TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

media: vivid: fix the racy dev->radio_tx_rds_owner

Browse Source 
There is a race over dev->radio_tx_rds_owner between the two functions
mentioned below:

Thread-1                Thread-2
vivid_fop_release()     vivid_radio_rx_read()
mutex_unlock(&dev->mutex)
                        mutex_lock_interruptible(&dev->mutex)
                        ...
                        dev->radio_rx_rds_owner = file->private_data;
...
if (file->private_data == dev->radio_rx_rds_owner) {
        dev->radio_tx_rds_last_block = 0;
        dev->radio_tx_rds_owner = NULL;
}

This race can be fixed by only releasing the lock after vivid_fop_release()
finishes the checks.

Signed-off-by: Sishuai Gong <sishuai.system@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
This commit is contained in:
Sishuai Gong
2023-08-09 20:53:48 -04:00
committed by Mauro Carvalho Chehab
parent 607bcc4213
commit 54921a8f31
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
drivers/media/test-drivers/vivid/vivid-core.c
+1 -1
View File
@@ -628,7 +628,6 @@ static int vivid_fop_release(struct file *file)
v4l2_info(&dev->v4l2_dev, "reconnect\n");
vivid_reconnect(dev);
}
mutex_unlock(&dev->mutex);
if (file->private_data == dev->radio_rx_rds_owner) {
dev->radio_rx_rds_last_block = 0;
dev->radio_rx_rds_owner = NULL;
@@ -637,6 +636,7 @@ static int vivid_fop_release(struct file *file)
dev->radio_tx_rds_last_block = 0;
dev->radio_tx_rds_owner = NULL;
}
mutex_unlock(&dev->mutex);
if (vdev->queue)
return vb2_fop_release(file);
return v4l2_fh_release(file);