diff options
author | Laurent Pinchart <laurent.pinchart@ideasonboard.com> | 2014-11-01 10:32:28 -0300 |
---|---|---|
committer | Mauro Carvalho Chehab <mchehab@osg.samsung.com> | 2014-12-04 12:41:51 -0200 |
commit | 69c0e9c547817fef14871bc5c4645fad683f242e (patch) | |
tree | 1111885af6e5602910bdc1e144cd424948869cb8 /drivers/media/v4l2-core | |
parent | f6cee18858b3c0adaa30cbe45a1766c8ef053c5d (diff) | |
download | linux-69c0e9c547817fef14871bc5c4645fad683f242e.tar.bz2 |
[media] v4l: vb2: Fix race condition in _vb2_fop_release
The function releases the queue if the file being released is the queue
owner. The check reads the queue->owner field without taking the queue
lock, creating a race condition with functions that set the queue owner,
such as vb2_ioctl_reqbufs() for instance.
Fix this by moving the queue->owner check within the mutex protected
section.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Diffstat (limited to 'drivers/media/v4l2-core')
-rw-r--r-- | drivers/media/v4l2-core/videobuf2-core.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/drivers/media/v4l2-core/videobuf2-core.c b/drivers/media/v4l2-core/videobuf2-core.c index 2685670b20ec..d09a8916e940 100644 --- a/drivers/media/v4l2-core/videobuf2-core.c +++ b/drivers/media/v4l2-core/videobuf2-core.c @@ -3389,14 +3389,14 @@ int _vb2_fop_release(struct file *file, struct mutex *lock) { struct video_device *vdev = video_devdata(file); + if (lock) + mutex_lock(lock); if (file->private_data == vdev->queue->owner) { - if (lock) - mutex_lock(lock); vb2_queue_release(vdev->queue); vdev->queue->owner = NULL; - if (lock) - mutex_unlock(lock); } + if (lock) + mutex_unlock(lock); return v4l2_fh_release(file); } EXPORT_SYMBOL_GPL(_vb2_fop_release); |