[media] v4l: vb2: Fix race condition in vb2_fop_poll

The vb2_fop_poll() implementation tries to be clever on whether it needs
to lock the queue mutex by checking whether polling might start fileio.
The test requires reading the q->num_buffer field, which is racy if we
don't hold the queue mutex in the first place.

Remove the extra cleverness and just lock the mutex.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
This commit is contained in:
Laurent Pinchart 2014-11-01 10:32:28 -03:00 committed by Mauro Carvalho Chehab
parent b518d86609
commit f6cee18858

View File

@ -3459,27 +3459,16 @@ unsigned int vb2_fop_poll(struct file *file, poll_table *wait)
struct video_device *vdev = video_devdata(file);
struct vb2_queue *q = vdev->queue;
struct mutex *lock = q->lock ? q->lock : vdev->lock;
unsigned long req_events = poll_requested_events(wait);
unsigned res;
void *fileio;
bool must_lock = false;
/* Try to be smart: only lock if polling might start fileio,
otherwise locking will only introduce unwanted delays. */
if (q->num_buffers == 0 && !vb2_fileio_is_active(q)) {
if (!V4L2_TYPE_IS_OUTPUT(q->type) && (q->io_modes & VB2_READ) &&
(req_events & (POLLIN | POLLRDNORM)))
must_lock = true;
else if (V4L2_TYPE_IS_OUTPUT(q->type) && (q->io_modes & VB2_WRITE) &&
(req_events & (POLLOUT | POLLWRNORM)))
must_lock = true;
}
/*
* If this helper doesn't know how to lock, then you shouldn't be using
* it but you should write your own.
*/
WARN_ON(!lock);
/* If locking is needed, but this helper doesn't know how, then you
shouldn't be using this helper but you should write your own. */
WARN_ON(must_lock && !lock);
if (must_lock && lock && mutex_lock_interruptible(lock))
if (lock && mutex_lock_interruptible(lock))
return POLLERR;
fileio = q->fileio;
@ -3487,9 +3476,9 @@ unsigned int vb2_fop_poll(struct file *file, poll_table *wait)
res = vb2_poll(vdev->queue, file, wait);
/* If fileio was started, then we have a new queue owner. */
if (must_lock && !fileio && q->fileio)
if (!fileio && q->fileio)
q->owner = file->private_data;
if (must_lock && lock)
if (lock)
mutex_unlock(lock);
return res;
}