commit 818a557eeb9c16a9a2dc93df348b0ff68fbc487f · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

V4L/DVB (9668): em28xx: fix a race condition with hald

Newer versions of hald tries to open it to call QUERYCAP.

Due to the lack of a proper locking, it is possible to open the device
before it finishes initialization.

This patch adds a lock to avoid this risk, and to protect the list of
em28xx devices.

While here, remove the uneeded BKL lock.

Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>

Mauro Carvalho Chehab 17 years ago 818a557e cce25710

+75 -53

1 changed file

expand all

unified split

drivers

media

video

em28xx

em28xx-video.c

+75 -53

drivers/media/video/em28xx/em28xx-video.c

··· 73 MODULE_LICENSE("GPL"); 74 75 static LIST_HEAD(em28xx_devlist); 76 77 static unsigned int card[] = {[0 ... (EM28XX_MAXBOARDS - 1)] = UNSET }; 78 static unsigned int video_nr[] = {[0 ... (EM28XX_MAXBOARDS - 1)] = UNSET }; ··· 1520 struct em28xx_fh *fh; 1521 enum v4l2_buf_type fh_type = 0; 1522 1523 - lock_kernel(); 1524 list_for_each_entry(h, &em28xx_devlist, devlist) { 1525 if (h->vdev->minor == minor) { 1526 dev = h; ··· 1536 dev = h; 1537 } 1538 } 1539 - if (NULL == dev) { 1540 - unlock_kernel(); 1541 return -ENODEV; 1542 - } 1543 1544 em28xx_videodbg("open minor=%d type=%s users=%d\n", 1545 minor, v4l2_type_names[fh_type], dev->users); ··· 1549 fh = kzalloc(sizeof(struct em28xx_fh), GFP_KERNEL); 1550 if (!fh) { 1551 em28xx_errdev("em28xx-video.c: Out of memory?!\n"); 1552 - unlock_kernel(); 1553 return -ENOMEM; 1554 } 1555 - mutex_lock(&dev->lock); 1556 fh->dev = dev; 1557 fh->radio = radio; 1558 fh->type = fh_type; ··· 1585 sizeof(struct em28xx_buffer), fh); 1586 1587 mutex_unlock(&dev->lock); 1588 - unlock_kernel(); 1589 1590 return errCode; 1591 } ··· 1871 { 1872 struct em28xx *dev = NULL; 1873 1874 mutex_lock(&em28xx_extension_devlist_lock); 1875 list_add_tail(&ops->next, &em28xx_extension_devlist); 1876 list_for_each_entry(dev, &em28xx_devlist, devlist) { ··· 1880 } 1881 printk(KERN_INFO "Em28xx: Initialized (%s) extension\n", ops->name); 1882 mutex_unlock(&em28xx_extension_devlist_lock); 1883 return 0; 1884 } 1885 EXPORT_SYMBOL(em28xx_register_extension); ··· 1889 { 1890 struct em28xx *dev = NULL; 1891 1892 list_for_each_entry(dev, &em28xx_devlist, devlist) { 1893 if (dev) 1894 ops->fini(dev); ··· 1899 printk(KERN_INFO "Em28xx: Removed (%s) extension\n", ops->name); 1900 list_del(&ops->next); 1901 mutex_unlock(&em28xx_extension_devlist_lock); 1902 } 1903 EXPORT_SYMBOL(em28xx_unregister_extension); 1904 ··· 1922 dev->name, type_name); 1923 1924 return vfd; 1925 } 1926 1927 ··· 2058 return errCode; 2059 } 2060 2061 - list_add_tail(&dev->devlist, &em28xx_devlist); 2062 - 2063 - /* allocate and fill video video_device struct */ 2064 - dev->vdev = em28xx_vdev_init(dev, &em28xx_video_template, "video"); 2065 - if (NULL == dev->vdev) { 2066 - em28xx_errdev("cannot allocate video_device.\n"); 2067 - goto fail_unreg; 2068 - } 2069 - 2070 - /* register v4l2 video video_device */ 2071 - retval = video_register_device(dev->vdev, VFL_TYPE_GRABBER, 2072 - video_nr[dev->devno]); 2073 - if (retval) { 2074 - em28xx_errdev("unable to register video device (error=%i).\n", 2075 - retval); 2076 - goto fail_unreg; 2077 - } 2078 - 2079 - /* Allocate and fill vbi video_device struct */ 2080 - dev->vbi_dev = em28xx_vdev_init(dev, &em28xx_video_template, "vbi"); 2081 - /* register v4l2 vbi video_device */ 2082 - if (video_register_device(dev->vbi_dev, VFL_TYPE_VBI, 2083 - vbi_nr[dev->devno]) < 0) { 2084 - em28xx_errdev("unable to register vbi device\n"); 2085 - retval = -ENODEV; 2086 - goto fail_unreg; 2087 - } 2088 - 2089 - if (em28xx_boards[dev->model].radio.type == EM28XX_RADIO) { 2090 - dev->radio_dev = em28xx_vdev_init(dev, &em28xx_radio_template, "radio"); 2091 - if (NULL == dev->radio_dev) { 2092 - em28xx_errdev("cannot allocate video_device.\n"); 2093 - goto fail_unreg; 2094 - } 2095 - retval = video_register_device(dev->radio_dev, VFL_TYPE_RADIO, 2096 - radio_nr[dev->devno]); 2097 - if (retval < 0) { 2098 - em28xx_errdev("can't register radio device\n"); 2099 - goto fail_unreg; 2100 - } 2101 - em28xx_info("Registered radio device as /dev/radio%d\n", 2102 - dev->radio_dev->num); 2103 - } 2104 - 2105 /* init video dma queues */ 2106 INIT_LIST_HEAD(&dev->vidq.active); 2107 INIT_LIST_HEAD(&dev->vidq.queued); ··· 2084 2085 video_mux(dev, 0); 2086 2087 - em28xx_info("V4L2 device registered as /dev/video%d and /dev/vbi%d\n", 2088 - dev->vdev->num, dev->vbi_dev->num); 2089 2090 mutex_lock(&em28xx_extension_devlist_lock); 2091 if (!list_empty(&em28xx_extension_devlist)) { ··· 2101 } 2102 } 2103 mutex_unlock(&em28xx_extension_devlist_lock); 2104 2105 return 0; 2106 2107 fail_unreg: 2108 em28xx_release_resources(dev); 2109 mutex_unlock(&dev->lock); 2110 return retval; 2111 }

··· 73 MODULE_LICENSE("GPL"); 74 75 static LIST_HEAD(em28xx_devlist); 76 + static DEFINE_MUTEX(em28xx_devlist_mutex); 77 78 static unsigned int card[] = {[0 ... (EM28XX_MAXBOARDS - 1)] = UNSET }; 79 static unsigned int video_nr[] = {[0 ... (EM28XX_MAXBOARDS - 1)] = UNSET }; ··· 1519 struct em28xx_fh *fh; 1520 enum v4l2_buf_type fh_type = 0; 1521 1522 + mutex_lock(&em28xx_devlist_mutex); 1523 list_for_each_entry(h, &em28xx_devlist, devlist) { 1524 if (h->vdev->minor == minor) { 1525 dev = h; ··· 1535 dev = h; 1536 } 1537 } 1538 + mutex_unlock(&em28xx_devlist_mutex); 1539 + if (NULL == dev) 1540 return -ENODEV; 1541 + 1542 + mutex_lock(&dev->lock); 1543 1544 em28xx_videodbg("open minor=%d type=%s users=%d\n", 1545 minor, v4l2_type_names[fh_type], dev->users); ··· 1547 fh = kzalloc(sizeof(struct em28xx_fh), GFP_KERNEL); 1548 if (!fh) { 1549 em28xx_errdev("em28xx-video.c: Out of memory?!\n"); 1550 + mutex_unlock(&dev->lock); 1551 return -ENOMEM; 1552 } 1553 fh->dev = dev; 1554 fh->radio = radio; 1555 fh->type = fh_type; ··· 1584 sizeof(struct em28xx_buffer), fh); 1585 1586 mutex_unlock(&dev->lock); 1587 1588 return errCode; 1589 } ··· 1871 { 1872 struct em28xx *dev = NULL; 1873 1874 + mutex_lock(&em28xx_devlist_mutex); 1875 mutex_lock(&em28xx_extension_devlist_lock); 1876 list_add_tail(&ops->next, &em28xx_extension_devlist); 1877 list_for_each_entry(dev, &em28xx_devlist, devlist) { ··· 1879 } 1880 printk(KERN_INFO "Em28xx: Initialized (%s) extension\n", ops->name); 1881 mutex_unlock(&em28xx_extension_devlist_lock); 1882 + mutex_unlock(&em28xx_devlist_mutex); 1883 return 0; 1884 } 1885 EXPORT_SYMBOL(em28xx_register_extension); ··· 1887 { 1888 struct em28xx *dev = NULL; 1889 1890 + mutex_lock(&em28xx_devlist_mutex); 1891 list_for_each_entry(dev, &em28xx_devlist, devlist) { 1892 if (dev) 1893 ops->fini(dev); ··· 1896 printk(KERN_INFO "Em28xx: Removed (%s) extension\n", ops->name); 1897 list_del(&ops->next); 1898 mutex_unlock(&em28xx_extension_devlist_lock); 1899 + mutex_unlock(&em28xx_devlist_mutex); 1900 } 1901 EXPORT_SYMBOL(em28xx_unregister_extension); 1902 ··· 1918 dev->name, type_name); 1919 1920 return vfd; 1921 + } 1922 + 1923 + 1924 + static int register_analog_devices(struct em28xx *dev) 1925 + { 1926 + int ret; 1927 + 1928 + /* allocate and fill video video_device struct */ 1929 + dev->vdev = em28xx_vdev_init(dev, &em28xx_video_template, "video"); 1930 + if (!dev->vdev) { 1931 + em28xx_errdev("cannot allocate video_device.\n"); 1932 + return -ENODEV; 1933 + } 1934 + 1935 + /* register v4l2 video video_device */ 1936 + ret = video_register_device(dev->vdev, VFL_TYPE_GRABBER, 1937 + video_nr[dev->devno]); 1938 + if (ret) { 1939 + em28xx_errdev("unable to register video device (error=%i).\n", 1940 + ret); 1941 + return ret; 1942 + } 1943 + 1944 + /* Allocate and fill vbi video_device struct */ 1945 + dev->vbi_dev = em28xx_vdev_init(dev, &em28xx_video_template, "vbi"); 1946 + 1947 + /* register v4l2 vbi video_device */ 1948 + ret = video_register_device(dev->vbi_dev, VFL_TYPE_VBI, 1949 + vbi_nr[dev->devno]); 1950 + if (ret < 0) { 1951 + em28xx_errdev("unable to register vbi device\n"); 1952 + return ret; 1953 + } 1954 + 1955 + if (em28xx_boards[dev->model].radio.type == EM28XX_RADIO) { 1956 + dev->radio_dev = em28xx_vdev_init(dev, &em28xx_radio_template, "radio"); 1957 + if (!dev->radio_dev) { 1958 + em28xx_errdev("cannot allocate video_device.\n"); 1959 + return -ENODEV; 1960 + } 1961 + ret = video_register_device(dev->radio_dev, VFL_TYPE_RADIO, 1962 + radio_nr[dev->devno]); 1963 + if (ret < 0) { 1964 + em28xx_errdev("can't register radio device\n"); 1965 + return ret; 1966 + } 1967 + em28xx_info("Registered radio device as /dev/radio%d\n", 1968 + dev->radio_dev->num); 1969 + } 1970 + 1971 + em28xx_info("V4L2 device registered as /dev/video%d and /dev/vbi%d\n", 1972 + dev->vdev->num, dev->vbi_dev->num); 1973 + 1974 + return 0; 1975 } 1976 1977 ··· 2000 return errCode; 2001 } 2002 2003 /* init video dma queues */ 2004 INIT_LIST_HEAD(&dev->vidq.active); 2005 INIT_LIST_HEAD(&dev->vidq.queued); ··· 2070 2071 video_mux(dev, 0); 2072 2073 + mutex_lock(&em28xx_devlist_mutex); 2074 + list_add_tail(&dev->devlist, &em28xx_devlist); 2075 + retval = register_analog_devices(dev); 2076 + if (retval < 0) { 2077 + em28xx_release_resources(dev); 2078 + mutex_unlock(&em28xx_devlist_mutex); 2079 + goto fail_reg_devices; 2080 + } 2081 2082 mutex_lock(&em28xx_extension_devlist_lock); 2083 if (!list_empty(&em28xx_extension_devlist)) { ··· 2081 } 2082 } 2083 mutex_unlock(&em28xx_extension_devlist_lock); 2084 + mutex_unlock(&em28xx_devlist_mutex); 2085 2086 return 0; 2087 2088 fail_unreg: 2089 em28xx_release_resources(dev); 2090 + fail_reg_devices: 2091 mutex_unlock(&dev->lock); 2092 return retval; 2093 }