On Sun, Sep 12, 2021 at 06:49:52PM +0300, Pavel Skripkin wrote:
> On 8/19/21 13:42, Pavel Skripkin wrote:
> > Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized
> > mutex. The problem was in wrong mutex_init() location.
> >
> > Previous mutex_init(&state->msg_lock) call was in ->init() function, but
> > dvb_usbv2_init() has this order of calls:
> >
> > dvb_usbv2_init()
> > dvb_usbv2_adapter_init()
> > dvb_usbv2_adapter_frontend_init()
> > props->frontend_attach()
> >
> > props->init()
> >
> > Since mxl111sf_* devices call mxl111sf_ctrl_msg() in ->frontend_attach()
> > internally we need to initialize state->msg_lock before
> > frontend_attach(). To achieve it, ->probe() call added to all mxl111sf_*
> > devices, which will simply initiaize mutex.
> >
> > Reported-and-tested-by: syzbot+5ca0bf339f13c4243001@xxxxxxxxxxxxxxxxxxxxxxxxx
> > Fixes: 8572211842af ("[media] mxl111sf: convert to new DVB USB")
> > Signed-off-by: Pavel Skripkin <paskripkin@xxxxxxxxx>
>
> Hi, Sean!
>
> Did you have a chance to review this patch? Thank you :)
Sorry during the merge window (from -rc6 to -rc1) I don't tend to look
at patches. Looks good to me, I'll merge it.
Thanks
Sean
