From 9e68c53910721ffc55c05ee9bbc08129c796b470 Mon Sep 17 00:00:00 2001 From: Laurent Pinchart Date: Mon, 16 Feb 2015 14:38:28 -0300 Subject: [PATCH] [media] uvcvideo: Don't call vb2 mmap and get_unmapped_area with queue lock held MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit videobuf2 has long been subject to AB-BA style deadlocks due to the queue lock and mmap_sem being taken in different orders for the mmap and get_unmapped_area operations. The problem has been fixed by making those two operations callable without taking the queue lock, using an mmap_lock internal to videobuf2. The uvcvideo driver still calls the mmap and get_unmapped_area operations with the queue lock held, resulting in a potential deadlock. As the operations can now be called without locking the queue, fix it. Reported-by: Bjørn Mork Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab --- drivers/media/usb/uvc/uvc_queue.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_queue.c b/drivers/media/usb/uvc/uvc_queue.c index 10c554e7655c..87a19f33e460 100644 --- a/drivers/media/usb/uvc/uvc_queue.c +++ b/drivers/media/usb/uvc/uvc_queue.c @@ -306,25 +306,14 @@ int uvc_queue_streamoff(struct uvc_video_queue *queue, enum v4l2_buf_type type) int uvc_queue_mmap(struct uvc_video_queue *queue, struct vm_area_struct *vma) { - int ret; - - mutex_lock(&queue->mutex); - ret = vb2_mmap(&queue->queue, vma); - mutex_unlock(&queue->mutex); - - return ret; + return vb2_mmap(&queue->queue, vma); } #ifndef CONFIG_MMU unsigned long uvc_queue_get_unmapped_area(struct uvc_video_queue *queue, unsigned long pgoff) { - unsigned long ret; - - mutex_lock(&queue->mutex); - ret = vb2_get_unmapped_area(&queue->queue, 0, 0, pgoff, 0); - mutex_unlock(&queue->mutex); - return ret; + return vb2_get_unmapped_area(&queue->queue, 0, 0, pgoff, 0); } #endif -- 2.20.1