Re: [PATCH v15 05/32] v4l: async: Correctly serialise async sub-device unregistration

2017-10-09 Thread Hans Verkuil 
On 04/10/17 23:50, Sakari Ailus wrote:
> The check whether an async sub-device is bound to a notifier was performed
> without list_lock held, making it possible for another process to
> unbind the async sub-device before the sub-device unregistration function
> proceeds to take the lock.
> 
> Fix this by first acquiring the lock and then proceeding with the check.
> 
> Signed-off-by: Sakari Ailus 

Acked-by: Hans Verkuil 

> ---
>  drivers/media/v4l2-core/v4l2-async.c | 18 +++---
>  1 file changed, 7 insertions(+), 11 deletions(-)
> 
> diff --git a/drivers/media/v4l2-core/v4l2-async.c 
> b/drivers/media/v4l2-core/v4l2-async.c
> index 4924481451ca..cde2cf2ab4b0 100644
> --- a/drivers/media/v4l2-core/v4l2-async.c
> +++ b/drivers/media/v4l2-core/v4l2-async.c
> @@ -298,20 +298,16 @@ EXPORT_SYMBOL(v4l2_async_register_subdev);
>  
>  void v4l2_async_unregister_subdev(struct v4l2_subdev *sd)
>  {
> - struct v4l2_async_notifier *notifier = sd->notifier;
> -
> - if (!sd->asd) {
> - if (!list_empty(>async_list))
> - v4l2_async_cleanup(sd);
> - return;
> - }
> -
>   mutex_lock(_lock);
>  
> - list_add(>asd->list, >waiting);
> + if (sd->asd) {
> + struct v4l2_async_notifier *notifier = sd->notifier;
>  
> - if (notifier->unbind)
> - notifier->unbind(notifier, sd, sd->asd);
> + list_add(>asd->list, >waiting);
> +
> + if (notifier->unbind)
> + notifier->unbind(notifier, sd, sd->asd);
> + }
>  
>   v4l2_async_cleanup(sd);
>  
>

Re: [PATCH v15 05/32] v4l: async: Correctly serialise async sub-device unregistration

2017-10-08 Thread Sebastian Reichel 
Hi,

On Thu, Oct 05, 2017 at 12:50:24AM +0300, Sakari Ailus wrote:
> The check whether an async sub-device is bound to a notifier was performed
> without list_lock held, making it possible for another process to
> unbind the async sub-device before the sub-device unregistration function
> proceeds to take the lock.
> 
> Fix this by first acquiring the lock and then proceeding with the check.
> 
> Signed-off-by: Sakari Ailus 

Reviewed-by: Sebastian Reichel 

-- Sebastian

> ---
>  drivers/media/v4l2-core/v4l2-async.c | 18 +++---
>  1 file changed, 7 insertions(+), 11 deletions(-)
> 
> diff --git a/drivers/media/v4l2-core/v4l2-async.c 
> b/drivers/media/v4l2-core/v4l2-async.c
> index 4924481451ca..cde2cf2ab4b0 100644
> --- a/drivers/media/v4l2-core/v4l2-async.c
> +++ b/drivers/media/v4l2-core/v4l2-async.c
> @@ -298,20 +298,16 @@ EXPORT_SYMBOL(v4l2_async_register_subdev);
>  
>  void v4l2_async_unregister_subdev(struct v4l2_subdev *sd)
>  {
> - struct v4l2_async_notifier *notifier = sd->notifier;
> -
> - if (!sd->asd) {
> - if (!list_empty(>async_list))
> - v4l2_async_cleanup(sd);
> - return;
> - }
> -
>   mutex_lock(_lock);
>  
> - list_add(>asd->list, >waiting);
> + if (sd->asd) {
> + struct v4l2_async_notifier *notifier = sd->notifier;
>  
> - if (notifier->unbind)
> - notifier->unbind(notifier, sd, sd->asd);
> + list_add(>asd->list, >waiting);
> +
> + if (notifier->unbind)
> + notifier->unbind(notifier, sd, sd->asd);
> + }
>  
>   v4l2_async_cleanup(sd);
>  
> -- 
> 2.11.0
> 


signature.asc
Description: PGP signature

[PATCH v15 05/32] v4l: async: Correctly serialise async sub-device unregistration

2017-10-04 Thread Sakari Ailus 
The check whether an async sub-device is bound to a notifier was performed
without list_lock held, making it possible for another process to
unbind the async sub-device before the sub-device unregistration function
proceeds to take the lock.

Fix this by first acquiring the lock and then proceeding with the check.

Signed-off-by: Sakari Ailus 
---
 drivers/media/v4l2-core/v4l2-async.c | 18 +++---
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/drivers/media/v4l2-core/v4l2-async.c 
b/drivers/media/v4l2-core/v4l2-async.c
index 4924481451ca..cde2cf2ab4b0 100644
--- a/drivers/media/v4l2-core/v4l2-async.c
+++ b/drivers/media/v4l2-core/v4l2-async.c
@@ -298,20 +298,16 @@ EXPORT_SYMBOL(v4l2_async_register_subdev);
 
 void v4l2_async_unregister_subdev(struct v4l2_subdev *sd)
 {
-   struct v4l2_async_notifier *notifier = sd->notifier;
-
-   if (!sd->asd) {
-   if (!list_empty(>async_list))
-   v4l2_async_cleanup(sd);
-   return;
-   }
-
mutex_lock(_lock);
 
-   list_add(>asd->list, >waiting);
+   if (sd->asd) {
+   struct v4l2_async_notifier *notifier = sd->notifier;
 
-   if (notifier->unbind)
-   notifier->unbind(notifier, sd, sd->asd);
+   list_add(>asd->list, >waiting);
+
+   if (notifier->unbind)
+   notifier->unbind(notifier, sd, sd->asd);
+   }
 
v4l2_async_cleanup(sd);
 
-- 
2.11.0