Commit 69c0e9c5 authored by Laurent Pinchart's avatar Laurent Pinchart Committed by Mauro Carvalho Chehab

[media] v4l: vb2: Fix race condition in _vb2_fop_release

The function releases the queue if the file being released is the queue
owner. The check reads the queue->owner field without taking the queue
lock, creating a race condition with functions that set the queue owner,
such as vb2_ioctl_reqbufs() for instance.

Fix this by moving the queue->owner check within the mutex protected
section.
Signed-off-by: default avatarLaurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: default avatarHans Verkuil <hans.verkuil@cisco.com>
Acked-by: default avatarSylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@osg.samsung.com>
parent f6cee188
...@@ -3389,14 +3389,14 @@ int _vb2_fop_release(struct file *file, struct mutex *lock) ...@@ -3389,14 +3389,14 @@ int _vb2_fop_release(struct file *file, struct mutex *lock)
{ {
struct video_device *vdev = video_devdata(file); struct video_device *vdev = video_devdata(file);
if (lock)
mutex_lock(lock);
if (file->private_data == vdev->queue->owner) { if (file->private_data == vdev->queue->owner) {
if (lock)
mutex_lock(lock);
vb2_queue_release(vdev->queue); vb2_queue_release(vdev->queue);
vdev->queue->owner = NULL; vdev->queue->owner = NULL;
if (lock)
mutex_unlock(lock);
} }
if (lock)
mutex_unlock(lock);
return v4l2_fh_release(file); return v4l2_fh_release(file);
} }
EXPORT_SYMBOL_GPL(_vb2_fop_release); EXPORT_SYMBOL_GPL(_vb2_fop_release);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment