From: Laurent Pinchart Date: Mon, 16 Feb 2015 17:38:28 +0000 (-0300) Subject: [media] uvcvideo: Don't call vb2 mmap and get_unmapped_area with queue lock held X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=9e68c53910721ffc55c05ee9bbc08129c796b470;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git [media] uvcvideo: Don't call vb2 mmap and get_unmapped_area with queue lock held videobuf2 has long been subject to AB-BA style deadlocks due to the queue lock and mmap_sem being taken in different orders for the mmap and get_unmapped_area operations. The problem has been fixed by making those two operations callable without taking the queue lock, using an mmap_lock internal to videobuf2. The uvcvideo driver still calls the mmap and get_unmapped_area operations with the queue lock held, resulting in a potential deadlock. As the operations can now be called without locking the queue, fix it. Reported-by: Bjørn Mork Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab --- diff --git a/drivers/media/usb/uvc/uvc_queue.c b/drivers/media/usb/uvc/uvc_queue.c index 10c554e7655c..87a19f33e460 100644 --- a/drivers/media/usb/uvc/uvc_queue.c +++ b/drivers/media/usb/uvc/uvc_queue.c @@ -306,25 +306,14 @@ int uvc_queue_streamoff(struct uvc_video_queue *queue, enum v4l2_buf_type type) int uvc_queue_mmap(struct uvc_video_queue *queue, struct vm_area_struct *vma) { - int ret; - - mutex_lock(&queue->mutex); - ret = vb2_mmap(&queue->queue, vma); - mutex_unlock(&queue->mutex); - - return ret; + return vb2_mmap(&queue->queue, vma); } #ifndef CONFIG_MMU unsigned long uvc_queue_get_unmapped_area(struct uvc_video_queue *queue, unsigned long pgoff) { - unsigned long ret; - - mutex_lock(&queue->mutex); - ret = vb2_get_unmapped_area(&queue->queue, 0, 0, pgoff, 0); - mutex_unlock(&queue->mutex); - return ret; + return vb2_get_unmapped_area(&queue->queue, 0, 0, pgoff, 0); } #endif