Re: [PATCH v4] videobuf2: Add missing lock held on vb2_fop_relase

public inbox for linux-media@vger.kernel.org
 help / color / mirror / Atom feed

From: Hans Verkuil <hverkuil@xs4all.nl>
To: Sylwester Nawrocki <s.nawrocki@samsung.com>
Cc: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>,
	Mauro Carvalho Chehab <m.chehab@samsung.com>,
	Kyungmin Park <kyungmin.park@samsung.com>,
	Kukjin Kim <kgene.kim@samsung.com>,
	Pawel Osciak <pawel@osciak.com>,
	Marek Szyprowski <m.szyprowski@samsung.com>,
	"open list:SAMSUNG S5P/EXYNO..." <linux-media@vger.kernel.org>,
	"moderated list:ARM/S5P EXYNOS AR..."
	<linux-arm-kernel@lists.infradead.org>,
	"moderated list:ARM/S5P EXYNOS AR..."
	<linux-samsung-soc@vger.kernel.org>
Subject: Re: [PATCH v4] videobuf2: Add missing lock held on vb2_fop_relase
Date: Mon, 04 Nov 2013 16:19:59 +0100	[thread overview]
Message-ID: <5277BB1F.1010501@xs4all.nl> (raw)
In-Reply-To: <5277AE1A.6090303@samsung.com>

On 11/04/2013 03:24 PM, Sylwester Nawrocki wrote:
> On 04/11/13 15:12, Hans Verkuil wrote:
>> On 11/04/2013 02:54 PM, Ricardo Ribalda Delgado wrote:
>>>> Hello Hans
>>>>
>>>> Thanks for your comments.
>>>>
>>>> Please take a look to v4 of this patch
>>>> https://patchwork.linuxtv.org/patch/20529/
>>>>
>>>> On Mon, Nov 4, 2013 at 1:37 PM, Hans Verkuil <hverkuil@xs4all.nl> wrote:
>>>>>> On 11/02/2013 10:53 AM, Ricardo Ribalda Delgado wrote:
>>>>>>>> From: Ricardo Ribalda <ricardo.ribalda@gmail.com>
>>>>>>>>
>>>>>>>> vb2_fop_relase does not held the lock although it is modifying the
>>>>>>>> queue->owner field.
>>>>>>>>
>>>>>>>> This could lead to race conditions on the vb2_perform_io function
>>>>>>>> when multiple applications are accessing the video device via
>>>>>>>> read/write API:
>>>>>>
>>>>>> It's also called directly by drivers/media/usb/em28xx/em28xx-video.c!
>>>>>>
>>>>
>>>> em28xx-video does not hold the lock, therefore it can call the normal
>>>> function. On v2 we made a internal function that should be called if
>>>> the funciton is called directly by the driver. Please take a look to
>>>> the old comments. https://patchwork.linuxtv.org/patch/20460/
>>
>> static int em28xx_v4l2_close(struct file *filp)
>> {
>>         struct em28xx_fh *fh  = filp->private_data;
>>         struct em28xx    *dev = fh->dev;
>>         int              errCode;
>>
>>         em28xx_videodbg("users=%d\n", dev->users);
>>
>>         mutex_lock(&dev->lock);
>>         vb2_fop_release(filp);
>> 	...
>>
>> vb2_fop_release(filp) will, with your patch, also try to get dev->lock.
>>
>> Sylwester's comment re em28xx is incorrect.
> 
> dev->lock is not used as the video queue lock:
> 
> $ git grep "lock =" drivers/media/usb/em28xx/
> ...
> drivers/media/usb/em28xx/em28xx-video.c:        dev->vdev->queue->lock = &dev->vb_queue_lock;
> drivers/media/usb/em28xx/em28xx-video.c:                dev->vbi_dev->queue->lock = &dev->vb_vbi_queue_lock;
> 
> There is a separate mutex for the video queue which needs to be acquired
> independently.

Darn, I missed that one. I was looking for it in em28xx_vdev_init(), which is
where I expected the queue->lock to be set, if there was any.

That said, wouldn't it be a good idea to swap the order:

        vb2_fop_release(filp);
        mutex_lock(&dev->lock);

I don't believe there is a good reason for nesting mutexes here.

Regards,

	Hans

> 
> --
> Regards,
> Sylwester
> --
> To unsubscribe from this list: send the line "unsubscribe linux-media" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

next prev parent reply	other threads:[~2013-11-04 15:20 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-02  9:53 [PATCH v4] videobuf2: Add missing lock held on vb2_fop_relase Ricardo Ribalda Delgado
2013-11-04 12:37 ` Hans Verkuil
2013-11-04 13:54   ` Ricardo Ribalda Delgado
2013-11-04 14:12     ` Sylwester Nawrocki
2013-11-04 14:12     ` Hans Verkuil
2013-11-04 14:24       ` Sylwester Nawrocki
2013-11-04 15:19         ` Hans Verkuil [this message]
2013-11-06  8:26           ` Ricardo Ribalda Delgado
2013-11-06  8:40             ` Ricardo Ribalda Delgado

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5277BB1F.1010501@xs4all.nl \
    --to=hverkuil@xs4all.nl \
    --cc=kgene.kim@samsung.com \
    --cc=kyungmin.park@samsung.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-media@vger.kernel.org \
    --cc=linux-samsung-soc@vger.kernel.org \
    --cc=m.chehab@samsung.com \
    --cc=m.szyprowski@samsung.com \
    --cc=pawel@osciak.com \
    --cc=ricardo.ribalda@gmail.com \
    --cc=s.nawrocki@samsung.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox