| Message ID | 20200714123832.28011-3-dafna.hirschfeld@collabora.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | media: staging: rkisp1: fix possible race conditions in capture | expand |
On 7/14/20 9:38 AM, Dafna Hirschfeld wrote: > The spinlock buf.lock should protect access to the buffers. > This includes the buffers in buf.queue and also buf.curr and > buf.next. The function 'rkisp1_set_next_buf' access buf.next > therefore it should also be protected with the lock. > > Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com> Acked-by: Helen Koike <helen.koike@collabora.com> Thanks Helen > --- > drivers/staging/media/rkisp1/rkisp1-capture.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/staging/media/rkisp1/rkisp1-capture.c b/drivers/staging/media/rkisp1/rkisp1-capture.c > index 572b0949c81f..fa3eaeac2a00 100644 > --- a/drivers/staging/media/rkisp1/rkisp1-capture.c > +++ b/drivers/staging/media/rkisp1/rkisp1-capture.c > @@ -617,10 +617,11 @@ static void rkisp1_set_next_buf(struct rkisp1_capture *cap) > static void rkisp1_handle_buffer(struct rkisp1_capture *cap) > { > struct rkisp1_isp *isp = &cap->rkisp1->isp; > - struct rkisp1_buffer *curr_buf = cap->buf.curr; > + struct rkisp1_buffer *curr_buf; > unsigned long flags; > > spin_lock_irqsave(&cap->buf.lock, flags); > + curr_buf = cap->buf.curr; > > if (curr_buf) { > curr_buf->vb.sequence = atomic_read(&isp->frame_sequence); > @@ -640,9 +641,9 @@ static void rkisp1_handle_buffer(struct rkisp1_capture *cap) > queue); > list_del(&cap->buf.next->queue); > } > - spin_unlock_irqrestore(&cap->buf.lock, flags); > > rkisp1_set_next_buf(cap); > + spin_unlock_irqrestore(&cap->buf.lock, flags); > } > > void rkisp1_capture_isr(struct rkisp1_device *rkisp1) >
diff --git a/drivers/staging/media/rkisp1/rkisp1-capture.c b/drivers/staging/media/rkisp1/rkisp1-capture.c index 572b0949c81f..fa3eaeac2a00 100644 --- a/drivers/staging/media/rkisp1/rkisp1-capture.c +++ b/drivers/staging/media/rkisp1/rkisp1-capture.c @@ -617,10 +617,11 @@ static void rkisp1_set_next_buf(struct rkisp1_capture *cap) static void rkisp1_handle_buffer(struct rkisp1_capture *cap) { struct rkisp1_isp *isp = &cap->rkisp1->isp; - struct rkisp1_buffer *curr_buf = cap->buf.curr; + struct rkisp1_buffer *curr_buf; unsigned long flags; spin_lock_irqsave(&cap->buf.lock, flags); + curr_buf = cap->buf.curr; if (curr_buf) { curr_buf->vb.sequence = atomic_read(&isp->frame_sequence); @@ -640,9 +641,9 @@ static void rkisp1_handle_buffer(struct rkisp1_capture *cap) queue); list_del(&cap->buf.next->queue); } - spin_unlock_irqrestore(&cap->buf.lock, flags); rkisp1_set_next_buf(cap); + spin_unlock_irqrestore(&cap->buf.lock, flags); } void rkisp1_capture_isr(struct rkisp1_device *rkisp1)
The spinlock buf.lock should protect access to the buffers. This includes the buffers in buf.queue and also buf.curr and buf.next. The function 'rkisp1_set_next_buf' access buf.next therefore it should also be protected with the lock. Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com> --- drivers/staging/media/rkisp1/rkisp1-capture.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)