summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLaurent Pinchart <laurent.pinchart@ideasonboard.com>2014-11-01 14:32:28 +0100
committerMauro Carvalho Chehab <mchehab@osg.samsung.com>2014-12-04 15:41:51 +0100
commit69c0e9c547817fef14871bc5c4645fad683f242e (patch)
tree1111885af6e5602910bdc1e144cd424948869cb8
parent[media] v4l: vb2: Fix race condition in vb2_fop_poll (diff)
downloadlinux-69c0e9c547817fef14871bc5c4645fad683f242e.tar.xz
linux-69c0e9c547817fef14871bc5c4645fad683f242e.zip
[media] v4l: vb2: Fix race condition in _vb2_fop_release
The function releases the queue if the file being released is the queue owner. The check reads the queue->owner field without taking the queue lock, creating a race condition with functions that set the queue owner, such as vb2_ioctl_reqbufs() for instance. Fix this by moving the queue->owner check within the mutex protected section. Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Acked-by: Hans Verkuil <hans.verkuil@cisco.com> Acked-by: Sylwester Nawrocki <s.nawrocki@samsung.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-rw-r--r--drivers/media/v4l2-core/videobuf2-core.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/drivers/media/v4l2-core/videobuf2-core.c b/drivers/media/v4l2-core/videobuf2-core.c
index 2685670b20ec..d09a8916e940 100644
--- a/drivers/media/v4l2-core/videobuf2-core.c
+++ b/drivers/media/v4l2-core/videobuf2-core.c
@@ -3389,14 +3389,14 @@ int _vb2_fop_release(struct file *file, struct mutex *lock)
{
struct video_device *vdev = video_devdata(file);
+ if (lock)
+ mutex_lock(lock);
if (file->private_data == vdev->queue->owner) {
- if (lock)
- mutex_lock(lock);
vb2_queue_release(vdev->queue);
vdev->queue->owner = NULL;
- if (lock)
- mutex_unlock(lock);
}
+ if (lock)
+ mutex_unlock(lock);
return v4l2_fh_release(file);
}
EXPORT_SYMBOL_GPL(_vb2_fop_release);