From patchwork Tue Aug 6 20:10:48 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Laurent Pinchart X-Patchwork-Id: 2839590 Return-Path: X-Original-To: patchwork-linux-media@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 898EB9F485 for ; Tue, 6 Aug 2013 20:09:58 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 98A8E20111 for ; Tue, 6 Aug 2013 20:09:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id A98AC20160 for ; Tue, 6 Aug 2013 20:09:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756254Ab3HFUJz (ORCPT ); Tue, 6 Aug 2013 16:09:55 -0400 Received: from perceval.ideasonboard.com ([95.142.166.194]:60799 "EHLO perceval.ideasonboard.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756180Ab3HFUJy (ORCPT ); Tue, 6 Aug 2013 16:09:54 -0400 Received: from avalon.ideasonboard.com (ptra-178-50-81-74.mobistar.be [178.50.81.74]) by perceval.ideasonboard.com (Postfix) with ESMTPSA id 0259135A6C; Tue, 6 Aug 2013 22:09:34 +0200 (CEST) From: Laurent Pinchart To: linux-media@vger.kernel.org Cc: Hans Verkuil , Sakari Ailus , Katsuya MATSUBARA , Sylwester Nawrocki , linux-sh@vger.kernel.org Subject: [PATCH v7] media: vb2: Take queue or device lock in mmap-related vb2 ioctl handlers Date: Tue, 6 Aug 2013 22:10:48 +0200 Message-Id: <1375819848-2658-1-git-send-email-laurent.pinchart+renesas@ideasonboard.com> X-Mailer: git-send-email 1.8.1.5 In-Reply-To: <201308061239.27188.hverkuil@xs4all.nl> References: <201308061239.27188.hverkuil@xs4all.nl> Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The vb2_fop_mmap() and vb2_fop_get_unmapped_area() functions are plug-in implementation of the mmap() and get_unmapped_area() file operations that calls vb2_mmap() and vb2_get_unmapped_area() on the queue associated with the video device. Neither the vb2_fop_mmap/vb2_fop_get_unmapped_area nor the v4l2_mmap/vb2_get_unmapped_area functions in the V4L2 core take any lock, leading to race conditions between mmap/get_unmapped_area and other buffer-related ioctls such as VIDIOC_REQBUFS. Fix it by taking the queue or device lock around the vb2_mmap() and vb2_get_unmapped_area() calls. Signed-off-by: Laurent Pinchart Acked-by: Hans Verkuil --- drivers/media/v4l2-core/videobuf2-core.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/drivers/media/v4l2-core/videobuf2-core.c b/drivers/media/v4l2-core/videobuf2-core.c index 9fc4bab..c9b50c7 100644 --- a/drivers/media/v4l2-core/videobuf2-core.c +++ b/drivers/media/v4l2-core/videobuf2-core.c @@ -2578,8 +2578,15 @@ EXPORT_SYMBOL_GPL(vb2_ioctl_expbuf); int vb2_fop_mmap(struct file *file, struct vm_area_struct *vma) { struct video_device *vdev = video_devdata(file); + struct mutex *lock = vdev->queue->lock ? vdev->queue->lock : vdev->lock; + int err; - return vb2_mmap(vdev->queue, vma); + if (lock && mutex_lock_interruptible(lock)) + return -ERESTARTSYS; + err = vb2_mmap(vdev->queue, vma); + if (lock) + mutex_unlock(lock); + return err; } EXPORT_SYMBOL_GPL(vb2_fop_mmap); @@ -2685,8 +2692,15 @@ unsigned long vb2_fop_get_unmapped_area(struct file *file, unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags) { struct video_device *vdev = video_devdata(file); + struct mutex *lock = vdev->queue->lock ? vdev->queue->lock : vdev->lock; + int ret; - return vb2_get_unmapped_area(vdev->queue, addr, len, pgoff, flags); + if (lock && mutex_lock_interruptible(lock)) + return -ERESTARTSYS; + ret = vb2_get_unmapped_area(vdev->queue, addr, len, pgoff, flags); + if (lock) + mutex_unlock(lock); + return ret; } EXPORT_SYMBOL_GPL(vb2_fop_get_unmapped_area); #endif