2007-01-23 17:55:50

by Oleg Nesterov

[permalink] [raw]
Subject: [PATCH] videobuf_qbuf: fix? possible videobuf_queue->stream corruption and lockup

I am pretty sure the bug is real, but the patch may be wrong, please review.

We are doing ->buf_prepare(buf) before adding buf to q->stream list. This
means that videobuf_qbuf() should not try to re-add a STATE_PREPARED buffer.

Signed-off-by: Oleg Nesterov <[email protected]>

--- 6.19/drivers/media/video/video-buf.c~v4l_lockup 2006-11-17 19:42:25.000000000 +0300
+++ 6.19/drivers/media/video/video-buf.c 2007-01-23 19:44:19.000000000 +0300
@@ -700,6 +700,7 @@ videobuf_qbuf(struct videobuf_queue *q,
goto done;
}
if (buf->state == STATE_QUEUED ||
+ buf->state == STATE_PREPARED ||
buf->state == STATE_ACTIVE) {
dprintk(1,"qbuf: buffer is already queued or active.\n");
goto done;


2007-01-23 23:10:21

by Mauro Carvalho Chehab

[permalink] [raw]
Subject: Re: [PATCH] videobuf_qbuf: fix? possible videobuf_queue->stream corruption and lockup

Em Ter, 2007-01-23 ?s 20:57 +0300, Oleg Nesterov escreveu:
> I am pretty sure the bug is real, but the patch may be wrong, please review.
>
> We are doing ->buf_prepare(buf) before adding buf to q->stream list. This
> means that videobuf_qbuf() should not try to re-add a STATE_PREPARED buffer.
>
> Signed-off-by: Oleg Nesterov <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>

Chris/Adrian,

IMO, this should also be applied at -stable trees.
>
> --- 6.19/drivers/media/video/video-buf.c~v4l_lockup 2006-11-17 19:42:25.000000000 +0300
> +++ 6.19/drivers/media/video/video-buf.c 2007-01-23 19:44:19.000000000 +0300
> @@ -700,6 +700,7 @@ videobuf_qbuf(struct videobuf_queue *q,
> goto done;
> }
> if (buf->state == STATE_QUEUED ||
> + buf->state == STATE_PREPARED ||
> buf->state == STATE_ACTIVE) {
> dprintk(1,"qbuf: buffer is already queued or active.\n");
> goto done;
>

2007-02-21 12:02:49

by Adrian Bunk

[permalink] [raw]
Subject: Re: [PATCH] videobuf_qbuf: fix? possible videobuf_queue->stream corruption and lockup

On Tue, Jan 23, 2007 at 09:10:08PM -0200, Mauro Carvalho Chehab wrote:
> Em Ter, 2007-01-23 às 20:57 +0300, Oleg Nesterov escreveu:
> > I am pretty sure the bug is real, but the patch may be wrong, please review.
> >
> > We are doing ->buf_prepare(buf) before adding buf to q->stream list. This
> > means that videobuf_qbuf() should not try to re-add a STATE_PREPARED buffer.
> >
> > Signed-off-by: Oleg Nesterov <[email protected]>
> Signed-off-by: Mauro Carvalho Chehab <[email protected]>
>
> Chris/Adrian,
>
> IMO, this should also be applied at -stable trees.
>...

Thanks, applied to 2.6.16 (a trivial backport was required since the
dprintk() was added after 2.6.16).

cu
Adrian

--

"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed