lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231001150615.GP92317@kernel.org> Date: Sun, 1 Oct 2023 17:06:15 +0200 From: Simon Horman <horms@...nel.org> To: Xabier Marquiegui <reibax@...il.com> Cc: netdev@...r.kernel.org, richardcochran@...il.com, chrony-dev@...ony.tuxfamily.org, mlichvar@...hat.com, ntp-lists@...tcorallo.com, vinicius.gomes@...el.com, alex.maftei@....com, davem@...emloft.net, rrameshbabu@...dia.com, shuah@...nel.org Subject: Re: [PATCH net-next v3 2/3] ptp: support multiple timestamp event readers On Thu, Sep 28, 2023 at 03:35:43PM +0200, Xabier Marquiegui wrote: > Use linked lists to create one event queue per open file. This enables > simultaneous readers for timestamp event queues. > > Signed-off-by: Xabier Marquiegui <reibax@...il.com> > Suggested-by: Richard Cochran <richardcochran@...il.com> Hi Xabier, some minor feedback from Smatch via myself follows. > diff --git a/drivers/ptp/ptp_chardev.c b/drivers/ptp/ptp_chardev.c > index 197edf1179f1..65e7acaa40a9 100644 > --- a/drivers/ptp/ptp_chardev.c > +++ b/drivers/ptp/ptp_chardev.c > @@ -101,14 +101,74 @@ int ptp_set_pinfunc(struct ptp_clock *ptp, unsigned int pin, > return 0; > } > > -int ptp_open(struct posix_clock *pc, fmode_t fmode) > +int ptp_open(struct posix_clock_user *pcuser, fmode_t fmode) > { > + struct ptp_clock *ptp = > + container_of(pcuser->clk, struct ptp_clock, clock); > + struct ida *ida = ptp_get_tsevq_ida(ptp); > + struct timestamp_event_queue *queue; > + > + if (!ida) > + return -EINVAL; > + queue = kzalloc(sizeof(*queue), GFP_KERNEL); > + if (!queue) > + return -EINVAL; > + queue->close_req = false; > + queue->reader_pid = task_pid_nr(current); > + spin_lock_init(&queue->lock); > + queue->ida = ida; > + queue->oid = ida_alloc(ida, GFP_KERNEL); > + if (queue->oid < 0) { > + kfree(queue); queue is freed on the line above but dereferenced on the line below. As flagged by Smatch. > + return queue->oid; > + } > + list_add_tail(&queue->qlist, &ptp->tsevqs); > + pcuser->private_clkdata = queue; > + > return 0; > } ... > diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c ... > @@ -243,15 +275,23 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info, > ptp->devid = MKDEV(major, index); > ptp->index = index; > INIT_LIST_HEAD(&ptp->tsevqs); > + INIT_LIST_HEAD(&ptp->closed_tsevqs); > queue = kzalloc(sizeof(*queue), GFP_KERNEL); > if (!queue) > goto no_memory_queue; > + queue->close_req = false; > + queue->ida = kzalloc(sizeof(*queue->ida), GFP_KERNEL); > + if (!queue->ida) > + goto no_memory_queue; It's not clear to me that queue isn't leaked here. As flagged by Smatch. > + ida_init(queue->ida); > spin_lock_init(&queue->lock); > list_add_tail(&queue->qlist, &ptp->tsevqs); > - /* TODO - Transform or delete this mutex */ > - mutex_init(&ptp->tsevq_mux); > + queue->oid = ida_alloc(queue->ida, GFP_KERNEL); > + if (queue->oid < 0) > + goto ida_err; > mutex_init(&ptp->pincfg_mux); > mutex_init(&ptp->n_vclocks_mux); > + mutex_init(&ptp->close_mux); > init_waitqueue_head(&ptp->tsev_wq); > > if (ptp->info->getcycles64 || ptp->info->getcyclesx64) { > @@ -350,9 +390,10 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info, > if (ptp->kworker) > kthread_destroy_worker(ptp->kworker); > kworker_err: > - mutex_destroy(&ptp->tsevq_mux); > mutex_destroy(&ptp->pincfg_mux); > mutex_destroy(&ptp->n_vclocks_mux); > + mutex_destroy(&ptp->close_mux); > +ida_err: > ptp_clean_queue_list(ptp); > no_memory_queue: > ida_free(&ptp_clocks_map, index); ...
Powered by blists - more mailing lists