Two parameters were documented with a wrong name, and a struct
device pointer description was missing.

That caused the following warnings, when building documentation:

include/media/media-devnode.h:102: warning: No description found for parameter 'media_dev'
include/media/media-devnode.h:126: warning: No description found for parameter 'mdev'
include/media/media-devnode.h:126: warning: Excess function parameter 'media_dev' description in 'media_devnode_register'

Rename the description, to match the function parameter and fix
Documentation.

No funcional changes.
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

Media devnode open/ioctl could be in progress when media device unregister
is initiated. System calls and ioctls check media device registered status
at the beginning, however, there is a window where unregister could be in
progress without changing the media devnode status to unregistered.

process 1				process 2
fd = open(/dev/media0)
media_devnode_is_registered()
	(returns true here)

					media_device_unregister()
						(unregister is in progress
						and devnode isn't
						unregistered yet)
					...
ioctl(fd, ...)
__media_ioctl()
media_devnode_is_registered()
	(returns true here)
					...
					media_devnode_unregister()
					...
					(driver releases the media device
					memory)

media_device_ioctl()
	(By this point
	devnode->media_dev does not
	point to allocated memory.
	use-after free in in mutex_lock_nested)

BUG: KASAN: use-after-free in mutex_lock_nested+0x79c/0x800 at addr
ffff8801ebe914f0

Fix it by clearing register bit when unregister starts to avoid the race.

process 1                               process 2
fd = open(/dev/media0)
media_devnode_is_registered()
        (could return true here)

                                        media_device_unregister()
                                                (clear the register bit,
						 then start unregister.)
                                        ...
ioctl(fd, ...)
__media_ioctl()
media_devnode_is_registered()
        (return false here, ioctl
	 returns I/O error, and
	 will not access media
	 device memory)
                                        ...
                                        media_devnode_unregister()
                                        ...
                                        (driver releases the media device
					 memory)
Signed-off-by: NShuah Khan <shuahkh@osg.samsung.com>
Suggested-by: NSakari Ailus <sakari.ailus@linux.intel.com>
Reported-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>
Tested-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

struct media_devnode is currently embedded at struct media_device.

While this works fine during normal usage, it leads to a race
condition during devnode unregister. the problem is that drivers
assume that, after calling media_device_unregister(), the struct
that contains media_device can be freed. This is not true, as it
can't be freed until userspace closes all opened /dev/media devnodes.

In other words, if the media devnode is still open, and media_device
gets freed, any call to an ioctl will make the core to try to access
struct media_device, with will cause an use-after-free and even GPF.

Fix this by dynamically allocating the struct media_devnode and only
freeing it when it is safe.
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

Along all media controller code, "mdev" is used to represent
a pointer to struct media_device, and "devnode" for a pointer
to struct media_devnode.

However, inside media-devnode.[ch], "mdev" is used to represent
a pointer to struct media_devnode.

This is very confusing and may lead to development errors.

So, let's change all occurrences at media-devnode.[ch] to
also use "devnode" for such pointers.

This patch doesn't make any functional changes.
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

There is one struct and two functions that were not documented.
Add the corresponding kernel-doc documentation for them.
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>

As we're using the headers file only for documentation, move the
two kernel-doc macros to the header, and fix it to avoid
warnings.
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>

Warning(.//include/media/media-devnode.h:80): No description found for parameter 'fops'
Warning(.//include/media/media-devnode.h:80): No description found for parameter 'dev'
Warning(.//include/media/media-devnode.h:80): No description found for parameter 'cdev'
Warning(.//include/media/media-devnode.h:80): No description found for parameter 'release'
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>
Acked-by: NJonathan Corbet <corbet@lwn.net>

mdev->fops->owner is actually the owner of the very same module which
implements media_device_register(), so it can't be unloaded anyway. Instead,
use THIS_MODULE through a macro as does video_register_device().
Signed-off-by: NSakari Ailus <sakari.ailus@linux.intel.com>
Acked-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: NMauro Carvalho Chehab <m.chehab@samsung.com>

Provide an ioctl handler for 32-bit binaries on 64-bit systems.
Signed-off-by: NSakari Ailus <sakari.ailus@iki.fi>
Acked-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com>
Tested-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

The media_devnode structure provides support for registering and
unregistering character devices using a dynamic major number. Reference
counting is handled internally, making device drivers easier to write
without having to solve the open/disconnect race condition issue over
and over again.

The code is based on video/v4l2-dev.c.

[mchehab@redhat.com: Remove linux/smp_lock.h include to not break compilation on bisect]
Signed-off-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: NHans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>