Re: [syzbot] [isdn4linux?] [nilfs?] INFO: task hung in mISDN_ioctl
From: Edward Adam Davis
Date: Tue Apr 01 2025 - 09:17:16 EST
#syz test
diff --git a/drivers/isdn/mISDN/timerdev.c b/drivers/isdn/mISDN/timerdev.c
index 7cfa8c61dba0..0c3771a5cd0b 100644
--- a/drivers/isdn/mISDN/timerdev.c
+++ b/drivers/isdn/mISDN/timerdev.c
@@ -238,8 +238,13 @@ mISDN_ioctl(struct file *filep, unsigned int cmd, unsigned long arg)
ret = id;
break;
}
- if (put_user(id, (int __user *)arg))
+ if (!user_write_access_begin((int __user *)arg, sizeof(int))) {
ret = -EFAULT;
+ break;
+ }
+
+ unsafe_put_user(id, (int __user *)arg, Efault);
+ user_write_access_end();
break;
case IMDELTIMER:
if (get_user(id, (int __user *)arg)) {
@@ -255,8 +260,13 @@ mISDN_ioctl(struct file *filep, unsigned int cmd, unsigned long arg)
default:
ret = -EINVAL;
}
+out:
mutex_unlock(&mISDN_mutex);
return ret;
+Efault:
+ user_write_access_end();
+ ret = -EFAULT;
+ goto out;
}
static const struct file_operations mISDN_fops = {