Received: by 2002:a05:6358:bb9e:b0:b9:5105:a5b4 with SMTP id df30csp831947rwb; Sat, 3 Sep 2022 03:48:12 -0700 (PDT) X-Google-Smtp-Source: AA6agR4b0mUhAdS8PBKa9TS/ML7IJwOd5SZCeayFWsDc8hVHSOL5VRGXtcOXh6FOEfRM9Nkr1C5w X-Received: by 2002:a17:90a:4805:b0:1f5:39ab:29a9 with SMTP id a5-20020a17090a480500b001f539ab29a9mr9309253pjh.202.1662202091921; Sat, 03 Sep 2022 03:48:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662202091; cv=none; d=google.com; s=arc-20160816; b=xpZVhrhydAPNTHQ7ZJIqwwy329cPDF48XMKTkWhr2BDfHaO3wp+GO39Na1n1zQc1MQ gVwWMjOfL7xQ1elohAQ4yBLHYzTjjVC14Eoz82e0nl2hs2qyFYoFEskFzVPGKxFtIpgo WCaLlC0KC+hSEKIyAp2WSwQzgIfqM46k/Zk7zAyyFjCV4pNhXoJq3JfU3/9zLAsHb6os qsYNrsjfyx0kQWQVzscdRe1ld48VRn6dOUDeqJa4Y3eHaB0OF8iHFceRWo4ZdMNwlJXT IILfGxEPndFUiwC1smDuxP3XmEtKEUNu8yNAruBSfYvIbnl9z9+7fUm6zdtNwFZO/SPM OA+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=4vzCBYU4yEb4SYHTNFfBlHx3Ds0rlKY3oRjqq3Wt5Y4=; b=mbO/IAlMKtsJjDwjtLOzJrms4S3xn3+eFnRQ4IEoMSZPsIt/lfRH6WqgDcveoupyfd wRgj09k6Xa7ol19mUm8LmAi2KFPrsduLhQGnOx6A3kBhseldEd7m+zPz3YDBSSFFxm6B m594S05q/Ym8JjR1YxJn041CvoKHOvj7sF4sfOqDbXpeszV0ll2fg3BsrCcZ4l5rrOGj 2YrNOlMXwyiTqAzOMAT11YoWCgBxWIfsVDeCyi3rY2XX5zWlIKHgJ/jTjeJu0ZZD2GEf ZD5ZclCjpmRdu8qvsmi75QyB42ww+DuHv4xaeGltFtC49Bne4ugNBkq5HHMrqccAnVSP ju6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aOhhg4xe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j20-20020a633c14000000b0042d706ba93fsi2740267pga.802.2022.09.03.03.47.59; Sat, 03 Sep 2022 03:48:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aOhhg4xe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230301AbiICKEw (ORCPT + 99 others); Sat, 3 Sep 2022 06:04:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51504 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230237AbiICKEt (ORCPT ); Sat, 3 Sep 2022 06:04:49 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46D651CFC1; Sat, 3 Sep 2022 03:04:45 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id E3E01B817BB; Sat, 3 Sep 2022 10:04:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 23B40C433C1; Sat, 3 Sep 2022 10:04:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1662199482; bh=Pj0zqIKfHzh65CyGkqtE2borz9TbGysUmBOC7MLXY58=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=aOhhg4xesyo8EpZYWuUAYqHWLTizkU+6Zw+HGyYnQMWRG3bErMbWdbXAwTdQmF04o QKfpjYhvPNJkdZyhT+J21xhwAh26HBi87mNxZP1ml6EwJQvR3Fk9QjpKDg2cuVQvsD 4O2zjRgXfRt7qnfwH5TNKqe9V2i7UQxfrxcLuw24= Date: Sat, 3 Sep 2022 12:04:39 +0200 From: Greg KH To: Gautam Menghani Cc: Sean Young , hdanton@sina.com, linux-kernel@vger.kernel.org, syzbot+0c3cb6dc05fbbdc3ad66@syzkaller.appspotmail.com, mchehab@kernel.org, linux-kernel-mentees@lists.linuxfoundation.org, linux-media@vger.kernel.org Subject: Re: [PATCH] drivers/media/rc: Ensure usb_submit_urb() is not called if write is in progress Message-ID: References: <20220814142543.24910-1-gautammenghani201@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Sep 03, 2022 at 03:08:23PM +0530, Gautam Menghani wrote: > On Sat, Sep 03, 2022 at 08:49:56AM +0100, Sean Young wrote: > > On Fri, Sep 02, 2022 at 11:42:41PM +0530, Gautam Menghani wrote: > > > On Sun, Aug 14, 2022 at 07:55:42PM +0530, Gautam Menghani wrote: > > > > The warning "URB submitted while active" is reported if the function > > > > send_packet() in imon.c is called if a write is already is in progress. > > > > Add a check to return -EBUSY in case a write is already is in progress. > > > > Also, mark tx.busy as false after transmission is completed. > > > > > > > > Fixes: 21677cfc562a ("V4L/DVB: ir-core: add imon driver") > > > > Cc: hdanton@sina.com > > > > Suggested-by: hdanton@sina.com > > > > Link: https://syzkaller.appspot.com/bug?id=e378e6a51fbe6c5cc43e34f131cc9a315ef0337e > > > > Reported-by: syzbot+0c3cb6dc05fbbdc3ad66@syzkaller.appspotmail.com > > > > Signed-off-by: Gautam Menghani > > > > --- > > > > drivers/media/rc/imon.c | 3 +++ > > > > 1 file changed, 3 insertions(+) > > > > > > > > diff --git a/drivers/media/rc/imon.c b/drivers/media/rc/imon.c > > > > index 735b925da998..a5b997c2c7e2 100644 > > > > --- a/drivers/media/rc/imon.c > > > > +++ b/drivers/media/rc/imon.c > > > > @@ -598,6 +598,8 @@ static int send_packet(struct imon_context *ictx) > > > > int retval = 0; > > > > struct usb_ctrlrequest *control_req = NULL; > > > > > > > > + if (ictx->tx.busy) > > > > + return -EBUSY; > > > > /* Check if we need to use control or interrupt urb */ > > > > if (!ictx->tx_control) { > > > > pipe = usb_sndintpipe(ictx->usbdev_intf0, > > > > @@ -654,6 +656,7 @@ static int send_packet(struct imon_context *ictx) > > > > pr_err_ratelimited("task interrupted\n"); > > > > } > > > > mutex_lock(&ictx->lock); > > > > + ictx->tx.busy = false; > > > > > > > > retval = ictx->tx.status; > > > > if (retval) > > > > -- > > > > 2.34.1 > > > > > > > Hi, > > > > > > Please review the above fix and let me know if any changes are needed. > > > > Greg has pointed out issues with this patch: there is no locking. > > > > Thanks, > > > > Sean > > Hi, > > I am a bit confused about the locking part. All the calls to send_packet() are > made with ictx->lock held. So will the following be sufficient? > > lockdep_assert_held(&ictx->lock); > if (ictx->tx.busy) > return -EBUSY; > > Or do we need to add a mutex/spin lock inside ictx->tx structure? If a lock is held, how can this function be called at the same time through different ways? That should not happen. > Or should we instead wait for the the tx to be completed as follows: > wait_for_completion(&ictx->tx.finished); It depends on what you are trying to protect from here. What is the real issue that is allowing multiple submissions of the same urb to happen? Fix that issue instead of trying to paper over it in this lower level function please. thanks, greg k-h