Commit f6cee188 authored by Laurent Pinchart's avatar Laurent Pinchart Committed by Mauro Carvalho Chehab

[media] v4l: vb2: Fix race condition in vb2_fop_poll

The vb2_fop_poll() implementation tries to be clever on whether it needs
to lock the queue mutex by checking whether polling might start fileio.
The test requires reading the q->num_buffer field, which is racy if we
don't hold the queue mutex in the first place.

Remove the extra cleverness and just lock the mutex.
Signed-off-by: default avatarLaurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: default avatarHans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@osg.samsung.com>
parent b518d866
...@@ -3459,27 +3459,16 @@ unsigned int vb2_fop_poll(struct file *file, poll_table *wait) ...@@ -3459,27 +3459,16 @@ unsigned int vb2_fop_poll(struct file *file, poll_table *wait)
struct video_device *vdev = video_devdata(file); struct video_device *vdev = video_devdata(file);
struct vb2_queue *q = vdev->queue; struct vb2_queue *q = vdev->queue;
struct mutex *lock = q->lock ? q->lock : vdev->lock; struct mutex *lock = q->lock ? q->lock : vdev->lock;
unsigned long req_events = poll_requested_events(wait);
unsigned res; unsigned res;
void *fileio; void *fileio;
bool must_lock = false;
/* Try to be smart: only lock if polling might start fileio,
otherwise locking will only introduce unwanted delays. */
if (q->num_buffers == 0 && !vb2_fileio_is_active(q)) {
if (!V4L2_TYPE_IS_OUTPUT(q->type) && (q->io_modes & VB2_READ) &&
(req_events & (POLLIN | POLLRDNORM)))
must_lock = true;
else if (V4L2_TYPE_IS_OUTPUT(q->type) && (q->io_modes & VB2_WRITE) &&
(req_events & (POLLOUT | POLLWRNORM)))
must_lock = true;
}
/* If locking is needed, but this helper doesn't know how, then you /*
shouldn't be using this helper but you should write your own. */ * If this helper doesn't know how to lock, then you shouldn't be using
WARN_ON(must_lock && !lock); * it but you should write your own.
*/
WARN_ON(!lock);
if (must_lock && lock && mutex_lock_interruptible(lock)) if (lock && mutex_lock_interruptible(lock))
return POLLERR; return POLLERR;
fileio = q->fileio; fileio = q->fileio;
...@@ -3487,9 +3476,9 @@ unsigned int vb2_fop_poll(struct file *file, poll_table *wait) ...@@ -3487,9 +3476,9 @@ unsigned int vb2_fop_poll(struct file *file, poll_table *wait)
res = vb2_poll(vdev->queue, file, wait); res = vb2_poll(vdev->queue, file, wait);
/* If fileio was started, then we have a new queue owner. */ /* If fileio was started, then we have a new queue owner. */
if (must_lock && !fileio && q->fileio) if (!fileio && q->fileio)
q->owner = file->private_data; q->owner = file->private_data;
if (must_lock && lock) if (lock)
mutex_unlock(lock); mutex_unlock(lock);
return res; return res;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment