Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp412716pxb; Thu, 19 Aug 2021 02:31:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyxkwGCGf/buvpU1+R5ttSn3aaGE1T1fGtCY7um5qOZfr5q2Ht+xPsQU5n126a26/JKFADq X-Received: by 2002:a17:906:7c4c:: with SMTP id g12mr1508170ejp.74.1629365501463; Thu, 19 Aug 2021 02:31:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629365501; cv=none; d=google.com; s=arc-20160816; b=PdgfEE4/Q9m110rJgS9Zx2ux2S4m7IJS1CFhVwy/z7NMluDon8tjC52F0ffEL1fKK0 W1sM5zz6SmNfu+nPNZVNHUFiXuzjhy4HN/xEl4n+QnrDi2Cn4IO0q80NOYZgya6oKmgr 6KCbBt/rpa22oxw9Ni1j8GhDd+7iBFZDe/2zykC1q1BmtLhJkL+ycjnbGrDz0sILBNJN +Oc5SOdD8Xmn+WC2GLUMuu9mxzNNh8GH32kJtTXGAr7JrHeY2pzkvjhSE1JDuV/1O1Xo ZwBHk2OvrolbsY3ADHAY+E1JYUbzaksWkXtWvvaRR3Svfx/VO8Zn0/DJP9jH+bbTG33B ds/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=m0xEit3h5skaus1tuwTWgYIy8AizFa9tVhJmFINpCZ8=; b=gvLV6CgwVK51v9xDZdCORH/dkeBfGERx27uKG5VfOYBuignRX7e2vfq/VSU1TXbFae k8MaCk3onOjPvj+Tk5vk3tMlcRPDSGk9ppA3PyUqoT0rp4u+LJNMh+2fb07C3J8amUkw LCZlWMPrbTvHjXAxQW45OW2u21xQjSPV/oQMoF6LEFpuzdkGleo5CAJJI/Fq7gMKpFEU 8SQvqdtP+MzOqtbAwv+nPXx8LJrwI2ah0u3wvrSosaIUVYqEO2H+yBf4BahPcy8FrhvQ ZAb7suR57SyUeXbgvwsYK8BGUZoLHuG3E7WtMKEnYhGonGVL4TDmc8i8PfunXPfMv6S+ e4ig== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@mess.org header.s=2020 header.b=GvfM9NXG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hv17si3080334ejc.365.2021.08.19.02.31.17; Thu, 19 Aug 2021 02:31:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@mess.org header.s=2020 header.b=GvfM9NXG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237374AbhHSJ3w (ORCPT + 99 others); Thu, 19 Aug 2021 05:29:52 -0400 Received: from gofer.mess.org ([88.97.38.141]:59659 "EHLO gofer.mess.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237121AbhHSJ3q (ORCPT ); Thu, 19 Aug 2021 05:29:46 -0400 Received: by gofer.mess.org (Postfix, from userid 1000) id 487A9C6387; Thu, 19 Aug 2021 10:29:08 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mess.org; s=2020; t=1629365348; bh=C7uwMyjNl0bCdSvI6aq7gTWSSa6uWvk+cUiKBGZpHg4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=GvfM9NXG2LQZt+wtwGIxNejOD7eyolHHGIDHnXXZvctciq+5rxaijyFbHqYyyXZbK SNg1MAcyJd/K0sB2OX5xKr8BmRWWLrHN1qlprnq8ixRkgRilC4+O8EvUSYrNDQIsjE s2ZDLz2XAb1VHBP4k066mLMdolQJUoTAssAhwCFslybkJzfOeCHzaqFCai7oRHTfPu QfxuCJUI2jBylquF0HnXJcxe4R98BZWXMvkCfwhSLeIWHS1XIkRxaQpBhp5DHu0KMg tzC+anveJVeHCUMSO5CVV/xiiZ2ryV7axJhU2C2/hsrpZVJAsZRcpQ1v/KGfK78MYD 3XbMN2x5Qf3Lw== Date: Thu, 19 Aug 2021 10:29:08 +0100 From: Sean Young To: Pavel Skripkin Cc: mkrufky@linuxtv.org, mchehab@kernel.org, crope@iki.fi, linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+5ca0bf339f13c4243001@syzkaller.appspotmail.com Subject: Re: [PATCH] media: mxl111sf: change mutex_init() location Message-ID: <20210819092908.GA27679@gofer.mess.org> References: <20210730213829.2909-1-paskripkin@gmail.com> <20210815083755.GA1827@gofer.mess.org> <7ee99788-d9a5-0a38-ed02-51d9b42ebc11@gmail.com> <80648833-5f5a-0811-a281-0dba87938d3c@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <80648833-5f5a-0811-a281-0dba87938d3c@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Aug 15, 2021 at 12:06:16PM +0300, Pavel Skripkin wrote: > On 8/15/21 11:49 AM, Pavel Skripkin wrote: > > On 8/15/21 11:37 AM, Sean Young wrote: > > > On Sat, Jul 31, 2021 at 12:38:29AM +0300, Pavel Skripkin wrote: > > > > Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized > > > > mutex. The problem was in wrong mutex_init() location. > > > > > > > > Previous mutex_init(&state->msg_lock) call was in ->init() function, but > > > > dvb_usbv2_init() has this order of calls: > > > > > > > > dvb_usbv2_init() > > > > dvb_usbv2_adapter_init() > > > > dvb_usbv2_adapter_frontend_init() > > > > props->frontend_attach() > > > > > > > > props->init() > > > > > > > > Since mxl111sf_frontend_attach_atsc_mh() calls mxl111sf_ctrl_msg() > > > > internally we need to initialize state->msg_lock in it to make lockdep > > > > happy. > > > > > > What about the other frontends like mxl111sf_frontend_attach_dvbt? They > > > no longer initialize the mutex. > > > > > Good point. I see, that all other frontends also call > > mxl111sf_ctrl_msg() inside ->frontend_attach() call. > > > > I think, that fixing dvb-usb core is not good idea, so, I will add > > mutex_init() call inside all frontends, which use mxl111sf_init(). > > > > What do you think about it? > > > > > > > Something like this should work. Helper is just to not copy-paste code > parts. Build tested against v5.14-rc5 How about creating a dvb_usb_device_properties probe function and initializing the mutex init there? Sean > > > diff --git a/drivers/media/usb/dvb-usb-v2/mxl111sf.c > b/drivers/media/usb/dvb-usb-v2/mxl111sf.c > index 7865fa0a8295..db1ad3815cd5 100644 > --- a/drivers/media/usb/dvb-usb-v2/mxl111sf.c > +++ b/drivers/media/usb/dvb-usb-v2/mxl111sf.c > @@ -49,6 +49,13 @@ MODULE_PARM_DESC(rfswitch, "force rf switch position > (0=auto, 1=ext, 2=int)."); > > DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr); > > +static inline void mxl111sf_init_msg_mutex(struct dvb_usb_adapter *adap) > +{ > + struct mxl111sf_state *state = d_to_priv(adap_to_d(adap)); > + > + mutex_init(&state->msg_lock); > +} > + > int mxl111sf_ctrl_msg(struct mxl111sf_state *state, > u8 cmd, u8 *wbuf, int wlen, u8 *rbuf, int rlen) > { > @@ -931,8 +938,6 @@ static int mxl111sf_init(struct dvb_usb_device *d) > .len = sizeof(eeprom), .buf = eeprom }, > }; > > - mutex_init(&state->msg_lock); > - > ret = get_chip_info(state); > if (mxl_fail(ret)) > pr_err("failed to get chip info during probe"); > @@ -963,16 +968,19 @@ static int mxl111sf_init(struct dvb_usb_device *d) > > static int mxl111sf_frontend_attach_dvbt(struct dvb_usb_adapter *adap) > { > + mxl111sf_init_msg_mutex(adap); > return mxl111sf_attach_demod(adap, 0); > } > > static int mxl111sf_frontend_attach_atsc(struct dvb_usb_adapter *adap) > { > + mxl111sf_init_msg_mutex(adap); > return mxl111sf_lgdt3305_frontend_attach(adap, 0); > } > > static int mxl111sf_frontend_attach_mh(struct dvb_usb_adapter *adap) > { > + mxl111sf_init_msg_mutex(adap); > return mxl111sf_lg2160_frontend_attach(adap, 0); > } > > @@ -981,6 +989,7 @@ static int mxl111sf_frontend_attach_atsc_mh(struct > dvb_usb_adapter *adap) > int ret; > pr_debug("%s\n", __func__); > > + mxl111sf_init_msg_mutex(adap); > ret = mxl111sf_lgdt3305_frontend_attach(adap, 0); > if (ret < 0) > return ret; > @@ -1001,6 +1010,7 @@ static int mxl111sf_frontend_attach_mercury(struct > dvb_usb_adapter *adap) > int ret; > pr_debug("%s\n", __func__); > > + mxl111sf_init_msg_mutex(adap); > ret = mxl111sf_lgdt3305_frontend_attach(adap, 0); > if (ret < 0) > return ret; > @@ -1021,6 +1031,7 @@ static int mxl111sf_frontend_attach_mercury_mh(struct > dvb_usb_adapter *adap) > int ret; > pr_debug("%s\n", __func__); > > + mxl111sf_init_msg_mutex(adap); > ret = mxl111sf_attach_demod(adap, 0); > if (ret < 0) > return ret; > > > > With regards, > Pavel Skripkin