1. 09 12月, 2013 1 次提交
    • R
      [media] videobuf2: Add missing lock held on vb2_fop_release · 1380f575
      Ricardo Ribalda 提交于
      vb2_fop_release does not hold the lock although it is modifying the
      queue->owner field.
      This could lead to race conditions on the vb2_perform_io function
      when multiple applications are accessing the video device via
      read/write API:
      [ 308.297741] BUG: unable to handle kernel NULL pointer dereference at
      0000000000000260
      [ 308.297759] IP: [<ffffffffa07a9fd2>] vb2_perform_fileio+0x372/0x610
      [videobuf2_core]
      [ 308.297794] PGD 159719067 PUD 158119067 PMD 0
      [ 308.297812] Oops: 0000 #1 SMP
      [ 308.297826] Modules linked in: qt5023_video videobuf2_dma_sg
      qtec_xform videobuf2_vmalloc videobuf2_memops videobuf2_core
      qtec_white qtec_mem gpio_xilinx qtec_cmosis qtec_pcie fglrx(PO)
      spi_xilinx spi_bitbang qt5023
      [ 308.297888] CPU: 1 PID: 2189 Comm: java Tainted: P O 3.11.0-qtec-standard #1
      [ 308.297919] Hardware name: QTechnology QT5022/QT5022, BIOS
      PM_2.1.0.309 X64 05/23/2013
      [ 308.297952] task: ffff8801564e1690 ti: ffff88014dc02000 task.ti:
      ffff88014dc02000
      [ 308.297962] RIP: 0010:[<ffffffffa07a9fd2>] [<ffffffffa07a9fd2>]
      vb2_perform_fileio+0x372/0x610 [videobuf2_core]
      [ 308.297985] RSP: 0018:ffff88014dc03df8 EFLAGS: 00010202
      [ 308.297995] RAX: 0000000000000000 RBX: ffff880158a23000 RCX: dead000000100100
      [ 308.298003] RDX: 0000000000000000 RSI: dead000000200200 RDI: 0000000000000000
      [ 308.298012] RBP: ffff88014dc03e58 R08: 0000000000000000 R09: 0000000000000001
      [ 308.298020] R10: ffffea00051e8380 R11: ffff88014dc03fd8 R12: ffff880158a23070
      [ 308.298029] R13: ffff8801549040b8 R14: 0000000000198000 R15: 0000000001887e60
      [ 308.298040] FS: 00007f65130d5700(0000) GS:ffff88015ed00000(0000)
      knlGS:0000000000000000
      [ 308.298049] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 308.298057] CR2: 0000000000000260 CR3: 0000000159630000 CR4: 00000000000007e0
      [ 308.298064] Stack:
      [ 308.298071] ffff880156416c00 0000000000198000 0000000000000000
      ffff880100000001
      [ 308.298087] ffff88014dc03f50 00000000810a79ca 0002000000000001
      ffff880154904718
      [ 308.298101] ffff880156416c00 0000000000198000 ffff880154904338
      ffff88014dc03f50
      [ 308.298116] Call Trace:
      [ 308.298143] [<ffffffffa07aa3c4>] vb2_read+0x14/0x20 [videobuf2_core]
      [ 308.298198] [<ffffffffa07aa494>] vb2_fop_read+0xc4/0x120 [videobuf2_core]
      [ 308.298252] [<ffffffff8154ee9e>] v4l2_read+0x7e/0xc0
      [ 308.298296] [<ffffffff8116e639>] vfs_read+0xa9/0x160
      [ 308.298312] [<ffffffff8116e882>] SyS_read+0x52/0xb0
      [ 308.298328] [<ffffffff81784179>] tracesys+0xd0/0xd5
      [ 308.298335] Code: e5 d6 ff ff 83 3d be 24 00 00 04 89 c2 4c 8b 45 b0
      44 8b 4d b8 0f 8f 20 02 00 00 85 d2 75 32 83 83 78 03 00 00 01 4b 8b
      44 c5 48 <8b> 88 60 02 00 00 85 c9 0f 84 b0 00 00 00 8b 40 58 89 c2 41
      89
      [ 308.298487] RIP [<ffffffffa07a9fd2>] vb2_perform_fileio+0x372/0x610
      [videobuf2_core]
      [ 308.298507] RSP <ffff88014dc03df8>
      [ 308.298514] CR2: 0000000000000260
      [ 308.298526] ---[ end trace e8f01717c96d1e41 ]---
      Signed-off-by: NRicardo Ribalda <ricardo.ribalda@gmail.com>
      Acked-by: NHans Verkuil <hans.verkuil@cisco.com>
      Acked-by: NSylwester Nawrocki <s.nawrocki@samsung.com>
      Signed-off-by: NHans Verkuil <hans.verkuil@cisco.com>
      Signed-off-by: NMauro Carvalho Chehab <m.chehab@samsung.com>
      1380f575
  2. 05 12月, 2013 1 次提交
  3. 04 12月, 2013 1 次提交
  4. 30 11月, 2013 1 次提交
  5. 31 10月, 2013 8 次提交
  6. 17 10月, 2013 4 次提交
  7. 04 10月, 2013 1 次提交
  8. 26 9月, 2013 2 次提交
  9. 03 9月, 2013 1 次提交
  10. 26 8月, 2013 2 次提交
  11. 24 8月, 2013 6 次提交
  12. 22 8月, 2013 2 次提交
  13. 18 8月, 2013 8 次提交
  14. 03 8月, 2013 1 次提交
  15. 01 8月, 2013 1 次提交
    • S
      [media] media: lirc: Allow lirc dev to talk to rc device · ca7a722d
      Srinivas Kandagatla 提交于
      The use case is simple, if any rc device has allowed protocols =
      RC_TYPE_LIRC and map_name = RC_MAP_LIRC set, the driver open will be never
      called. The reason for this is, all of the key maps except lirc have some
      KEYS in there map, so during rc_register_device process these keys are
      matched against the input drivers and open is performed, so for the case
      of RC_MAP_EMPTY, a vt/keyboard is matched and the driver open is
      performed.
      In case of lirc, there is no match and result is that there is no open
      performed, however the lirc-dev will go ahead and create a /dev/lirc0
      node. Now when lircd/mode2 opens this device, no data is available
      because the driver was never opened.
      Other case pointed by Sean Young, As rc device gets opened via the
      input interface. If the input device is never opened (e.g. embedded with
      no console) then the rc open is never called and lirc will not work
      either. So that's another case.
      lirc_dev seems to have no link with actual rc device w.r.t open/close.
      This patch adds rc_dev pointer to lirc_driver structure for cases like
      this, so that it can do the open/close of the real driver in accordance
      to lircd/mode2 open/close.
      Without this patch its impossible to open a rc device which has
      RC_TYPE_LIRC ad RC_MAP_LIRC set.
      Signed-off-by: NSrinivas Kandagatla <srinivas.kandagatla@st.com>
      Signed-off-by: NMauro Carvalho Chehab <m.chehab@samsung.com>
      ca7a722d