6 +393,7 @@ static void snd_usx2y_card_private_free(struct snd_card *card)
{
struct usx2ydev *usx2y = usx2y(card);
+ printk("card: %p, %s\n", card, __func__);
kfree(usx2y->in04_buf);
usb_free_urb(usx2y->in04_urb);
if (usx2y->us428ctls_sharedmem)
@@ -407,9 +409,12 @@ static void snd_usx2y_disconnect(struct usb_interface *intf)
struct usx2ydev *usx2y;
struct list_head *p;
+ mutex_lock(&devices_mutex);
card = usb_get_intfdata(intf);
- if (!card)
+ if (!card) {
+ mutex_unlock(&devices_mutex);
return;
+ }
usx2y = usx2y(card);
usx2y->chip_status = USX2Y_STAT_CHIP_HUP;
usx2y_unlinkseq(&usx2y->as04);
@@ -423,6 +428,7 @@ static void snd_usx2y_disconnect(struct usb_interface *intf)
if (usx2y->us428ctls_sharedmem)
wake_up(&usx2y->us428ctls_wait_queue_head);
snd_card_free(card);
+ mutex_unlock(&devices_mutex);
}
static int snd_usx2y_probe(struct usb_interface *intf,
@@ -432,15 +438,18 @@ static int snd_usx2y_probe(struct usb_interface *intf,
struct snd_card *card;
int err;
+ mutex_lock(&devices_mutex);
if (le16_to_cpu(device->descriptor.idVendor) != 0x1604 ||
(le16_to_cpu(device->descriptor.idProduct) != USB_ID_US122 &&
le16_to_cpu(device->descriptor.idProduct) != USB_ID_US224 &&
- le16_to_cpu(device->descriptor.idProduct) != USB_ID_US428))
- return -EINVAL;
+ le16_to_cpu(device->descriptor.idProduct) != USB_ID_US428)) {
+ err = -EINVAL;
+ goto out;
+ }
err = usx2y_create_card(device, intf, &card);
if (err < 0)
- return err;
+ goto out;
err = usx2y_hwdep_new(card, device);
if (err < 0)
goto error;
@@ -449,10 +458,13 @@ static int snd_usx2y_probe(struct usb_interface *intf,
goto error;
dev_set_drvdata(&intf->dev, card);
+ mutex_unlock(&devices_mutex);
return 0;
- error:
+error:
snd_card_free(card);
+out:
+ mutex_unlock(&devices_mutex);
return err;
}
diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c
index 96a412beab2d..efd775aaa684 100644
--- a/net/batman-adv/hard-interface.c
+++ b/net/batman-adv/hard-interface.c
@@ -509,6 +509,7 @@ batadv_hardif_is_iface_up(const struct batadv_hard_iface *hard_iface)
static void batadv_check_known_mac_addr(const struct net_device *net_dev)
{
const struct batadv_hard_iface *hard_iface;
+ static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL * 5, 1);
rcu_read_lock();
list_for_each_entry_rcu(hard_iface, &batadv_hardif_list, list) {
@@ -523,9 +524,11 @@ static void batadv_check_known_mac_addr(const struct net_device *net_dev)
net_dev->dev_addr))
continue;
+ if (__ratelimit(&rs)) {
pr_warn("The newly added mac address (%pM) already exists on: %s\n",
net_dev->dev_addr, hard_iface->net_dev->name);
pr_warn("It is strongly recommended to keep mac addresses unique to avoid problems!\n");
+ }
}
rcu_read_unlock();
}
Powered by blists - more mailing lists