The patch titled
Subject: lib/error-inject: Traverse list with mutex
has been added to the -mm mm-nonmm-unstable branch. Its filename is
lib-error-inject-traverse-list-with-mutex.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/lib-error-inject-traverse-list-with-mutex.patch
This patch will later appear in the mm-nonmm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: wuchi <wuchi.zero@xxxxxxxxx>
Subject: lib/error-inject: Traverse list with mutex
Date: Mon, 20 Jun 2022 18:02:44 +0800
Traversing list without mutex in get_injectable_error_type will
race with the following code:
list_del_init(&ent->list)
kfree(ent)
in module_unload_ei_list. So fix that.
Link: https://lkml.kernel.org/r/20220620100244.82896-1-wuchi.zero@xxxxxxxxx
Signed-off-by: wuchi <wuchi.zero@xxxxxxxxx>
Cc: Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>
Cc: Martin KaFai Lau <kafai@xxxxxx>
Cc: Song Liu <songliubraving@xxxxxx>
Cc: Yonghong Song <yhs@xxxxxx>
Cc: John Fastabend <john.fastabend@xxxxxxxxx>
Cc: KP Singh <kpsingh@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
lib/error-inject.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- a/lib/error-inject.c~lib-error-inject-traverse-list-with-mutex
+++ a/lib/error-inject.c
@@ -40,12 +40,18 @@ bool within_error_injection_list(unsigne
int get_injectable_error_type(unsigned long addr)
{
struct ei_entry *ent;
+ int ei_type = EI_ETYPE_NONE;
+ mutex_lock(&ei_mutex);
list_for_each_entry(ent, &error_injection_list, list) {
- if (addr >= ent->start_addr && addr < ent->end_addr)
- return ent->etype;
+ if (addr >= ent->start_addr && addr < ent->end_addr) {
+ ei_type = ent->etype;
+ break;
+ }
}
- return EI_ETYPE_NONE;
+ mutex_unlock(&ei_mutex);
+
+ return ei_type;
}
/*
_
Patches currently in -mm which might be from wuchi.zero@xxxxxxxxx are
lib-debugobjects-fix-stat-count-and-optimize-debug_objects_mem_init.patch
lib-lru_cache-fix-error-free-handing-in-lc_create.patch
net-lib-once-remove-net_get_random_once_wait-macro.patch
lib-error-inject-traverse-list-with-mutex.patch
