Re: [PATCH v4] videobuf2: Add missing lock held on vb2_fop_relase

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sylwester Nawrocki <s.nawrocki@samsung.com>
To: Hans Verkuil <hverkuil@xs4all.nl>,
	Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Cc: Mauro Carvalho Chehab <m.chehab@samsung.com>,
	Kyungmin Park <kyungmin.park@samsung.com>,
	Kukjin Kim <kgene.kim@samsung.com>,
	Pawel Osciak <pawel@osciak.com>,
	Marek Szyprowski <m.szyprowski@samsung.com>,
	"open list:SAMSUNG S5P/EXYNO..." <linux-media@vger.kernel.org>,
	"moderated list:ARM/S5P EXYNOS AR..."
	<linux-arm-kernel@lists.infradead.org>,
	"moderated list:ARM/S5P EXYNOS AR..."
	<linux-samsung-soc@vger.kernel.org>
Subject: Re: [PATCH v4] videobuf2: Add missing lock held on vb2_fop_relase
Date: Mon, 04 Nov 2013 15:24:26 +0100	[thread overview]
Message-ID: <5277AE1A.6090303@samsung.com> (raw)
In-Reply-To: <5277AB62.5000505@xs4all.nl>

On 04/11/13 15:12, Hans Verkuil wrote:
> On 11/04/2013 02:54 PM, Ricardo Ribalda Delgado wrote:
>> > Hello Hans
>> > 
>> > Thanks for your comments.
>> > 
>> > Please take a look to v4 of this patch
>> > https://patchwork.linuxtv.org/patch/20529/
>> > 
>> > On Mon, Nov 4, 2013 at 1:37 PM, Hans Verkuil <hverkuil@xs4all.nl> wrote:
>>> >> On 11/02/2013 10:53 AM, Ricardo Ribalda Delgado wrote:
>>>> >>> From: Ricardo Ribalda <ricardo.ribalda@gmail.com>
>>>> >>>
>>>> >>> vb2_fop_relase does not held the lock although it is modifying the
>>>> >>> queue->owner field.
>>>> >>>
>>>> >>> This could lead to race conditions on the vb2_perform_io function
>>>> >>> when multiple applications are accessing the video device via
>>>> >>> read/write API:
>>> >>
>>> >> It's also called directly by drivers/media/usb/em28xx/em28xx-video.c!
>>> >>
>> > 
>> > em28xx-video does not hold the lock, therefore it can call the normal
>> > function. On v2 we made a internal function that should be called if
>> > the funciton is called directly by the driver. Please take a look to
>> > the old comments. https://patchwork.linuxtv.org/patch/20460/
>
> static int em28xx_v4l2_close(struct file *filp)
> {
>         struct em28xx_fh *fh  = filp->private_data;
>         struct em28xx    *dev = fh->dev;
>         int              errCode;
> 
>         em28xx_videodbg("users=%d\n", dev->users);
> 
>         mutex_lock(&dev->lock);
>         vb2_fop_release(filp);
> 	...
> 
> vb2_fop_release(filp) will, with your patch, also try to get dev->lock.
> 
> Sylwester's comment re em28xx is incorrect.

dev->lock is not used as the video queue lock:

$ git grep "lock =" drivers/media/usb/em28xx/
...
drivers/media/usb/em28xx/em28xx-video.c:        dev->vdev->queue->lock = &dev->vb_queue_lock;
drivers/media/usb/em28xx/em28xx-video.c:                dev->vbi_dev->queue->lock = &dev->vb_vbi_queue_lock;

There is a separate mutex for the video queue which needs to be acquired
independently.

--
Regards,
Sylwester

WARNING: multiple messages have this Message-ID (diff)

From: s.nawrocki@samsung.com (Sylwester Nawrocki)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v4] videobuf2: Add missing lock held on vb2_fop_relase
Date: Mon, 04 Nov 2013 15:24:26 +0100	[thread overview]
Message-ID: <5277AE1A.6090303@samsung.com> (raw)
In-Reply-To: <5277AB62.5000505@xs4all.nl>

On 04/11/13 15:12, Hans Verkuil wrote:
> On 11/04/2013 02:54 PM, Ricardo Ribalda Delgado wrote:
>> > Hello Hans
>> > 
>> > Thanks for your comments.
>> > 
>> > Please take a look to v4 of this patch
>> > https://patchwork.linuxtv.org/patch/20529/
>> > 
>> > On Mon, Nov 4, 2013 at 1:37 PM, Hans Verkuil <hverkuil@xs4all.nl> wrote:
>>> >> On 11/02/2013 10:53 AM, Ricardo Ribalda Delgado wrote:
>>>> >>> From: Ricardo Ribalda <ricardo.ribalda@gmail.com>
>>>> >>>
>>>> >>> vb2_fop_relase does not held the lock although it is modifying the
>>>> >>> queue->owner field.
>>>> >>>
>>>> >>> This could lead to race conditions on the vb2_perform_io function
>>>> >>> when multiple applications are accessing the video device via
>>>> >>> read/write API:
>>> >>
>>> >> It's also called directly by drivers/media/usb/em28xx/em28xx-video.c!
>>> >>
>> > 
>> > em28xx-video does not hold the lock, therefore it can call the normal
>> > function. On v2 we made a internal function that should be called if
>> > the funciton is called directly by the driver. Please take a look to
>> > the old comments. https://patchwork.linuxtv.org/patch/20460/
>
> static int em28xx_v4l2_close(struct file *filp)
> {
>         struct em28xx_fh *fh  = filp->private_data;
>         struct em28xx    *dev = fh->dev;
>         int              errCode;
> 
>         em28xx_videodbg("users=%d\n", dev->users);
> 
>         mutex_lock(&dev->lock);
>         vb2_fop_release(filp);
> 	...
> 
> vb2_fop_release(filp) will, with your patch, also try to get dev->lock.
> 
> Sylwester's comment re em28xx is incorrect.

dev->lock is not used as the video queue lock:

$ git grep "lock =" drivers/media/usb/em28xx/
...
drivers/media/usb/em28xx/em28xx-video.c:        dev->vdev->queue->lock = &dev->vb_queue_lock;
drivers/media/usb/em28xx/em28xx-video.c:                dev->vbi_dev->queue->lock = &dev->vb_vbi_queue_lock;

There is a separate mutex for the video queue which needs to be acquired
independently.

--
Regards,
Sylwester

next prev parent reply	other threads:[~2013-11-04 14:24 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-02  9:53 [PATCH v4] videobuf2: Add missing lock held on vb2_fop_relase Ricardo Ribalda Delgado
2013-11-02  9:53 ` Ricardo Ribalda Delgado
2013-11-04 12:37 ` Hans Verkuil
2013-11-04 12:37   ` Hans Verkuil
2013-11-04 12:37   ` Hans Verkuil
2013-11-04 13:54   ` Ricardo Ribalda Delgado
2013-11-04 13:54     ` Ricardo Ribalda Delgado
2013-11-04 13:54     ` Ricardo Ribalda Delgado
2013-11-04 14:12     ` Sylwester Nawrocki
2013-11-04 14:12       ` Sylwester Nawrocki
2013-11-04 14:12     ` Hans Verkuil
2013-11-04 14:12       ` Hans Verkuil
2013-11-04 14:24       ` Sylwester Nawrocki [this message]
2013-11-04 14:24         ` Sylwester Nawrocki
2013-11-04 15:19         ` Hans Verkuil
2013-11-04 15:19           ` Hans Verkuil
2013-11-06  8:26           ` Ricardo Ribalda Delgado
2013-11-06  8:26             ` Ricardo Ribalda Delgado
2013-11-06  8:40             ` Ricardo Ribalda Delgado
2013-11-06  8:40               ` Ricardo Ribalda Delgado

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5277AE1A.6090303@samsung.com \
    --to=s.nawrocki@samsung.com \
    --cc=hverkuil@xs4all.nl \
    --cc=kgene.kim@samsung.com \
    --cc=kyungmin.park@samsung.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-media@vger.kernel.org \
    --cc=linux-samsung-soc@vger.kernel.org \
    --cc=m.chehab@samsung.com \
    --cc=m.szyprowski@samsung.com \
    --cc=pawel@osciak.com \
    --cc=ricardo.ribalda@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.