| Message ID | 20240611-guenter-mini-v5-1-047b6fe5d08b@chromium.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | uvcvideo: Attempt N to land UVC race conditions fixes | expand |
On 11/06/2024 10:12, Ricardo Ribalda wrote: > uvc_unregister_video() can be called asynchronously from > uvc_disconnect(). If the device is still streaming when that happens, a > plethora of race conditions can happen. > > Make sure that the device has stopped streaming before exiting this > function. > > If the user still holds handles to the driver's file descriptors, any > ioctl will return -ENODEV from the v4l2 core. > > This change make uvc more consistent with the rest of the v4l2 drivers > using the vb2_fop_* and vb2_ioctl_* helpers. > > Suggested-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> > Signed-off-by: Ricardo Ribalda <ribalda@chromium.org> > --- > drivers/media/usb/uvc/uvc_driver.c | 32 +++++++++++++++++++++++++++++++- > 1 file changed, 31 insertions(+), 1 deletion(-) > > diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c > index bbd90123a4e7..f1df6384e738 100644 > --- a/drivers/media/usb/uvc/uvc_driver.c > +++ b/drivers/media/usb/uvc/uvc_driver.c > @@ -1908,11 +1908,41 @@ static void uvc_unregister_video(struct uvc_device *dev) > struct uvc_streaming *stream; > > list_for_each_entry(stream, &dev->streams, list) { > + /* Nothing to do here, continue. */ > if (!video_is_registered(&stream->vdev)) > continue; > > + /* > + * For stream->vdev we follow the same logic as: > + * vb2_video_unregister_device(). > + */ > + > + /* 1. Take a reference to vdev */ > + get_device(&stream->vdev.dev); > + > + /* 2. Ensure that no new ioctls can be called. */ > video_unregister_device(&stream->vdev); > - video_unregister_device(&stream->meta.vdev); > + > + /* 3. Wait for old ioctls to finish. */ > + mutex_lock(&stream->mutex); > + > + /* 4. Stop streamming. */ streamming -> streaming > + uvc_queue_streamoff(&stream->queue, stream->type); This should call uvc_queue_release (just a wrapper around vb2_queue_release()) instead. Then it is identical in behavior to vb2_video_unregister_device. Note that uvc_v4l2_release() also calls uvc_queue_release(): it's safe to call uvc_queue_release() twice. With that change: Reviewed-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Regards, Hans > + > + mutex_unlock(&stream->mutex); > + > + put_device(&stream->vdev.dev); > + > + /* > + * For stream->meta.vdev we can directly call: > + * vb2_video_unregister_device(). > + */ > + vb2_video_unregister_device(&stream->meta.vdev); > + > + /* > + * Now both vdevs are not streaming and all the ioctls will > + * return -ENODEV. > + */ > > uvc_debugfs_cleanup_stream(stream); > } >
diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c index bbd90123a4e7..f1df6384e738 100644 --- a/drivers/media/usb/uvc/uvc_driver.c +++ b/drivers/media/usb/uvc/uvc_driver.c @@ -1908,11 +1908,41 @@ static void uvc_unregister_video(struct uvc_device *dev) struct uvc_streaming *stream; list_for_each_entry(stream, &dev->streams, list) { + /* Nothing to do here, continue. */ if (!video_is_registered(&stream->vdev)) continue; + /* + * For stream->vdev we follow the same logic as: + * vb2_video_unregister_device(). + */ + + /* 1. Take a reference to vdev */ + get_device(&stream->vdev.dev); + + /* 2. Ensure that no new ioctls can be called. */ video_unregister_device(&stream->vdev); - video_unregister_device(&stream->meta.vdev); + + /* 3. Wait for old ioctls to finish. */ + mutex_lock(&stream->mutex); + + /* 4. Stop streamming. */ + uvc_queue_streamoff(&stream->queue, stream->type); + + mutex_unlock(&stream->mutex); + + put_device(&stream->vdev.dev); + + /* + * For stream->meta.vdev we can directly call: + * vb2_video_unregister_device(). + */ + vb2_video_unregister_device(&stream->meta.vdev); + + /* + * Now both vdevs are not streaming and all the ioctls will + * return -ENODEV. + */ uvc_debugfs_cleanup_stream(stream); }
uvc_unregister_video() can be called asynchronously from uvc_disconnect(). If the device is still streaming when that happens, a plethora of race conditions can happen. Make sure that the device has stopped streaming before exiting this function. If the user still holds handles to the driver's file descriptors, any ioctl will return -ENODEV from the v4l2 core. This change make uvc more consistent with the rest of the v4l2 drivers using the vb2_fop_* and vb2_ioctl_* helpers. Suggested-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Ricardo Ribalda <ribalda@chromium.org> --- drivers/media/usb/uvc/uvc_driver.c | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-)