media: vb2: add waiting_in_dqbuf flag (d65842f7) · Commits · Mirrors / git.yoctoproject.org / linux-yocto

Commit d65842f7 authored Nov 19, 2018 by

Hans Verkuil Committed by Mauro Carvalho Chehab Apr 22, 2019

media: vb2: add waiting_in_dqbuf flag



Calling VIDIOC_DQBUF can release the core serialization lock pointed to
by vb2_queue->lock if it has to wait for a new buffer to arrive.

However, if userspace dup()ped the video device filehandle, then it is
possible to read or call DQBUF from two filehandles at the same time.

It is also possible to call REQBUFS from one filehandle while the other
is waiting for a buffer. This will remove all the buffers and reallocate
new ones. Removing all the buffers isn't the problem here (that's already
handled correctly by DQBUF), but the reallocating part is: DQBUF isn't
aware that the buffers have changed.

This is fixed by setting a flag whenever the lock is released while waiting
for a buffer to arrive. And checking the flag where needed so we can return
-EBUSY.

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Reported-by: Syzbot <syzbot+4180ff9ca6810b06c1e9@syzkaller.appspotmail.com>
Reviewed-by: Tomasz Figa <tfiga@chromium.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>

parent c1ced46c

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit dc70ef30
· Aug 08, 2019

mentioned in commit dc70ef30

mentioned in commit dc70ef30e569864efeb4b595e6c5bbc556dfe716

Toggle commit list

Please register or to comment