Re: [PATCH] bttv: fix mutex use before init

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Chris Clayton <chris2553@googlemail.com>
To: Brandon Philips <brandon@ifup.org>
Cc: Torsten Kaiser <just.for.lkml@googlemail.com>,
	Dave Young <hidave.darkstar@gmail.com>,
	linux-media@vger.kernel.org, linux-kernel@vger.kernel.org,
	Mauro Carvalho Chehab <mchehab@infradead.org>,
	Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Subject: Re: [PATCH] bttv: fix mutex use before init
Date: Wed, 15 Dec 2010 18:44:04 +0000	[thread overview]
Message-ID: <201012151844.04105.chris2553@googlemail.com> (raw)
In-Reply-To: <20101214003024.GA3575@hanuman.home.ifup.org>

On Tuesday 14 December 2010, Brandon Philips wrote:
> On 17:13 Sun 12 Dec 2010, Torsten Kaiser wrote:
> >  * change &fh->cap.vb_lock in bttv_open() AND radio_open() to
> > &btv->init.cap.vb_lock
> >  * add a mutex_init(&btv->init.cap.vb_lock) to the setup of init in
> > bttv_probe()
>
> That seems like a reasonable suggestion. An openSUSE user submitted this
> bug to our tracker too. Here is the patch I am having him test.
>
> Would you mind testing it?
>
> From 456dc0ce36db523c4c0c8a269f4eec43a72de1dc Mon Sep 17 00:00:00 2001
> From: Brandon Philips <bphilips@suse.de>
> Date: Mon, 13 Dec 2010 16:21:55 -0800
> Subject: [PATCH] bttv: fix locking for btv->init
>
> Fix locking for the btv->init by using btv->init.cap.vb_lock and in the
> process fix uninitialized deref introduced in c37db91fd0d.
>
> Signed-off-by: Brandon Philips <bphilips@suse.de>
> ---
>  drivers/media/video/bt8xx/bttv-driver.c |   24 +++++++++++++-----------
>  1 files changed, 13 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/media/video/bt8xx/bttv-driver.c
> b/drivers/media/video/bt8xx/bttv-driver.c index a529619..e656424 100644
> --- a/drivers/media/video/bt8xx/bttv-driver.c
> +++ b/drivers/media/video/bt8xx/bttv-driver.c
> @@ -2391,16 +2391,11 @@ static int setup_window_lock(struct bttv_fh *fh,
> struct bttv *btv, fh->ov.field    = win->field;
>  	fh->ov.setup_ok = 1;
>
> -	/*
> -	 * FIXME: btv is protected by btv->lock mutex, while btv->init
> -	 *	  is protected by fh->cap.vb_lock. This seems to open the
> -	 *	  possibility for some race situations. Maybe the better would
> -	 *	  be to unify those locks or to use another way to store the
> -	 *	  init values that will be consumed by videobuf callbacks
> -	 */
> +	mutex_lock(&btv->init.cap.vb_lock);
>  	btv->init.ov.w.width   = win->w.width;
>  	btv->init.ov.w.height  = win->w.height;
>  	btv->init.ov.field     = win->field;
> +	mutex_unlock(&btv->init.cap.vb_lock);
>
>  	/* update overlay if needed */
>  	retval = 0;
> @@ -2620,9 +2615,11 @@ static int bttv_s_fmt_vid_cap(struct file *file,
> void *priv, fh->cap.last         = V4L2_FIELD_NONE;
>  	fh->width            = f->fmt.pix.width;
>  	fh->height           = f->fmt.pix.height;
> +	mutex_lock(&btv->init.cap.vb_lock);
>  	btv->init.fmt        = fmt;
>  	btv->init.width      = f->fmt.pix.width;
>  	btv->init.height     = f->fmt.pix.height;
> +	mutex_unlock(&btv->init.cap.vb_lock);
>  	mutex_unlock(&fh->cap.vb_lock);
>
>  	return 0;
> @@ -2855,6 +2852,7 @@ static int bttv_s_fbuf(struct file *file, void *f,
>
>  	retval = 0;
>  	fh->ovfmt = fmt;
> +	mutex_lock(&btv->init.cap.vb_lock);
>  	btv->init.ovfmt = fmt;
>  	if (fb->flags & V4L2_FBUF_FLAG_OVERLAY) {
>  		fh->ov.w.left   = 0;
> @@ -2876,6 +2874,7 @@ static int bttv_s_fbuf(struct file *file, void *f,
>  			retval = bttv_switch_overlay(btv, fh, new);
>  		}
>  	}
> +	mutex_unlock(&btv->init.cap.vb_lock);
>  	mutex_unlock(&fh->cap.vb_lock);
>  	return retval;
>  }
> @@ -3141,6 +3140,7 @@ static int bttv_s_crop(struct file *file, void *f,
> struct v4l2_crop *crop) fh->do_crop = 1;
>
>  	mutex_lock(&fh->cap.vb_lock);
> +	mutex_lock(&btv->init.cap.vb_lock);
>
>  	if (fh->width < c.min_scaled_width) {
>  		fh->width = c.min_scaled_width;
> @@ -3158,6 +3158,7 @@ static int bttv_s_crop(struct file *file, void *f,
> struct v4l2_crop *crop) btv->init.height = c.max_scaled_height;
>  	}
>
> +	mutex_unlock(&btv->init.cap.vb_lock);
>  	mutex_unlock(&fh->cap.vb_lock);
>
>  	return 0;
> @@ -3302,9 +3303,9 @@ static int bttv_open(struct file *file)
>  	 * Let's first copy btv->init at fh, holding cap.vb_lock, and then work
>  	 * with the rest of init, holding btv->lock.
>  	 */
> -	mutex_lock(&fh->cap.vb_lock);
> +	mutex_lock(&btv->init.cap.vb_lock);
>  	*fh = btv->init;
> -	mutex_unlock(&fh->cap.vb_lock);
> +	mutex_unlock(&btv->init.cap.vb_lock);
>
>  	fh->type = type;
>  	fh->ov.setup_ok = 0;
> @@ -3502,9 +3503,9 @@ static int radio_open(struct file *file)
>  	if (unlikely(!fh))
>  		return -ENOMEM;
>  	file->private_data = fh;
> -	mutex_lock(&fh->cap.vb_lock);
> +	mutex_lock(&btv->init.cap.vb_lock);
>  	*fh = btv->init;
> -	mutex_unlock(&fh->cap.vb_lock);
> +	mutex_unlock(&btv->init.cap.vb_lock);
>
>  	mutex_lock(&btv->lock);
>  	v4l2_prio_open(&btv->prio, &fh->prio);
> @@ -4489,6 +4490,7 @@ static int __devinit bttv_probe(struct pci_dev *dev,
>  	btv->opt_coring     = coring;
>
>  	/* fill struct bttv with some useful defaults */
> +	mutex_init(&btv->init.cap.vb_lock);
>  	btv->init.btv         = btv;
>  	btv->init.ov.w.width  = 320;
>  	btv->init.ov.w.height = 240;

The patch is good here too. Thanks.

Tested-by: Chris Clayton <chris2553@googlemail.com>



-- 
The more I see, the more I know. The more I know, the less I understand. 
Changing Man - Paul Weller

next prev parent reply	other threads:[~2010-12-15 18:44 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-12-12 13:15 [PATCH] bttv: fix mutex use before init Dave Young
2010-12-12 16:13 ` Torsten Kaiser
2010-12-13 14:04   ` Dave Young
2010-12-13 19:06     ` Torsten Kaiser
2010-12-14  0:30   ` Brandon Philips
2010-12-14 12:05     ` Dave Young
2010-12-14 20:56     ` Torsten Kaiser
2010-12-14 21:13       ` Torsten Kaiser
2010-12-14 21:48         ` Brandon Philips
2010-12-14 21:43       ` Brandon Philips
2010-12-15  2:42         ` Dave Young
2010-12-15  6:47         ` Torsten Kaiser
2010-12-15 18:44     ` Chris Clayton [this message]
2010-12-15 21:45       ` Mauro Carvalho Chehab
2010-12-16 17:26         ` Chris Clayton
2010-12-17 14:05         ` Torsten Kaiser
2010-12-17 16:07         ` Brandon Philips
2010-12-17 20:11           ` Mauro Carvalho Chehab

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201012151844.04105.chris2553@googlemail.com \
    --to=chris2553@googlemail.com \
    --cc=brandon@ifup.org \
    --cc=g.liakhovetski@gmx.de \
    --cc=hidave.darkstar@gmail.com \
    --cc=just.for.lkml@googlemail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-media@vger.kernel.org \
    --cc=mchehab@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.