Re: [PATCH 1/2] media: vb2: Fix potential deadlock in vb2_prepare_buffer

public inbox for linux-media@vger.kernel.org
 help / color / mirror / Atom feed

From: Marek Szyprowski <m.szyprowski@samsung.com>
To: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: linux-media@vger.kernel.org, Pawel Osciak <pawel@osciak.com>
Subject: Re: [PATCH 1/2] media: vb2: Fix potential deadlock in vb2_prepare_buffer
Date: Mon, 12 Aug 2013 10:40:46 +0200	[thread overview]
Message-ID: <52089F8E.6090107@samsung.com> (raw)
In-Reply-To: <1376050286-8201-2-git-send-email-laurent.pinchart@ideasonboard.com>

Hello,

On 8/9/2013 2:11 PM, Laurent Pinchart wrote:
> Commit b037c0fde22b1d3cd0b3c3717d28e54619fc1592 ("media: vb2: fix
> potential deadlock in mmap vs. get_userptr handling") fixes an AB-BA
> deadlock related to the mmap_sem and driver locks. The same deadlock can
> occur in vb2_prepare_buffer(), fix it the same way.
>
> Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>

Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>

> ---
>   drivers/media/v4l2-core/videobuf2-core.c | 52 ++++++++++++++++++++++++++------
>   1 file changed, 43 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/media/v4l2-core/videobuf2-core.c b/drivers/media/v4l2-core/videobuf2-core.c
> index 7f32860..7c2a8ce 100644
> --- a/drivers/media/v4l2-core/videobuf2-core.c
> +++ b/drivers/media/v4l2-core/videobuf2-core.c
> @@ -1248,50 +1248,84 @@ static int __buf_prepare(struct vb2_buffer *vb, const struct v4l2_buffer *b)
>    */
>   int vb2_prepare_buf(struct vb2_queue *q, struct v4l2_buffer *b)
>   {
> +	struct rw_semaphore *mmap_sem = NULL;
>   	struct vb2_buffer *vb;
>   	int ret;
>   
> +	/*
> +	 * In case of user pointer buffers vb2 allocator needs to get direct
> +	 * access to userspace pages. This requires getting read access on
> +	 * mmap semaphore in the current process structure. The same
> +	 * semaphore is taken before calling mmap operation, while both mmap
> +	 * and prepare_buf are called by the driver or v4l2 core with driver's
> +	 * lock held. To avoid a AB-BA deadlock (mmap_sem then driver's lock in
> +	 * mmap and driver's lock then mmap_sem in prepare_buf) the videobuf2
> +	 * core release driver's lock, takes mmap_sem and then takes again
> +	 * driver's lock.
> +	 *
> +	 * To avoid race with other vb2 calls, which might be called after
> +	 * releasing driver's lock, this operation is performed at the
> +	 * beggining of prepare_buf processing. This way the queue status is
> +	 * consistent after getting driver's lock back.
> +	 */
> +	if (q->memory == V4L2_MEMORY_USERPTR) {
> +		mmap_sem = &current->mm->mmap_sem;
> +		call_qop(q, wait_prepare, q);
> +		down_read(mmap_sem);
> +		call_qop(q, wait_finish, q);
> +	}
> +
>   	if (q->fileio) {
>   		dprintk(1, "%s(): file io in progress\n", __func__);
> -		return -EBUSY;
> +		ret = -EBUSY;
> +		goto unlock;
>   	}
>   
>   	if (b->type != q->type) {
>   		dprintk(1, "%s(): invalid buffer type\n", __func__);
> -		return -EINVAL;
> +		ret = -EINVAL;
> +		goto unlock;
>   	}
>   
>   	if (b->index >= q->num_buffers) {
>   		dprintk(1, "%s(): buffer index out of range\n", __func__);
> -		return -EINVAL;
> +		ret = -EINVAL;
> +		goto unlock;
>   	}
>   
>   	vb = q->bufs[b->index];
>   	if (NULL == vb) {
>   		/* Should never happen */
>   		dprintk(1, "%s(): buffer is NULL\n", __func__);
> -		return -EINVAL;
> +		ret = -EINVAL;
> +		goto unlock;
>   	}
>   
>   	if (b->memory != q->memory) {
>   		dprintk(1, "%s(): invalid memory type\n", __func__);
> -		return -EINVAL;
> +		ret = -EINVAL;
> +		goto unlock;
>   	}
>   
>   	if (vb->state != VB2_BUF_STATE_DEQUEUED) {
>   		dprintk(1, "%s(): invalid buffer state %d\n", __func__, vb->state);
> -		return -EINVAL;
> +		ret = -EINVAL;
> +		goto unlock;
>   	}
>   	ret = __verify_planes_array(vb, b);
>   	if (ret < 0)
> -		return ret;
> +		goto unlock;
> +
>   	ret = __buf_prepare(vb, b);
>   	if (ret < 0)
> -		return ret;
> +		goto unlock;
>   
>   	__fill_v4l2_buffer(vb, b);
>   
> -	return 0;
> +unlock:
> +	if (mmap_sem)
> +		up_read(mmap_sem);
> +	return ret;
>   }
>   EXPORT_SYMBOL_GPL(vb2_prepare_buf);
>   

Best regards
-- 
Marek Szyprowski
Samsung R&D Institute Poland

next prev parent reply	other threads:[~2013-08-12  8:40 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-08-09 12:11 [PATCH 0/2] Fix AB-BA deadlock in vb2_prepare_buffer() Laurent Pinchart
2013-08-09 12:11 ` [PATCH 1/2] media: vb2: Fix potential deadlock in vb2_prepare_buffer Laurent Pinchart
2013-08-09 12:58   ` Hans Verkuil
2013-08-12  8:40   ` Marek Szyprowski [this message]
2013-08-09 12:11 ` [PATCH 2/2] media: vb2: Share code between vb2_prepare_buf and vb2_qbuf Laurent Pinchart
2013-08-09 12:58   ` Hans Verkuil
2013-08-12  8:40   ` Marek Szyprowski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52089F8E.6090107@samsung.com \
    --to=m.szyprowski@samsung.com \
    --cc=laurent.pinchart@ideasonboard.com \
    --cc=linux-media@vger.kernel.org \
    --cc=pawel@osciak.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox