1. Patchew
  2. linux
  3. View series

[PATCH] stm: p_sys-t: Fix su_mutex held across wrong region in interval stores

Yingchao Deng posted 1 patch 2 days, 5 hours ago 
drivers/hwtracing/stm/p_sys-t.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
[PATCH] stm: p_sys-t: Fix su_mutex held across wrong region in interval stores
Posted by Yingchao Deng 2 days, 5 hours ago 
subsys->su_mutex is used here to serialize attribute stores against
pdrv->output_open(), which copies the policy node under that mutex:

  stp_policy_node_lookup()     /* acquires su_mutex, returns holding it */
    stm_output_assign()
      pdrv->output_open()      /* memcpy(&op->node, pn, ...) */
  stp_policy_node_put()        /* releases su_mutex */

The comment in stm_assign_first_policy() (core.c) makes the intent
explicit: "This allows the pdrv->output_open() in stm_output_assign()
to serialize against the attribute accessors."

sys_t_policy_ts_interval_store() and
sys_t_policy_clocksync_interval_store() however acquired su_mutex
only around the kstrtouint() parse step, a pure local-variable
operation with no shared state. The actual writes to pn->ts_interval
and pn->clocksync_interval were left outside the critical section,
defeating the serialization entirely.

Move the mutex_lock/unlock to bracket the pn field assignment instead.

Fixes: d69d5e83110f ("stm class: Add MIPI SyS-T protocol support")
Fixes: 39f10239df75 ("stm class: p_sys-t: Add support for CLOCKSYNC packets")
Signed-off-by: Yingchao Deng <yingchao.deng@oss.qualcomm.com>
---
 drivers/hwtracing/stm/p_sys-t.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/drivers/hwtracing/stm/p_sys-t.c b/drivers/hwtracing/stm/p_sys-t.c
index bcbbc4d92325..077b62ca3f46 100644
--- a/drivers/hwtracing/stm/p_sys-t.c
+++ b/drivers/hwtracing/stm/p_sys-t.c
@@ -210,12 +210,11 @@ sys_t_policy_ts_interval_store(struct config_item *item, const char *page,
 	unsigned int ms;
 	int ret;
 
-	mutex_lock(mutexp);
 	ret = kstrtouint(page, 10, &ms);
-	mutex_unlock(mutexp);
-
 	if (!ret) {
+		mutex_lock(mutexp);
 		pn->ts_interval = msecs_to_jiffies(ms);
+		mutex_unlock(mutexp);
 		return count;
 	}
 
@@ -241,12 +240,12 @@ sys_t_policy_clocksync_interval_store(struct config_item *item,
 	unsigned int ms;
 	int ret;
 
-	mutex_lock(mutexp);
 	ret = kstrtouint(page, 10, &ms);
-	mutex_unlock(mutexp);
 
 	if (!ret) {
+		mutex_lock(mutexp);
 		pn->clocksync_interval = msecs_to_jiffies(ms);
+		mutex_unlock(mutexp);
 		return count;
 	}
 

---
base-commit: 80dd246accce631c328ea43294e53b2b2dd2aa32
change-id: 20260521-stm-bd597d74ee6d

Best regards,
-- 
Yingchao Deng <yingdeng@qti.qualcomm.com>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.