From 97d66c47277fc801bc1ee93559a848057181ea55 Mon Sep 17 00:00:00 2001 From: Sylwester Nawrocki Date: Thu, 22 Nov 2012 06:17:19 -0300 Subject: [media] s5p-fimc: Prevent race conditions during subdevs registration Make sure when fimc and fimc-lite capture video node is registered it has valid pipeline_ops assigned to it. Otherwise when a video node is opened right after is was registered there, might be an attempt to use ops that are just being assigned, after function v4l2_device_register_subdev() returns. Signed-off-by: Sylwester Nawrocki Signed-off-by: Kyungmin Park Signed-off-by: Mauro Carvalho Chehab --- drivers/media/platform/s5p-fimc/fimc-capture.c | 7 ++++++- drivers/media/platform/s5p-fimc/fimc-lite.c | 3 +++ drivers/media/platform/s5p-fimc/fimc-mdevice.c | 4 ++-- 3 files changed, 11 insertions(+), 3 deletions(-) (limited to 'drivers/media/platform/s5p-fimc') diff --git a/drivers/media/platform/s5p-fimc/fimc-capture.c b/drivers/media/platform/s5p-fimc/fimc-capture.c index 3d39d97abaa5..3fc896b8eeae 100644 --- a/drivers/media/platform/s5p-fimc/fimc-capture.c +++ b/drivers/media/platform/s5p-fimc/fimc-capture.c @@ -1774,9 +1774,13 @@ static int fimc_capture_subdev_registered(struct v4l2_subdev *sd) if (ret) return ret; + fimc->pipeline_ops = v4l2_get_subdev_hostdata(sd); + ret = fimc_register_capture_device(fimc, sd->v4l2_dev); - if (ret) + if (ret) { fimc_unregister_m2m_device(fimc); + fimc->pipeline_ops = NULL; + } return ret; } @@ -1793,6 +1797,7 @@ static void fimc_capture_subdev_unregistered(struct v4l2_subdev *sd) if (video_is_registered(&fimc->vid_cap.vfd)) { video_unregister_device(&fimc->vid_cap.vfd); media_entity_cleanup(&fimc->vid_cap.vfd.entity); + fimc->pipeline_ops = NULL; } kfree(fimc->vid_cap.ctx); fimc->vid_cap.ctx = NULL; diff --git a/drivers/media/platform/s5p-fimc/fimc-lite.c b/drivers/media/platform/s5p-fimc/fimc-lite.c index 9db246bed841..23f203e8a7d3 100644 --- a/drivers/media/platform/s5p-fimc/fimc-lite.c +++ b/drivers/media/platform/s5p-fimc/fimc-lite.c @@ -1263,10 +1263,12 @@ static int fimc_lite_subdev_registered(struct v4l2_subdev *sd) return ret; video_set_drvdata(vfd, fimc); + fimc->pipeline_ops = v4l2_get_subdev_hostdata(sd); ret = video_register_device(vfd, VFL_TYPE_GRABBER, -1); if (ret < 0) { media_entity_cleanup(&vfd->entity); + fimc->pipeline_ops = NULL; return ret; } @@ -1285,6 +1287,7 @@ static void fimc_lite_subdev_unregistered(struct v4l2_subdev *sd) if (video_is_registered(&fimc->vfd)) { video_unregister_device(&fimc->vfd); media_entity_cleanup(&fimc->vfd.entity); + fimc->pipeline_ops = NULL; } } diff --git a/drivers/media/platform/s5p-fimc/fimc-mdevice.c b/drivers/media/platform/s5p-fimc/fimc-mdevice.c index 38ea4d143a49..0531ab70a94c 100644 --- a/drivers/media/platform/s5p-fimc/fimc-mdevice.c +++ b/drivers/media/platform/s5p-fimc/fimc-mdevice.c @@ -352,6 +352,7 @@ static int fimc_register_callback(struct device *dev, void *p) sd = &fimc->vid_cap.subdev; sd->grp_id = FIMC_GROUP_ID; + v4l2_set_subdev_hostdata(sd, (void *)&fimc_pipeline_ops); ret = v4l2_device_register_subdev(&fmd->v4l2_dev, sd); if (ret) { @@ -360,7 +361,6 @@ static int fimc_register_callback(struct device *dev, void *p) return ret; } - fimc->pipeline_ops = &fimc_pipeline_ops; fmd->fimc[fimc->id] = fimc; return 0; } @@ -375,6 +375,7 @@ static int fimc_lite_register_callback(struct device *dev, void *p) return 0; fimc->subdev.grp_id = FLITE_GROUP_ID; + v4l2_set_subdev_hostdata(&fimc->subdev, (void *)&fimc_pipeline_ops); ret = v4l2_device_register_subdev(&fmd->v4l2_dev, &fimc->subdev); if (ret) { @@ -384,7 +385,6 @@ static int fimc_lite_register_callback(struct device *dev, void *p) return ret; } - fimc->pipeline_ops = &fimc_pipeline_ops; fmd->fimc_lite[fimc->index] = fimc; return 0; } -- cgit v1.2.3 From ba6b372cf0af564bdc6c14bf68e078ae34bef222 Mon Sep 17 00:00:00 2001 From: Sylwester Nawrocki Date: Thu, 22 Nov 2012 11:12:16 -0300 Subject: [media] s5p-fimc: Don't use mutex_lock_interruptible() in device release() Use uninterruptible mutex_lock in the release() file op to make sure all resources are properly freed when a process is being terminated. Returning -ERESTARTSYS has no effect for a terminating process and this caused driver resources not to be released. Not releasing the buffer queue also prevented other drivers to free memory, e.g. in MMAP -> USERPTR scenario. This patch is required for stable kernels v3.6+. Reported-by: Kamil Debski Reported-by: Marek Szyprowski Signed-off-by: Sylwester Nawrocki Signed-off-by: Kyungmin Park Signed-off-by: Mauro Carvalho Chehab --- drivers/media/platform/s5p-fimc/fimc-capture.c | 3 +-- drivers/media/platform/s5p-fimc/fimc-m2m.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) (limited to 'drivers/media/platform/s5p-fimc') diff --git a/drivers/media/platform/s5p-fimc/fimc-capture.c b/drivers/media/platform/s5p-fimc/fimc-capture.c index 3fc896b8eeae..891ee873c62b 100644 --- a/drivers/media/platform/s5p-fimc/fimc-capture.c +++ b/drivers/media/platform/s5p-fimc/fimc-capture.c @@ -556,8 +556,7 @@ static int fimc_capture_close(struct file *file) dbg("pid: %d, state: 0x%lx", task_pid_nr(current), fimc->state); - if (mutex_lock_interruptible(&fimc->lock)) - return -ERESTARTSYS; + mutex_lock(&fimc->lock); if (--fimc->vid_cap.refcnt == 0) { clear_bit(ST_CAPT_BUSY, &fimc->state); diff --git a/drivers/media/platform/s5p-fimc/fimc-m2m.c b/drivers/media/platform/s5p-fimc/fimc-m2m.c index 4500e44f6857..62afed3162ea 100644 --- a/drivers/media/platform/s5p-fimc/fimc-m2m.c +++ b/drivers/media/platform/s5p-fimc/fimc-m2m.c @@ -718,8 +718,7 @@ static int fimc_m2m_release(struct file *file) dbg("pid: %d, state: 0x%lx, refcnt= %d", task_pid_nr(current), fimc->state, fimc->m2m.refcnt); - if (mutex_lock_interruptible(&fimc->lock)) - return -ERESTARTSYS; + mutex_lock(&fimc->lock); v4l2_m2m_ctx_release(ctx->m2m_ctx); fimc_ctrls_delete(ctx); -- cgit v1.2.3 From ddc43d6dc7df0849fe41b91460fa76145cf87b67 Mon Sep 17 00:00:00 2001 From: Sylwester Nawrocki Date: Thu, 22 Nov 2012 11:13:04 -0300 Subject: [media] fimc-lite: Don't use mutex_lock_interruptible() in device release() Use uninterruptible mutex_lock in the release() file op to make sure all resources are properly freed when a process is being terminated. Returning -ERESTARTSYS has no effect for a terminating process and this may cause driver resources not to be released. This patch is required for stable kernels v3.5+. Reported-by: Marek Szyprowski Signed-off-by: Sylwester Nawrocki Signed-off-by: Kyungmin Park Signed-off-by: Mauro Carvalho Chehab --- drivers/media/platform/s5p-fimc/fimc-lite.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'drivers/media/platform/s5p-fimc') diff --git a/drivers/media/platform/s5p-fimc/fimc-lite.c b/drivers/media/platform/s5p-fimc/fimc-lite.c index 23f203e8a7d3..1b309a72f09f 100644 --- a/drivers/media/platform/s5p-fimc/fimc-lite.c +++ b/drivers/media/platform/s5p-fimc/fimc-lite.c @@ -491,8 +491,7 @@ static int fimc_lite_close(struct file *file) struct fimc_lite *fimc = video_drvdata(file); int ret; - if (mutex_lock_interruptible(&fimc->lock)) - return -ERESTARTSYS; + mutex_lock(&fimc->lock); if (--fimc->ref_count == 0 && fimc->out_path == FIMC_IO_DMA) { clear_bit(ST_FLITE_IN_USE, &fimc->state); -- cgit v1.2.3