diff options
| author | Marek Szyprowski <m.szyprowski@samsung.com> | 2011-11-17 12:32:17 +0400 |
|---|---|---|
| committer | Mauro Carvalho Chehab <mchehab@redhat.com> | 2011-12-30 22:06:49 +0400 |
| commit | b037c0fde22b1d3cd0b3c3717d28e54619fc1592 (patch) | |
| tree | 92d4c05c8e3f777c288546d5592cdf8ce4b70a89 /drivers/media/video/videobuf2-memops.c | |
| parent | f0b7c7fc6f15e823cb4a5d225d9ef28b884ab6ec (diff) | |
| download | linux-b037c0fde22b1d3cd0b3c3717d28e54619fc1592.tar.xz | |
[media] media: vb2: fix potential deadlock in mmap vs. get_userptr handling
To get direct access to userspace memory pages vb2 allocator needs to
gather read access on mmap semaphore in the current process.
The same semaphore is taken before calling mmap operation, while
both mmap and qbuf are called by the driver or v4l2 core with
driver's lock held. To avoid a AB-BA deadlock (mmap_sem then
driver's lock in mmap and driver's lock then mmap_sem in qbuf)
the videobuf2 core release driver's lock, takes mmap_sem and then
takes again driver's lock. get_userptr methods are now called with
all needed locks already taken to avoid further lock magic inside
memory allocator's code.
Reported-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
CC: Pawel Osciak <pawel@osciak.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Diffstat (limited to 'drivers/media/video/videobuf2-memops.c')
| -rw-r--r-- | drivers/media/video/videobuf2-memops.c | 28 |
1 files changed, 10 insertions, 18 deletions
diff --git a/drivers/media/video/videobuf2-memops.c b/drivers/media/video/videobuf2-memops.c index 71a7a78c3fc0..c41cb60245d6 100644 --- a/drivers/media/video/videobuf2-memops.c +++ b/drivers/media/video/videobuf2-memops.c @@ -100,29 +100,26 @@ int vb2_get_contig_userptr(unsigned long vaddr, unsigned long size, unsigned long offset, start, end; unsigned long this_pfn, prev_pfn; dma_addr_t pa = 0; - int ret = -EFAULT; start = vaddr; offset = start & ~PAGE_MASK; end = start + size; - down_read(&mm->mmap_sem); vma = find_vma(mm, start); if (vma == NULL || vma->vm_end < end) - goto done; + return -EFAULT; for (prev_pfn = 0; start < end; start += PAGE_SIZE) { - ret = follow_pfn(vma, start, &this_pfn); + int ret = follow_pfn(vma, start, &this_pfn); if (ret) - goto done; + return ret; if (prev_pfn == 0) pa = this_pfn << PAGE_SHIFT; - else if (this_pfn != prev_pfn + 1) { - ret = -EFAULT; - goto done; - } + else if (this_pfn != prev_pfn + 1) + return -EFAULT; + prev_pfn = this_pfn; } @@ -130,16 +127,11 @@ int vb2_get_contig_userptr(unsigned long vaddr, unsigned long size, * Memory is contigous, lock vma and return to the caller */ *res_vma = vb2_get_vma(vma); - if (*res_vma == NULL) { - ret = -ENOMEM; - goto done; - } - *res_pa = pa + offset; - ret = 0; + if (*res_vma == NULL) + return -ENOMEM; -done: - up_read(&mm->mmap_sem); - return ret; + *res_pa = pa + offset; + return 0; } EXPORT_SYMBOL_GPL(vb2_get_contig_userptr); |