From patchwork Wed Feb 21 14:20:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Edward Adam Davis X-Patchwork-Id: 204237 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1069557dyc; Wed, 21 Feb 2024 06:26:48 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWR6HuQEmd8p+d1pJ1j1ZfvXs+OUjI+bQPNAY3AIklNrESeUxDghl9w78Bro1RBQWtTVYgfNrxUDP4Nf/yTs7HJ6N3vhg== X-Google-Smtp-Source: AGHT+IFcC0ge+p6o56KCgjN89o3KlWh/6QXCAZ0em9eIsnmN8guMRXqTFaMQZ4SppN3mxO10zV5J X-Received: by 2002:a05:6512:3f08:b0:512:b087:4de0 with SMTP id y8-20020a0565123f0800b00512b0874de0mr8725649lfa.57.1708525608309; Wed, 21 Feb 2024 06:26:48 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708525608; cv=pass; d=google.com; s=arc-20160816; b=OR4y38buTg2AHex7GXxa7xEvclnCAYfwgARXkzdBMMvph1+Q2KptPChNtFnnYPwtRK ybrcuMtYiEgqBO/0RaR2a/emGgdrb1BNDxq9ZFMfNnmTzKNUkIN3SAcaEAEaOicA3OlP r0YP84JtWrdKNtA9sc4wRcYQoW0ByerGmS4aAiIkmjAXBuQLRJCbrf4mWa+f93b9Au2q UmA1eT28Nwz7xcDRAyCRWFf9FJ7C9oiGL83bMBbFR777rIa3q92VLR0LhSPqVCfZttH+ qBYyXI5vPoiJsItDsEY/N0+Bm/HG2kF8j4Smthw8PQXIp9yqbrO6/5DWrZ0O5m+oro1k scMA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:date :subject:cc:to:from:message-id:dkim-signature; bh=pj6LoP7IKnvmbi/dGc8hKKjxVKAxUr0Pi1wWsmEFVu4=; fh=AqLaX9z/ngQOtDURJCbUTHeaDBFt8c/BKlUI2Qr/xdI=; b=i1YE7aCKTVbw5xHPhKQsewRUDaQR+kmicus91j5KPqIjFRr/2KSuW1oLv8e2SJEwwY KWB00T2a7bdhIbjc0Ob2dS+1zG/LytmYfQnH10zeoyFJ9rbQddjvhd7II3nXMErfOEmk TMX9qdmiCHpjAxkiZt8auAI1okBuC3b7aITamqKVvwWApL9wscbseQPCSmzOBF0VoAIa N42UoJHqg8VxvTWlanIlXjkoKqGj80KvOhXWIIQMsjdJiMfI8XN2QSlh0/FGYWsScouR f3OKHeTe+EQcywdyL04J/H6JmWGNTxj2sd3q2jnq4Ncl+jd2zB7DWT0EnBDbWZ8GX0w6 UI5Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=a6Z0xQtB; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-74889-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-74889-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id ec17-20020a170906b6d100b00a3ce9fc818bsi4720401ejb.31.2024.02.21.06.26.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 06:26:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-74889-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=a6Z0xQtB; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-74889-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-74889-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id E0DEF1F21977 for ; Wed, 21 Feb 2024 14:26:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 275597E0E8; Wed, 21 Feb 2024 14:26:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="a6Z0xQtB" Received: from out203-205-221-192.mail.qq.com (out203-205-221-192.mail.qq.com [203.205.221.192]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6C744C62; Wed, 21 Feb 2024 14:26:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=203.205.221.192 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708525592; cv=none; b=RqPX1asokhiRl0S34IzWCIiKYno0zVryM9H2BL5Ij8fgA7DuqDz5J8z5jgszKVoOqVrn18X0MJuj63YVTvGaIyQPt9LPDaHivgv99Bxdhz5s3wiPpcBKcF89ro87zp6PdIqiVEXnbG0D19qxaAoNFqelqEV2/perfNKmS8VnSBI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708525592; c=relaxed/simple; bh=v11Pc7CIFtiDJvtTdFEr5KXDbTe1sppjg1bvGaMcSho=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=OsTodSaHXhyT8t2XlcGbOdMEi3fO4zVjFREu9pDag7TC2gcH9Y/MYnVSPBbalF9YoLH8304RDja96fioK42crz9TUGarywvyhprlq3xlqjpMIyEahLf1mbujkNKhyYfgc2sczJBcBzba0JTc9yrAyvha9SpOOnyw+Y4iJz2gz5I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=a6Z0xQtB; arc=none smtp.client-ip=203.205.221.192 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1708525581; bh=pj6LoP7IKnvmbi/dGc8hKKjxVKAxUr0Pi1wWsmEFVu4=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=a6Z0xQtBUzux2mkhM+3ZTBkc7GG9xTbe5w9a3P5Qj9eONYB9lhI+lZ/8y/Xfi10We qC6QKRn0J675XN+M7FRePWYQjtl3gFQuh4XGUkXL7lTKCVGc/wkjvKJMi08Mh7kVZ9 M2MHha0CiKjnwuMDuJsIXwyEl7LofK3onaR3rf7M= Received: from pek-lxu-l1.wrs.com ([111.198.228.140]) by newxmesmtplogicsvrsza10-0.qq.com (NewEsmtp) with SMTP id 50418A1B; Wed, 21 Feb 2024 22:20:04 +0800 X-QQ-mid: xmsmtpt1708525204t0xgoj2qr Message-ID: X-QQ-XMAILINFO: M3ziZXKDk+iOt7Y7H7kR7VuOyouwPtJP/BqzCiDi509G429y8WTRXNEwOEy1HQ KNti5PBaUD73kBsZTMmNaElFH/FiHZ8JaXm+T+38IpASlsWsBNyeBArNa0Pr9w04+SKoRbN8beoy 23SB0wvVYLyQLj6gla93Y5kiUbMbv7jXhifKWb6o5zAZe0Df9dhrmcfq29TyvPfz9uyaR//JS8q/ WNEB/BotOa/knSUCMDx2B4PX+01xpCsrdA8an0jr8Ien++5gph+y/FMQnTZu0wRYt463ZHjvj+A+ 4DIbuzCmwlMRS/KF63NEa+5bbh1K6jvCNxYlVJqavgUGa2yge7kHc4gbsb4kNng6xd+78e08Z4QI ZL++SU+WugkOqsPYHguh4yae5/rpUx8ZMgjIppocoljZEpVBlbgd81cbDl88EaciZeJ/iJyS7UNV r0l/AxBa41EJbikFa8R/HTaBis4EHY8BTWSXep2UQmwvOTijwhRK+fCVQetq9TiwVqAj8p4ky32i K3a1ase94OZEsUrCxVyRmXvvLeaTxggMKL+z0ZwS1lBNWM4g72RTyriOr8mKCX4QOchd/auaOk4V AqYX46h4esToenJvpwS3vsKhUsIxOh5j7ytb6iUhrX+GTdCXrsFIKnS2dr/UdFYHrzp69rKAI3ny 8IFy7aXOxMuppn94MNIc6HLgmaJMMn5+MJNPn0qNnc20m6iRhAAZJcsU0Q/lI4B6mrEzvLhaE/st ZJEpe8P58ktoFFCsC6uhDxo9D88FpBoaRo8F9RvOLZssOFRZVBGDhbiefKCQfcjgf26KBEPDyx3C ZrryfrzthXJ+lBmlAXevgjnkfrYIU5+YGxNKkK2qLXXQC7SgTB+niI00IUuB3amn4uHHHIpkR2bs fzCgWRjzOCVh+N9KheWwLoENBaZN1hLFlmY2RPwXDGTGHQ7P00VcA= X-QQ-XMRINFO: M/715EihBoGSf6IYSX1iLFg= From: Edward Adam Davis To: syzbot+116b65a23bc791ae49a6@syzkaller.appspotmail.com Cc: hverkuil-cisco@xs4all.nl, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, mchehab@kernel.org, syzkaller-bugs@googlegroups.com Subject: [PATCH] media/cec/core: fix task hung in cec_claim_log_addrs Date: Wed, 21 Feb 2024 22:20:05 +0800 X-OQ-MSGID: <20240221142004.159200-2-eadavis@qq.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <0000000000006d96200611de3986@google.com> References: <0000000000006d96200611de3986@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791518947955168628 X-GMAIL-MSGID: 1791518947955168628 After unlocking adap->lock in cec_claim_log_addrs(), cec_claim_log_addrs() may re-enter, causing this issue to occur. In the thread function cec_config_thread_func() adap->lock is also used, so there is no need to unlock adap->lock in cec_claim_log_addrs(), and then use adap->lock in cec_config_thread_func() to protect. Reported-and-tested-by: syzbot+116b65a23bc791ae49a6@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis --- drivers/media/cec/core/cec-adap.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/drivers/media/cec/core/cec-adap.c b/drivers/media/cec/core/cec-adap.c index 5741adf09a2e..21b3ff504524 100644 --- a/drivers/media/cec/core/cec-adap.c +++ b/drivers/media/cec/core/cec-adap.c @@ -1436,7 +1436,6 @@ static int cec_config_thread_func(void *arg) int err; int i, j; - mutex_lock(&adap->lock); dprintk(1, "physical address: %x.%x.%x.%x, claim %d logical addresses\n", cec_phys_addr_exp(adap->phys_addr), las->num_log_addrs); las->log_addr_mask = 0; @@ -1565,7 +1564,6 @@ static int cec_config_thread_func(void *arg) } adap->kthread_config = NULL; complete(&adap->config_completion); - mutex_unlock(&adap->lock); call_void_op(adap, configured); return 0; @@ -1577,7 +1575,6 @@ static int cec_config_thread_func(void *arg) adap->must_reconfigure = false; adap->kthread_config = NULL; complete(&adap->config_completion); - mutex_unlock(&adap->lock); return 0; } @@ -1602,9 +1599,7 @@ static void cec_claim_log_addrs(struct cec_adapter *adap, bool block) adap->kthread_config = NULL; adap->is_configuring = false; } else if (block) { - mutex_unlock(&adap->lock); wait_for_completion(&adap->config_completion); - mutex_lock(&adap->lock); } }