* [PATCH v2] media: dmxdev: fix repeated initialization of ringbuffer in dvb_dvr_open()
@ 2025-04-07 9:16 Penglei Jiang
0 siblings, 0 replies; only message in thread
From: Penglei Jiang @ 2025-04-07 9:16 UTC (permalink / raw)
To: mchehab
Cc: standback, linux-media, linux-kernel, syzbot+4e21d5f67b886a692b55,
Penglei Jiang
The dvb_dvr_open() function has an issue where it repeatedly
initializes the data and queue fields of the dvb_ringbuffer.
We should not reinitialize the queue field in the open function,
and if the data field is not empty, the initialization process
should be skipped.
Fixes: 34731df288a5f ("V4L/DVB (3501): Dmxdev: use dvb_ringbuffer")
Reported-by: syzbot+4e21d5f67b886a692b55@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/67917ed8.050a0220.15cac.02eb.GAE@google.com
Tested-by: Jianzhou Zhao <xnxc22xnxc22@qq.com>
Signed-off-by: Penglei Jiang <superman.xpt@gmail.com>
---
drivers/media/dvb-core/dmxdev.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/media/dvb-core/dmxdev.c b/drivers/media/dvb-core/dmxdev.c
index 6063782e937a..55e73c96152a 100644
--- a/drivers/media/dvb-core/dmxdev.c
+++ b/drivers/media/dvb-core/dmxdev.c
@@ -113,6 +113,17 @@ static struct dmx_frontend *get_fe(struct dmx_demux *demux, int type)
return NULL;
}
+static void dvb_ringbuffer_init_noqueue(struct dvb_ringbuffer *ringbuffer,
+ void *data, size_t len)
+{
+ ringbuffer->pread = 0;
+ ringbuffer->pwrite = 0;
+ ringbuffer->data = data;
+ ringbuffer->size = len;
+ ringbuffer->error = 0;
+ spin_lock_init(&ringbuffer->lock);
+}
+
static int dvb_dvr_open(struct inode *inode, struct file *file)
{
struct dvb_device *dvbdev = file->private_data;
@@ -156,7 +167,7 @@ static int dvb_dvr_open(struct inode *inode, struct file *file)
}
}
- if (need_ringbuffer) {
+ if (need_ringbuffer && !dmxdev->dvr_buffer.data) {
void *mem;
if (!dvbdev->readers) {
@@ -168,7 +179,8 @@ static int dvb_dvr_open(struct inode *inode, struct file *file)
mutex_unlock(&dmxdev->mutex);
return -ENOMEM;
}
- dvb_ringbuffer_init(&dmxdev->dvr_buffer, mem, DVR_BUFFER_SIZE);
+ dvb_ringbuffer_init_noqueue(&dmxdev->dvr_buffer, mem,
+ DVR_BUFFER_SIZE);
if (dmxdev->may_do_mmap)
dvb_vb2_init(&dmxdev->dvr_vb2_ctx, "dvr",
file->f_flags & O_NONBLOCK);
--
2.17.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2025-04-07 9:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-07 9:16 [PATCH v2] media: dmxdev: fix repeated initialization of ringbuffer in dvb_dvr_open() Penglei Jiang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).