Received: by 2002:a05:7412:cfc7:b0:fc:a2b0:25d7 with SMTP id by7csp2405133rdb; Wed, 21 Feb 2024 06:50:08 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCW9rjmFpyFItfE8aBgZQVld1wCi/usfFpyRdRSEV6Vlp+prHO2VEg0wP3WwAau6vdYzqBjxivw+CZjYIbhS4++aN+SMztmVdxQE0c0RCg== X-Google-Smtp-Source: AGHT+IGj2Xrx87IvlHdobjw98RKsrEp1GxgyTsScRz74lXyy4pibUqZrgD9i8fTUyTfTPlMqFRjC X-Received: by 2002:a62:aa0c:0:b0:6e4:5a6c:957a with SMTP id e12-20020a62aa0c000000b006e45a6c957amr8754165pff.12.1708527008117; Wed, 21 Feb 2024 06:50:08 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708527008; cv=pass; d=google.com; s=arc-20160816; b=K/JdW8X6uMA9TkBSlvF9Fc2Lm4EZNqEPuAXooj6EZIQUh2K+SJyByFroBzhBRjwjpr jasJC3LoaPMHyoGqgewl77A448PYNww46T1elMZu/WEUhflc6Gen4DTy28wn1ThxSquW 1TC23a+PJJzxnxOOCCFj5mGSEC4Dd2hMcGNehbH+4Lepqbk45m6qlbFN+jdvqrLwKad7 ma613TDi4F3OGN9vt1XwUPNtBHkDfoyr8vxlixXUVbPvwXcso+feCSSd7z8tkngcjLrc S81vsKgx/+idmyzqV8PVdqm4gSVgAUof9AQcTnIxdSjW0YrO6U+J2ZVTgQdv8fN7Y1N7 nGPg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:date :subject:cc:to:from:message-id:dkim-signature; bh=pj6LoP7IKnvmbi/dGc8hKKjxVKAxUr0Pi1wWsmEFVu4=; fh=AqLaX9z/ngQOtDURJCbUTHeaDBFt8c/BKlUI2Qr/xdI=; b=i1YE7aCKTVbw5xHPhKQsewRUDaQR+kmicus91j5KPqIjFRr/2KSuW1oLv8e2SJEwwY KWB00T2a7bdhIbjc0Ob2dS+1zG/LytmYfQnH10zeoyFJ9rbQddjvhd7II3nXMErfOEmk TMX9qdmiCHpjAxkiZt8auAI1okBuC3b7aITamqKVvwWApL9wscbseQPCSmzOBF0VoAIa N42UoJHqg8VxvTWlanIlXjkoKqGj80KvOhXWIIQMsjdJiMfI8XN2QSlh0/FGYWsScouR f3OKHeTe+EQcywdyL04J/H6JmWGNTxj2sd3q2jnq4Ncl+jd2zB7DWT0EnBDbWZ8GX0w6 UI5Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=a6Z0xQtB; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-74889-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-74889-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id x4-20020a056a00188400b006e4c1158d19si335412pfh.51.2024.02.21.06.50.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 06:50:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-74889-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=a6Z0xQtB; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-74889-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-74889-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id B4A0AB26AB3 for ; Wed, 21 Feb 2024 14:26:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5763D7BB01; Wed, 21 Feb 2024 14:26:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="a6Z0xQtB" Received: from out203-205-221-192.mail.qq.com (out203-205-221-192.mail.qq.com [203.205.221.192]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6C744C62; Wed, 21 Feb 2024 14:26:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=203.205.221.192 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708525592; cv=none; b=RqPX1asokhiRl0S34IzWCIiKYno0zVryM9H2BL5Ij8fgA7DuqDz5J8z5jgszKVoOqVrn18X0MJuj63YVTvGaIyQPt9LPDaHivgv99Bxdhz5s3wiPpcBKcF89ro87zp6PdIqiVEXnbG0D19qxaAoNFqelqEV2/perfNKmS8VnSBI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708525592; c=relaxed/simple; bh=v11Pc7CIFtiDJvtTdFEr5KXDbTe1sppjg1bvGaMcSho=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=OsTodSaHXhyT8t2XlcGbOdMEi3fO4zVjFREu9pDag7TC2gcH9Y/MYnVSPBbalF9YoLH8304RDja96fioK42crz9TUGarywvyhprlq3xlqjpMIyEahLf1mbujkNKhyYfgc2sczJBcBzba0JTc9yrAyvha9SpOOnyw+Y4iJz2gz5I= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=a6Z0xQtB; arc=none smtp.client-ip=203.205.221.192 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1708525581; bh=pj6LoP7IKnvmbi/dGc8hKKjxVKAxUr0Pi1wWsmEFVu4=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=a6Z0xQtBUzux2mkhM+3ZTBkc7GG9xTbe5w9a3P5Qj9eONYB9lhI+lZ/8y/Xfi10We qC6QKRn0J675XN+M7FRePWYQjtl3gFQuh4XGUkXL7lTKCVGc/wkjvKJMi08Mh7kVZ9 M2MHha0CiKjnwuMDuJsIXwyEl7LofK3onaR3rf7M= Received: from pek-lxu-l1.wrs.com ([111.198.228.140]) by newxmesmtplogicsvrsza10-0.qq.com (NewEsmtp) with SMTP id 50418A1B; Wed, 21 Feb 2024 22:20:04 +0800 X-QQ-mid: xmsmtpt1708525204t0xgoj2qr Message-ID: X-QQ-XMAILINFO: M3ziZXKDk+iOt7Y7H7kR7VuOyouwPtJP/BqzCiDi509G429y8WTRXNEwOEy1HQ KNti5PBaUD73kBsZTMmNaElFH/FiHZ8JaXm+T+38IpASlsWsBNyeBArNa0Pr9w04+SKoRbN8beoy 23SB0wvVYLyQLj6gla93Y5kiUbMbv7jXhifKWb6o5zAZe0Df9dhrmcfq29TyvPfz9uyaR//JS8q/ WNEB/BotOa/knSUCMDx2B4PX+01xpCsrdA8an0jr8Ien++5gph+y/FMQnTZu0wRYt463ZHjvj+A+ 4DIbuzCmwlMRS/KF63NEa+5bbh1K6jvCNxYlVJqavgUGa2yge7kHc4gbsb4kNng6xd+78e08Z4QI ZL++SU+WugkOqsPYHguh4yae5/rpUx8ZMgjIppocoljZEpVBlbgd81cbDl88EaciZeJ/iJyS7UNV r0l/AxBa41EJbikFa8R/HTaBis4EHY8BTWSXep2UQmwvOTijwhRK+fCVQetq9TiwVqAj8p4ky32i K3a1ase94OZEsUrCxVyRmXvvLeaTxggMKL+z0ZwS1lBNWM4g72RTyriOr8mKCX4QOchd/auaOk4V AqYX46h4esToenJvpwS3vsKhUsIxOh5j7ytb6iUhrX+GTdCXrsFIKnS2dr/UdFYHrzp69rKAI3ny 8IFy7aXOxMuppn94MNIc6HLgmaJMMn5+MJNPn0qNnc20m6iRhAAZJcsU0Q/lI4B6mrEzvLhaE/st ZJEpe8P58ktoFFCsC6uhDxo9D88FpBoaRo8F9RvOLZssOFRZVBGDhbiefKCQfcjgf26KBEPDyx3C ZrryfrzthXJ+lBmlAXevgjnkfrYIU5+YGxNKkK2qLXXQC7SgTB+niI00IUuB3amn4uHHHIpkR2bs fzCgWRjzOCVh+N9KheWwLoENBaZN1hLFlmY2RPwXDGTGHQ7P00VcA= X-QQ-XMRINFO: M/715EihBoGSf6IYSX1iLFg= From: Edward Adam Davis To: syzbot+116b65a23bc791ae49a6@syzkaller.appspotmail.com Cc: hverkuil-cisco@xs4all.nl, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, mchehab@kernel.org, syzkaller-bugs@googlegroups.com Subject: [PATCH] media/cec/core: fix task hung in cec_claim_log_addrs Date: Wed, 21 Feb 2024 22:20:05 +0800 X-OQ-MSGID: <20240221142004.159200-2-eadavis@qq.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <0000000000006d96200611de3986@google.com> References: <0000000000006d96200611de3986@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit After unlocking adap->lock in cec_claim_log_addrs(), cec_claim_log_addrs() may re-enter, causing this issue to occur. In the thread function cec_config_thread_func() adap->lock is also used, so there is no need to unlock adap->lock in cec_claim_log_addrs(), and then use adap->lock in cec_config_thread_func() to protect. Reported-and-tested-by: syzbot+116b65a23bc791ae49a6@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis --- drivers/media/cec/core/cec-adap.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/drivers/media/cec/core/cec-adap.c b/drivers/media/cec/core/cec-adap.c index 5741adf09a2e..21b3ff504524 100644 --- a/drivers/media/cec/core/cec-adap.c +++ b/drivers/media/cec/core/cec-adap.c @@ -1436,7 +1436,6 @@ static int cec_config_thread_func(void *arg) int err; int i, j; - mutex_lock(&adap->lock); dprintk(1, "physical address: %x.%x.%x.%x, claim %d logical addresses\n", cec_phys_addr_exp(adap->phys_addr), las->num_log_addrs); las->log_addr_mask = 0; @@ -1565,7 +1564,6 @@ static int cec_config_thread_func(void *arg) } adap->kthread_config = NULL; complete(&adap->config_completion); - mutex_unlock(&adap->lock); call_void_op(adap, configured); return 0; @@ -1577,7 +1575,6 @@ static int cec_config_thread_func(void *arg) adap->must_reconfigure = false; adap->kthread_config = NULL; complete(&adap->config_completion); - mutex_unlock(&adap->lock); return 0; } @@ -1602,9 +1599,7 @@ static void cec_claim_log_addrs(struct cec_adapter *adap, bool block) adap->kthread_config = NULL; adap->is_configuring = false; } else if (block) { - mutex_unlock(&adap->lock); wait_for_completion(&adap->config_completion); - mutex_lock(&adap->lock); } } -- 2.43.0