2010-10-11 13:56:41 +00:00
|
|
|
/*
|
|
|
|
* videobuf2-core.c - V4L2 driver helper framework
|
|
|
|
*
|
|
|
|
* Copyright (C) 2010 Samsung Electronics
|
|
|
|
*
|
2011-03-13 18:23:32 +00:00
|
|
|
* Author: Pawel Osciak <pawel@osciak.com>
|
2010-10-11 13:56:41 +00:00
|
|
|
* Marek Szyprowski <m.szyprowski@samsung.com>
|
|
|
|
*
|
2014-04-14 10:33:00 +00:00
|
|
|
* The vb2_thread implementation was based on code from videobuf-dvb.c:
|
|
|
|
* (c) 2004 Gerd Knorr <kraxel@bytesex.org> [SUSE Labs]
|
|
|
|
*
|
2010-10-11 13:56:41 +00:00
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/err.h>
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/mm.h>
|
|
|
|
#include <linux/poll.h>
|
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/sched.h>
|
2014-04-14 10:33:00 +00:00
|
|
|
#include <linux/freezer.h>
|
|
|
|
#include <linux/kthread.h>
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2011-07-13 07:26:52 +00:00
|
|
|
#include <media/v4l2-dev.h>
|
|
|
|
#include <media/v4l2-fh.h>
|
|
|
|
#include <media/v4l2-event.h>
|
2014-04-11 07:36:57 +00:00
|
|
|
#include <media/v4l2-common.h>
|
2010-10-11 13:56:41 +00:00
|
|
|
#include <media/videobuf2-core.h>
|
|
|
|
|
|
|
|
static int debug;
|
|
|
|
module_param(debug, int, 0644);
|
|
|
|
|
2014-04-07 12:08:47 +00:00
|
|
|
#define dprintk(level, fmt, arg...) \
|
|
|
|
do { \
|
|
|
|
if (debug >= level) \
|
2014-08-08 12:59:02 +00:00
|
|
|
pr_info("vb2: %s: " fmt, __func__, ## arg); \
|
2010-10-11 13:56:41 +00:00
|
|
|
} while (0)
|
|
|
|
|
2014-01-29 14:53:25 +00:00
|
|
|
#ifdef CONFIG_VIDEO_ADV_DEBUG
|
|
|
|
|
|
|
|
/*
|
2014-03-17 12:54:21 +00:00
|
|
|
* If advanced debugging is on, then count how often each op is called
|
|
|
|
* successfully, which can either be per-buffer or per-queue.
|
2014-01-29 14:53:25 +00:00
|
|
|
*
|
2014-03-17 12:54:21 +00:00
|
|
|
* This makes it easy to check that the 'init' and 'cleanup'
|
2014-01-29 14:53:25 +00:00
|
|
|
* (and variations thereof) stay balanced.
|
|
|
|
*/
|
|
|
|
|
2014-03-17 12:54:21 +00:00
|
|
|
#define log_memop(vb, op) \
|
|
|
|
dprintk(2, "call_memop(%p, %d, %s)%s\n", \
|
|
|
|
(vb)->vb2_queue, (vb)->v4l2_buf.index, #op, \
|
|
|
|
(vb)->vb2_queue->mem_ops->op ? "" : " (nop)")
|
|
|
|
|
2014-01-29 14:53:25 +00:00
|
|
|
#define call_memop(vb, op, args...) \
|
|
|
|
({ \
|
|
|
|
struct vb2_queue *_q = (vb)->vb2_queue; \
|
2014-03-17 12:54:21 +00:00
|
|
|
int err; \
|
|
|
|
\
|
|
|
|
log_memop(vb, op); \
|
|
|
|
err = _q->mem_ops->op ? _q->mem_ops->op(args) : 0; \
|
|
|
|
if (!err) \
|
|
|
|
(vb)->cnt_mem_ ## op++; \
|
|
|
|
err; \
|
|
|
|
})
|
|
|
|
|
|
|
|
#define call_ptr_memop(vb, op, args...) \
|
|
|
|
({ \
|
|
|
|
struct vb2_queue *_q = (vb)->vb2_queue; \
|
|
|
|
void *ptr; \
|
|
|
|
\
|
|
|
|
log_memop(vb, op); \
|
|
|
|
ptr = _q->mem_ops->op ? _q->mem_ops->op(args) : NULL; \
|
|
|
|
if (!IS_ERR_OR_NULL(ptr)) \
|
|
|
|
(vb)->cnt_mem_ ## op++; \
|
|
|
|
ptr; \
|
|
|
|
})
|
|
|
|
|
|
|
|
#define call_void_memop(vb, op, args...) \
|
|
|
|
({ \
|
|
|
|
struct vb2_queue *_q = (vb)->vb2_queue; \
|
|
|
|
\
|
|
|
|
log_memop(vb, op); \
|
|
|
|
if (_q->mem_ops->op) \
|
|
|
|
_q->mem_ops->op(args); \
|
2014-01-29 14:53:25 +00:00
|
|
|
(vb)->cnt_mem_ ## op++; \
|
|
|
|
})
|
2014-03-17 12:54:21 +00:00
|
|
|
|
|
|
|
#define log_qop(q, op) \
|
|
|
|
dprintk(2, "call_qop(%p, %s)%s\n", q, #op, \
|
|
|
|
(q)->ops->op ? "" : " (nop)")
|
2014-01-29 14:53:25 +00:00
|
|
|
|
|
|
|
#define call_qop(q, op, args...) \
|
|
|
|
({ \
|
2014-03-17 12:54:21 +00:00
|
|
|
int err; \
|
|
|
|
\
|
|
|
|
log_qop(q, op); \
|
|
|
|
err = (q)->ops->op ? (q)->ops->op(args) : 0; \
|
|
|
|
if (!err) \
|
|
|
|
(q)->cnt_ ## op++; \
|
|
|
|
err; \
|
|
|
|
})
|
|
|
|
|
|
|
|
#define call_void_qop(q, op, args...) \
|
|
|
|
({ \
|
|
|
|
log_qop(q, op); \
|
|
|
|
if ((q)->ops->op) \
|
|
|
|
(q)->ops->op(args); \
|
2014-01-29 14:53:25 +00:00
|
|
|
(q)->cnt_ ## op++; \
|
|
|
|
})
|
2014-03-17 12:54:21 +00:00
|
|
|
|
|
|
|
#define log_vb_qop(vb, op, args...) \
|
|
|
|
dprintk(2, "call_vb_qop(%p, %d, %s)%s\n", \
|
|
|
|
(vb)->vb2_queue, (vb)->v4l2_buf.index, #op, \
|
|
|
|
(vb)->vb2_queue->ops->op ? "" : " (nop)")
|
2014-01-29 14:53:25 +00:00
|
|
|
|
|
|
|
#define call_vb_qop(vb, op, args...) \
|
|
|
|
({ \
|
2014-03-17 12:54:21 +00:00
|
|
|
int err; \
|
|
|
|
\
|
|
|
|
log_vb_qop(vb, op); \
|
|
|
|
err = (vb)->vb2_queue->ops->op ? \
|
|
|
|
(vb)->vb2_queue->ops->op(args) : 0; \
|
|
|
|
if (!err) \
|
|
|
|
(vb)->cnt_ ## op++; \
|
|
|
|
err; \
|
|
|
|
})
|
|
|
|
|
|
|
|
#define call_void_vb_qop(vb, op, args...) \
|
|
|
|
({ \
|
|
|
|
log_vb_qop(vb, op); \
|
|
|
|
if ((vb)->vb2_queue->ops->op) \
|
|
|
|
(vb)->vb2_queue->ops->op(args); \
|
2014-01-29 14:53:25 +00:00
|
|
|
(vb)->cnt_ ## op++; \
|
|
|
|
})
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
#define call_memop(vb, op, args...) \
|
2014-03-17 12:54:21 +00:00
|
|
|
((vb)->vb2_queue->mem_ops->op ? \
|
|
|
|
(vb)->vb2_queue->mem_ops->op(args) : 0)
|
|
|
|
|
|
|
|
#define call_ptr_memop(vb, op, args...) \
|
|
|
|
((vb)->vb2_queue->mem_ops->op ? \
|
|
|
|
(vb)->vb2_queue->mem_ops->op(args) : NULL)
|
|
|
|
|
|
|
|
#define call_void_memop(vb, op, args...) \
|
|
|
|
do { \
|
|
|
|
if ((vb)->vb2_queue->mem_ops->op) \
|
|
|
|
(vb)->vb2_queue->mem_ops->op(args); \
|
|
|
|
} while (0)
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
#define call_qop(q, op, args...) \
|
2014-01-29 14:53:25 +00:00
|
|
|
((q)->ops->op ? (q)->ops->op(args) : 0)
|
2014-03-17 12:54:21 +00:00
|
|
|
|
|
|
|
#define call_void_qop(q, op, args...) \
|
|
|
|
do { \
|
|
|
|
if ((q)->ops->op) \
|
|
|
|
(q)->ops->op(args); \
|
|
|
|
} while (0)
|
2014-01-29 14:53:25 +00:00
|
|
|
|
|
|
|
#define call_vb_qop(vb, op, args...) \
|
|
|
|
((vb)->vb2_queue->ops->op ? (vb)->vb2_queue->ops->op(args) : 0)
|
2014-03-17 12:54:21 +00:00
|
|
|
|
|
|
|
#define call_void_vb_qop(vb, op, args...) \
|
|
|
|
do { \
|
|
|
|
if ((vb)->vb2_queue->ops->op) \
|
|
|
|
(vb)->vb2_queue->ops->op(args); \
|
|
|
|
} while (0)
|
2014-01-29 14:53:25 +00:00
|
|
|
|
|
|
|
#endif
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2014-02-24 17:44:50 +00:00
|
|
|
/* Flags that are set by the vb2 core */
|
2012-10-22 20:10:16 +00:00
|
|
|
#define V4L2_BUFFER_MASK_FLAGS (V4L2_BUF_FLAG_MAPPED | V4L2_BUF_FLAG_QUEUED | \
|
2011-09-28 12:23:02 +00:00
|
|
|
V4L2_BUF_FLAG_DONE | V4L2_BUF_FLAG_ERROR | \
|
2012-10-22 20:10:16 +00:00
|
|
|
V4L2_BUF_FLAG_PREPARED | \
|
|
|
|
V4L2_BUF_FLAG_TIMESTAMP_MASK)
|
2014-02-24 17:44:50 +00:00
|
|
|
/* Output buffer flags that should be passed on to the driver */
|
|
|
|
#define V4L2_BUFFER_OUT_FLAGS (V4L2_BUF_FLAG_PFRAME | V4L2_BUF_FLAG_BFRAME | \
|
|
|
|
V4L2_BUF_FLAG_KEYFRAME | V4L2_BUF_FLAG_TIMECODE)
|
2011-04-12 13:14:13 +00:00
|
|
|
|
2014-02-28 15:49:18 +00:00
|
|
|
static void __vb2_queue_cancel(struct vb2_queue *q);
|
2015-01-20 15:18:16 +00:00
|
|
|
static void __enqueue_in_driver(struct vb2_buffer *vb);
|
2014-02-28 15:49:18 +00:00
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/**
|
|
|
|
* __vb2_buf_mem_alloc() - allocate video memory for the given buffer
|
|
|
|
*/
|
2011-08-24 09:36:26 +00:00
|
|
|
static int __vb2_buf_mem_alloc(struct vb2_buffer *vb)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
|
|
|
struct vb2_queue *q = vb->vb2_queue;
|
2014-11-18 12:50:59 +00:00
|
|
|
enum dma_data_direction dma_dir =
|
|
|
|
V4L2_TYPE_IS_OUTPUT(q->type) ? DMA_TO_DEVICE : DMA_FROM_DEVICE;
|
2010-10-11 13:56:41 +00:00
|
|
|
void *mem_priv;
|
|
|
|
int plane;
|
|
|
|
|
2013-04-19 10:18:01 +00:00
|
|
|
/*
|
|
|
|
* Allocate memory for all planes in this buffer
|
|
|
|
* NOTE: mmapped areas should be page aligned
|
|
|
|
*/
|
2010-10-11 13:56:41 +00:00
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
2013-04-19 10:18:01 +00:00
|
|
|
unsigned long size = PAGE_ALIGN(q->plane_sizes[plane]);
|
|
|
|
|
2014-03-17 12:54:21 +00:00
|
|
|
mem_priv = call_ptr_memop(vb, alloc, q->alloc_ctx[plane],
|
2014-11-18 12:50:59 +00:00
|
|
|
size, dma_dir, q->gfp_flags);
|
2011-03-22 12:24:58 +00:00
|
|
|
if (IS_ERR_OR_NULL(mem_priv))
|
2010-10-11 13:56:41 +00:00
|
|
|
goto free;
|
|
|
|
|
|
|
|
/* Associate allocator private data with this plane */
|
|
|
|
vb->planes[plane].mem_priv = mem_priv;
|
2011-08-24 09:36:26 +00:00
|
|
|
vb->v4l2_planes[plane].length = q->plane_sizes[plane];
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
free:
|
|
|
|
/* Free already allocated memory if one of the allocations failed */
|
2011-12-15 08:53:06 +00:00
|
|
|
for (; plane > 0; --plane) {
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_memop(vb, put, vb->planes[plane - 1].mem_priv);
|
2011-12-15 08:53:06 +00:00
|
|
|
vb->planes[plane - 1].mem_priv = NULL;
|
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __vb2_buf_mem_free() - free memory of the given buffer
|
|
|
|
*/
|
|
|
|
static void __vb2_buf_mem_free(struct vb2_buffer *vb)
|
|
|
|
{
|
|
|
|
unsigned int plane;
|
|
|
|
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_memop(vb, put, vb->planes[plane].mem_priv);
|
2010-10-11 13:56:41 +00:00
|
|
|
vb->planes[plane].mem_priv = NULL;
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(3, "freed plane %d of buffer %d\n", plane,
|
2011-12-15 08:53:06 +00:00
|
|
|
vb->v4l2_buf.index);
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __vb2_buf_userptr_put() - release userspace memory associated with
|
|
|
|
* a USERPTR buffer
|
|
|
|
*/
|
|
|
|
static void __vb2_buf_userptr_put(struct vb2_buffer *vb)
|
|
|
|
{
|
|
|
|
unsigned int plane;
|
|
|
|
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
2011-12-15 08:53:06 +00:00
|
|
|
if (vb->planes[plane].mem_priv)
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_memop(vb, put_userptr, vb->planes[plane].mem_priv);
|
2011-12-15 08:53:06 +00:00
|
|
|
vb->planes[plane].mem_priv = NULL;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-06-14 13:37:37 +00:00
|
|
|
/**
|
|
|
|
* __vb2_plane_dmabuf_put() - release memory associated with
|
|
|
|
* a DMABUF shared plane
|
|
|
|
*/
|
2014-01-29 14:53:25 +00:00
|
|
|
static void __vb2_plane_dmabuf_put(struct vb2_buffer *vb, struct vb2_plane *p)
|
2012-06-14 13:37:37 +00:00
|
|
|
{
|
|
|
|
if (!p->mem_priv)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (p->dbuf_mapped)
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_memop(vb, unmap_dmabuf, p->mem_priv);
|
2012-06-14 13:37:37 +00:00
|
|
|
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_memop(vb, detach_dmabuf, p->mem_priv);
|
2012-06-14 13:37:37 +00:00
|
|
|
dma_buf_put(p->dbuf);
|
|
|
|
memset(p, 0, sizeof(*p));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __vb2_buf_dmabuf_put() - release memory associated with
|
|
|
|
* a DMABUF shared buffer
|
|
|
|
*/
|
|
|
|
static void __vb2_buf_dmabuf_put(struct vb2_buffer *vb)
|
|
|
|
{
|
|
|
|
unsigned int plane;
|
|
|
|
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane)
|
2014-01-29 14:53:25 +00:00
|
|
|
__vb2_plane_dmabuf_put(vb, &vb->planes[plane]);
|
2012-06-14 13:37:37 +00:00
|
|
|
}
|
|
|
|
|
2013-12-04 14:14:05 +00:00
|
|
|
/**
|
|
|
|
* __setup_lengths() - setup initial lengths for every plane in
|
|
|
|
* every buffer on the queue
|
|
|
|
*/
|
|
|
|
static void __setup_lengths(struct vb2_queue *q, unsigned int n)
|
|
|
|
{
|
|
|
|
unsigned int buffer, plane;
|
|
|
|
struct vb2_buffer *vb;
|
|
|
|
|
|
|
|
for (buffer = q->num_buffers; buffer < q->num_buffers + n; ++buffer) {
|
|
|
|
vb = q->bufs[buffer];
|
|
|
|
if (!vb)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane)
|
|
|
|
vb->v4l2_planes[plane].length = q->plane_sizes[plane];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/**
|
|
|
|
* __setup_offsets() - setup unique offsets ("cookies") for every plane in
|
|
|
|
* every buffer on the queue
|
|
|
|
*/
|
2011-09-28 12:23:02 +00:00
|
|
|
static void __setup_offsets(struct vb2_queue *q, unsigned int n)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
|
|
|
unsigned int buffer, plane;
|
|
|
|
struct vb2_buffer *vb;
|
2011-09-28 12:23:02 +00:00
|
|
|
unsigned long off;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2011-09-28 12:23:02 +00:00
|
|
|
if (q->num_buffers) {
|
|
|
|
struct v4l2_plane *p;
|
|
|
|
vb = q->bufs[q->num_buffers - 1];
|
|
|
|
p = &vb->v4l2_planes[vb->num_planes - 1];
|
|
|
|
off = PAGE_ALIGN(p->m.mem_offset + p->length);
|
|
|
|
} else {
|
|
|
|
off = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (buffer = q->num_buffers; buffer < q->num_buffers + n; ++buffer) {
|
2010-10-11 13:56:41 +00:00
|
|
|
vb = q->bufs[buffer];
|
|
|
|
if (!vb)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
|
|
|
vb->v4l2_planes[plane].m.mem_offset = off;
|
|
|
|
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(3, "buffer %d, plane %d offset 0x%08lx\n",
|
2010-10-11 13:56:41 +00:00
|
|
|
buffer, plane, off);
|
|
|
|
|
|
|
|
off += vb->v4l2_planes[plane].length;
|
|
|
|
off = PAGE_ALIGN(off);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __vb2_queue_alloc() - allocate videobuf buffer structures and (for MMAP type)
|
|
|
|
* video buffer memory for all buffers/planes on the queue and initializes the
|
|
|
|
* queue
|
|
|
|
*
|
|
|
|
* Returns the number of buffers successfully allocated.
|
|
|
|
*/
|
|
|
|
static int __vb2_queue_alloc(struct vb2_queue *q, enum v4l2_memory memory,
|
2011-08-24 09:36:26 +00:00
|
|
|
unsigned int num_buffers, unsigned int num_planes)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
|
|
|
unsigned int buffer;
|
|
|
|
struct vb2_buffer *vb;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
for (buffer = 0; buffer < num_buffers; ++buffer) {
|
|
|
|
/* Allocate videobuf buffer structures */
|
|
|
|
vb = kzalloc(q->buf_struct_size, GFP_KERNEL);
|
|
|
|
if (!vb) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "memory alloc for buffer struct failed\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Length stores number of planes for multiplanar buffers */
|
|
|
|
if (V4L2_TYPE_IS_MULTIPLANAR(q->type))
|
|
|
|
vb->v4l2_buf.length = num_planes;
|
|
|
|
|
|
|
|
vb->state = VB2_BUF_STATE_DEQUEUED;
|
|
|
|
vb->vb2_queue = q;
|
|
|
|
vb->num_planes = num_planes;
|
2011-09-28 12:23:02 +00:00
|
|
|
vb->v4l2_buf.index = q->num_buffers + buffer;
|
2010-10-11 13:56:41 +00:00
|
|
|
vb->v4l2_buf.type = q->type;
|
|
|
|
vb->v4l2_buf.memory = memory;
|
|
|
|
|
|
|
|
/* Allocate video buffer memory for the MMAP type */
|
|
|
|
if (memory == V4L2_MEMORY_MMAP) {
|
2011-08-24 09:36:26 +00:00
|
|
|
ret = __vb2_buf_mem_alloc(vb);
|
2010-10-11 13:56:41 +00:00
|
|
|
if (ret) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "failed allocating memory for "
|
2010-10-11 13:56:41 +00:00
|
|
|
"buffer %d\n", buffer);
|
|
|
|
kfree(vb);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* Call the driver-provided buffer initialization
|
|
|
|
* callback, if given. An error in initialization
|
|
|
|
* results in queue setup failure.
|
|
|
|
*/
|
2014-01-29 14:53:25 +00:00
|
|
|
ret = call_vb_qop(vb, buf_init, vb);
|
2010-10-11 13:56:41 +00:00
|
|
|
if (ret) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "buffer %d %p initialization"
|
2010-10-11 13:56:41 +00:00
|
|
|
" failed\n", buffer, vb);
|
|
|
|
__vb2_buf_mem_free(vb);
|
|
|
|
kfree(vb);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-09-28 12:23:02 +00:00
|
|
|
q->bufs[q->num_buffers + buffer] = vb;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
2013-12-04 14:14:05 +00:00
|
|
|
__setup_lengths(q, buffer);
|
2013-09-19 07:37:29 +00:00
|
|
|
if (memory == V4L2_MEMORY_MMAP)
|
|
|
|
__setup_offsets(q, buffer);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "allocated %d buffers, %d plane(s) each\n",
|
2011-09-28 12:23:02 +00:00
|
|
|
buffer, num_planes);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
return buffer;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __vb2_free_mem() - release all video buffer memory for a given queue
|
|
|
|
*/
|
2011-09-28 12:23:02 +00:00
|
|
|
static void __vb2_free_mem(struct vb2_queue *q, unsigned int buffers)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
|
|
|
unsigned int buffer;
|
|
|
|
struct vb2_buffer *vb;
|
|
|
|
|
2011-09-28 12:23:02 +00:00
|
|
|
for (buffer = q->num_buffers - buffers; buffer < q->num_buffers;
|
|
|
|
++buffer) {
|
2010-10-11 13:56:41 +00:00
|
|
|
vb = q->bufs[buffer];
|
|
|
|
if (!vb)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* Free MMAP buffers or release USERPTR buffers */
|
|
|
|
if (q->memory == V4L2_MEMORY_MMAP)
|
|
|
|
__vb2_buf_mem_free(vb);
|
2012-06-14 13:37:37 +00:00
|
|
|
else if (q->memory == V4L2_MEMORY_DMABUF)
|
|
|
|
__vb2_buf_dmabuf_put(vb);
|
2010-10-11 13:56:41 +00:00
|
|
|
else
|
|
|
|
__vb2_buf_userptr_put(vb);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2011-09-28 12:23:02 +00:00
|
|
|
* __vb2_queue_free() - free buffers at the end of the queue - video memory and
|
|
|
|
* related information, if no buffers are left return the queue to an
|
|
|
|
* uninitialized state. Might be called even if the queue has already been freed.
|
2010-10-11 13:56:41 +00:00
|
|
|
*/
|
2013-12-13 16:13:40 +00:00
|
|
|
static int __vb2_queue_free(struct vb2_queue *q, unsigned int buffers)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
|
|
|
unsigned int buffer;
|
|
|
|
|
2013-12-13 16:13:40 +00:00
|
|
|
/*
|
|
|
|
* Sanity check: when preparing a buffer the queue lock is released for
|
|
|
|
* a short while (see __buf_prepare for the details), which would allow
|
|
|
|
* a race with a reqbufs which can call this function. Removing the
|
|
|
|
* buffers from underneath __buf_prepare is obviously a bad idea, so we
|
|
|
|
* check if any of the buffers is in the state PREPARING, and if so we
|
|
|
|
* just return -EAGAIN.
|
|
|
|
*/
|
|
|
|
for (buffer = q->num_buffers - buffers; buffer < q->num_buffers;
|
|
|
|
++buffer) {
|
|
|
|
if (q->bufs[buffer] == NULL)
|
|
|
|
continue;
|
|
|
|
if (q->bufs[buffer]->state == VB2_BUF_STATE_PREPARING) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "preparing buffers, cannot free\n");
|
2013-12-13 16:13:40 +00:00
|
|
|
return -EAGAIN;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/* Call driver-provided cleanup function for each buffer, if provided */
|
2014-01-29 14:53:25 +00:00
|
|
|
for (buffer = q->num_buffers - buffers; buffer < q->num_buffers;
|
|
|
|
++buffer) {
|
2014-01-29 16:36:53 +00:00
|
|
|
struct vb2_buffer *vb = q->bufs[buffer];
|
|
|
|
|
|
|
|
if (vb && vb->planes[0].mem_priv)
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_vb_qop(vb, buf_cleanup, vb);
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Release video buffer memory */
|
2011-09-28 12:23:02 +00:00
|
|
|
__vb2_free_mem(q, buffers);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2014-01-29 14:53:25 +00:00
|
|
|
#ifdef CONFIG_VIDEO_ADV_DEBUG
|
|
|
|
/*
|
|
|
|
* Check that all the calls were balances during the life-time of this
|
|
|
|
* queue. If not (or if the debug level is 1 or up), then dump the
|
|
|
|
* counters to the kernel log.
|
|
|
|
*/
|
|
|
|
if (q->num_buffers) {
|
|
|
|
bool unbalanced = q->cnt_start_streaming != q->cnt_stop_streaming ||
|
|
|
|
q->cnt_wait_prepare != q->cnt_wait_finish;
|
|
|
|
|
|
|
|
if (unbalanced || debug) {
|
|
|
|
pr_info("vb2: counters for queue %p:%s\n", q,
|
|
|
|
unbalanced ? " UNBALANCED!" : "");
|
|
|
|
pr_info("vb2: setup: %u start_streaming: %u stop_streaming: %u\n",
|
|
|
|
q->cnt_queue_setup, q->cnt_start_streaming,
|
|
|
|
q->cnt_stop_streaming);
|
|
|
|
pr_info("vb2: wait_prepare: %u wait_finish: %u\n",
|
|
|
|
q->cnt_wait_prepare, q->cnt_wait_finish);
|
|
|
|
}
|
|
|
|
q->cnt_queue_setup = 0;
|
|
|
|
q->cnt_wait_prepare = 0;
|
|
|
|
q->cnt_wait_finish = 0;
|
|
|
|
q->cnt_start_streaming = 0;
|
|
|
|
q->cnt_stop_streaming = 0;
|
|
|
|
}
|
|
|
|
for (buffer = 0; buffer < q->num_buffers; ++buffer) {
|
|
|
|
struct vb2_buffer *vb = q->bufs[buffer];
|
|
|
|
bool unbalanced = vb->cnt_mem_alloc != vb->cnt_mem_put ||
|
|
|
|
vb->cnt_mem_prepare != vb->cnt_mem_finish ||
|
|
|
|
vb->cnt_mem_get_userptr != vb->cnt_mem_put_userptr ||
|
|
|
|
vb->cnt_mem_attach_dmabuf != vb->cnt_mem_detach_dmabuf ||
|
|
|
|
vb->cnt_mem_map_dmabuf != vb->cnt_mem_unmap_dmabuf ||
|
|
|
|
vb->cnt_buf_queue != vb->cnt_buf_done ||
|
|
|
|
vb->cnt_buf_prepare != vb->cnt_buf_finish ||
|
|
|
|
vb->cnt_buf_init != vb->cnt_buf_cleanup;
|
|
|
|
|
|
|
|
if (unbalanced || debug) {
|
|
|
|
pr_info("vb2: counters for queue %p, buffer %d:%s\n",
|
|
|
|
q, buffer, unbalanced ? " UNBALANCED!" : "");
|
|
|
|
pr_info("vb2: buf_init: %u buf_cleanup: %u buf_prepare: %u buf_finish: %u\n",
|
|
|
|
vb->cnt_buf_init, vb->cnt_buf_cleanup,
|
|
|
|
vb->cnt_buf_prepare, vb->cnt_buf_finish);
|
|
|
|
pr_info("vb2: buf_queue: %u buf_done: %u\n",
|
|
|
|
vb->cnt_buf_queue, vb->cnt_buf_done);
|
|
|
|
pr_info("vb2: alloc: %u put: %u prepare: %u finish: %u mmap: %u\n",
|
|
|
|
vb->cnt_mem_alloc, vb->cnt_mem_put,
|
|
|
|
vb->cnt_mem_prepare, vb->cnt_mem_finish,
|
|
|
|
vb->cnt_mem_mmap);
|
|
|
|
pr_info("vb2: get_userptr: %u put_userptr: %u\n",
|
|
|
|
vb->cnt_mem_get_userptr, vb->cnt_mem_put_userptr);
|
|
|
|
pr_info("vb2: attach_dmabuf: %u detach_dmabuf: %u map_dmabuf: %u unmap_dmabuf: %u\n",
|
|
|
|
vb->cnt_mem_attach_dmabuf, vb->cnt_mem_detach_dmabuf,
|
|
|
|
vb->cnt_mem_map_dmabuf, vb->cnt_mem_unmap_dmabuf);
|
|
|
|
pr_info("vb2: get_dmabuf: %u num_users: %u vaddr: %u cookie: %u\n",
|
|
|
|
vb->cnt_mem_get_dmabuf,
|
|
|
|
vb->cnt_mem_num_users,
|
|
|
|
vb->cnt_mem_vaddr,
|
|
|
|
vb->cnt_mem_cookie);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/* Free videobuf buffers */
|
2011-09-28 12:23:02 +00:00
|
|
|
for (buffer = q->num_buffers - buffers; buffer < q->num_buffers;
|
|
|
|
++buffer) {
|
2010-10-11 13:56:41 +00:00
|
|
|
kfree(q->bufs[buffer]);
|
|
|
|
q->bufs[buffer] = NULL;
|
|
|
|
}
|
|
|
|
|
2011-09-28 12:23:02 +00:00
|
|
|
q->num_buffers -= buffers;
|
2014-02-24 16:41:20 +00:00
|
|
|
if (!q->num_buffers) {
|
2011-09-28 12:23:02 +00:00
|
|
|
q->memory = 0;
|
2014-02-24 16:41:20 +00:00
|
|
|
INIT_LIST_HEAD(&q->queued_list);
|
|
|
|
}
|
2013-12-13 16:13:40 +00:00
|
|
|
return 0;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __verify_planes_array() - verify that the planes array passed in struct
|
|
|
|
* v4l2_buffer from userspace can be safely used
|
|
|
|
*/
|
2011-09-28 12:23:02 +00:00
|
|
|
static int __verify_planes_array(struct vb2_buffer *vb, const struct v4l2_buffer *b)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
2012-09-28 09:12:53 +00:00
|
|
|
if (!V4L2_TYPE_IS_MULTIPLANAR(b->type))
|
|
|
|
return 0;
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/* Is memory for copying plane information present? */
|
|
|
|
if (NULL == b->m.planes) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "multi-planar buffer passed but "
|
2010-10-11 13:56:41 +00:00
|
|
|
"planes array not provided\n");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (b->length < vb->num_planes || b->length > VIDEO_MAX_PLANES) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "incorrect planes array length, "
|
2010-10-11 13:56:41 +00:00
|
|
|
"expected %d, got %d\n", vb->num_planes, b->length);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-07-10 13:41:40 +00:00
|
|
|
/**
|
|
|
|
* __verify_length() - Verify that the bytesused value for each plane fits in
|
|
|
|
* the plane length and that the data offset doesn't exceed the bytesused value.
|
|
|
|
*/
|
|
|
|
static int __verify_length(struct vb2_buffer *vb, const struct v4l2_buffer *b)
|
|
|
|
{
|
|
|
|
unsigned int length;
|
2014-07-17 09:53:08 +00:00
|
|
|
unsigned int bytesused;
|
2012-07-10 13:41:40 +00:00
|
|
|
unsigned int plane;
|
|
|
|
|
|
|
|
if (!V4L2_TYPE_IS_OUTPUT(b->type))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (V4L2_TYPE_IS_MULTIPLANAR(b->type)) {
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
2014-07-17 09:53:08 +00:00
|
|
|
length = (b->memory == V4L2_MEMORY_USERPTR ||
|
|
|
|
b->memory == V4L2_MEMORY_DMABUF)
|
2012-07-10 13:41:40 +00:00
|
|
|
? b->m.planes[plane].length
|
|
|
|
: vb->v4l2_planes[plane].length;
|
2014-07-17 09:53:08 +00:00
|
|
|
bytesused = b->m.planes[plane].bytesused
|
|
|
|
? b->m.planes[plane].bytesused : length;
|
2012-07-10 13:41:40 +00:00
|
|
|
|
|
|
|
if (b->m.planes[plane].bytesused > length)
|
|
|
|
return -EINVAL;
|
2013-08-26 14:47:09 +00:00
|
|
|
|
|
|
|
if (b->m.planes[plane].data_offset > 0 &&
|
2014-07-17 09:53:08 +00:00
|
|
|
b->m.planes[plane].data_offset >= bytesused)
|
2012-07-10 13:41:40 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
length = (b->memory == V4L2_MEMORY_USERPTR)
|
|
|
|
? b->length : vb->v4l2_planes[0].length;
|
2014-07-17 09:53:08 +00:00
|
|
|
bytesused = b->bytesused ? b->bytesused : length;
|
2012-07-10 13:41:40 +00:00
|
|
|
|
|
|
|
if (b->bytesused > length)
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-08-24 09:49:35 +00:00
|
|
|
/**
|
|
|
|
* __buffer_in_use() - return true if the buffer is in use and
|
|
|
|
* the queue cannot be freed (by the means of REQBUFS(0)) call
|
|
|
|
*/
|
|
|
|
static bool __buffer_in_use(struct vb2_queue *q, struct vb2_buffer *vb)
|
|
|
|
{
|
|
|
|
unsigned int plane;
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
2011-10-12 16:09:53 +00:00
|
|
|
void *mem_priv = vb->planes[plane].mem_priv;
|
2011-08-24 09:49:35 +00:00
|
|
|
/*
|
|
|
|
* If num_users() has not been provided, call_memop
|
|
|
|
* will return 0, apparently nobody cares about this
|
|
|
|
* case anyway. If num_users() returns more than 1,
|
|
|
|
* we are not the only user of the plane's memory.
|
|
|
|
*/
|
2014-01-29 14:53:25 +00:00
|
|
|
if (mem_priv && call_memop(vb, num_users, mem_priv) > 1)
|
2011-08-24 09:49:35 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __buffers_in_use() - return true if any buffers on the queue are in use and
|
|
|
|
* the queue cannot be freed (by the means of REQBUFS(0)) call
|
|
|
|
*/
|
|
|
|
static bool __buffers_in_use(struct vb2_queue *q)
|
|
|
|
{
|
|
|
|
unsigned int buffer;
|
|
|
|
for (buffer = 0; buffer < q->num_buffers; ++buffer) {
|
|
|
|
if (__buffer_in_use(q, q->bufs[buffer]))
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/**
|
|
|
|
* __fill_v4l2_buffer() - fill in a struct v4l2_buffer with information to be
|
|
|
|
* returned to userspace
|
|
|
|
*/
|
2012-09-28 09:12:53 +00:00
|
|
|
static void __fill_v4l2_buffer(struct vb2_buffer *vb, struct v4l2_buffer *b)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
|
|
|
struct vb2_queue *q = vb->vb2_queue;
|
|
|
|
|
2012-05-02 12:40:03 +00:00
|
|
|
/* Copy back data such as timestamp, flags, etc. */
|
2010-10-11 13:56:41 +00:00
|
|
|
memcpy(b, &vb->v4l2_buf, offsetof(struct v4l2_buffer, m));
|
2012-05-02 12:40:03 +00:00
|
|
|
b->reserved2 = vb->v4l2_buf.reserved2;
|
2010-10-11 13:56:41 +00:00
|
|
|
b->reserved = vb->v4l2_buf.reserved;
|
|
|
|
|
|
|
|
if (V4L2_TYPE_IS_MULTIPLANAR(q->type)) {
|
|
|
|
/*
|
|
|
|
* Fill in plane-related data if userspace provided an array
|
2012-09-28 09:12:53 +00:00
|
|
|
* for it. The caller has already verified memory and size.
|
2010-10-11 13:56:41 +00:00
|
|
|
*/
|
2012-09-28 09:24:18 +00:00
|
|
|
b->length = vb->num_planes;
|
2010-10-11 13:56:41 +00:00
|
|
|
memcpy(b->m.planes, vb->v4l2_planes,
|
|
|
|
b->length * sizeof(struct v4l2_plane));
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* We use length and offset in v4l2_planes array even for
|
|
|
|
* single-planar buffers, but userspace does not.
|
|
|
|
*/
|
|
|
|
b->length = vb->v4l2_planes[0].length;
|
|
|
|
b->bytesused = vb->v4l2_planes[0].bytesused;
|
|
|
|
if (q->memory == V4L2_MEMORY_MMAP)
|
|
|
|
b->m.offset = vb->v4l2_planes[0].m.mem_offset;
|
|
|
|
else if (q->memory == V4L2_MEMORY_USERPTR)
|
|
|
|
b->m.userptr = vb->v4l2_planes[0].m.userptr;
|
2012-06-14 13:37:37 +00:00
|
|
|
else if (q->memory == V4L2_MEMORY_DMABUF)
|
|
|
|
b->m.fd = vb->v4l2_planes[0].m.fd;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
2011-04-12 13:14:13 +00:00
|
|
|
/*
|
|
|
|
* Clear any buffer state related flags.
|
|
|
|
*/
|
2012-10-22 20:10:16 +00:00
|
|
|
b->flags &= ~V4L2_BUFFER_MASK_FLAGS;
|
2014-02-25 22:08:52 +00:00
|
|
|
b->flags |= q->timestamp_flags & V4L2_BUF_FLAG_TIMESTAMP_MASK;
|
|
|
|
if ((q->timestamp_flags & V4L2_BUF_FLAG_TIMESTAMP_MASK) !=
|
|
|
|
V4L2_BUF_FLAG_TIMESTAMP_COPY) {
|
|
|
|
/*
|
|
|
|
* For non-COPY timestamps, drop timestamp source bits
|
|
|
|
* and obtain the timestamp source from the queue.
|
|
|
|
*/
|
|
|
|
b->flags &= ~V4L2_BUF_FLAG_TSTAMP_SRC_MASK;
|
|
|
|
b->flags |= q->timestamp_flags & V4L2_BUF_FLAG_TSTAMP_SRC_MASK;
|
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
switch (vb->state) {
|
|
|
|
case VB2_BUF_STATE_QUEUED:
|
|
|
|
case VB2_BUF_STATE_ACTIVE:
|
|
|
|
b->flags |= V4L2_BUF_FLAG_QUEUED;
|
|
|
|
break;
|
|
|
|
case VB2_BUF_STATE_ERROR:
|
|
|
|
b->flags |= V4L2_BUF_FLAG_ERROR;
|
|
|
|
/* fall through */
|
|
|
|
case VB2_BUF_STATE_DONE:
|
|
|
|
b->flags |= V4L2_BUF_FLAG_DONE;
|
|
|
|
break;
|
2011-08-31 09:51:10 +00:00
|
|
|
case VB2_BUF_STATE_PREPARED:
|
2011-09-28 12:23:02 +00:00
|
|
|
b->flags |= V4L2_BUF_FLAG_PREPARED;
|
|
|
|
break;
|
2013-12-13 16:13:38 +00:00
|
|
|
case VB2_BUF_STATE_PREPARING:
|
2011-09-28 12:23:02 +00:00
|
|
|
case VB2_BUF_STATE_DEQUEUED:
|
2010-10-11 13:56:41 +00:00
|
|
|
/* nothing */
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2011-08-24 09:49:35 +00:00
|
|
|
if (__buffer_in_use(q, vb))
|
2010-10-11 13:56:41 +00:00
|
|
|
b->flags |= V4L2_BUF_FLAG_MAPPED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* vb2_querybuf() - query video buffer information
|
|
|
|
* @q: videobuf queue
|
|
|
|
* @b: buffer struct passed from userspace to vidioc_querybuf handler
|
|
|
|
* in driver
|
|
|
|
*
|
|
|
|
* Should be called from vidioc_querybuf ioctl handler in driver.
|
|
|
|
* This function will verify the passed v4l2_buffer structure and fill the
|
|
|
|
* relevant information for the userspace.
|
|
|
|
*
|
|
|
|
* The return values from this function are intended to be directly returned
|
|
|
|
* from vidioc_querybuf handler in driver.
|
|
|
|
*/
|
|
|
|
int vb2_querybuf(struct vb2_queue *q, struct v4l2_buffer *b)
|
|
|
|
{
|
|
|
|
struct vb2_buffer *vb;
|
2012-09-28 09:12:53 +00:00
|
|
|
int ret;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
if (b->type != q->type) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "wrong buffer type\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (b->index >= q->num_buffers) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "buffer index out of range\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
vb = q->bufs[b->index];
|
2012-09-28 09:12:53 +00:00
|
|
|
ret = __verify_planes_array(vb, b);
|
|
|
|
if (!ret)
|
|
|
|
__fill_v4l2_buffer(vb, b);
|
|
|
|
return ret;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(vb2_querybuf);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __verify_userptr_ops() - verify that all memory operations required for
|
|
|
|
* USERPTR queue type have been provided
|
|
|
|
*/
|
|
|
|
static int __verify_userptr_ops(struct vb2_queue *q)
|
|
|
|
{
|
|
|
|
if (!(q->io_modes & VB2_USERPTR) || !q->mem_ops->get_userptr ||
|
|
|
|
!q->mem_ops->put_userptr)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __verify_mmap_ops() - verify that all memory operations required for
|
|
|
|
* MMAP queue type have been provided
|
|
|
|
*/
|
|
|
|
static int __verify_mmap_ops(struct vb2_queue *q)
|
|
|
|
{
|
|
|
|
if (!(q->io_modes & VB2_MMAP) || !q->mem_ops->alloc ||
|
|
|
|
!q->mem_ops->put || !q->mem_ops->mmap)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-06-14 13:37:37 +00:00
|
|
|
/**
|
|
|
|
* __verify_dmabuf_ops() - verify that all memory operations required for
|
|
|
|
* DMABUF queue type have been provided
|
|
|
|
*/
|
|
|
|
static int __verify_dmabuf_ops(struct vb2_queue *q)
|
|
|
|
{
|
|
|
|
if (!(q->io_modes & VB2_DMABUF) || !q->mem_ops->attach_dmabuf ||
|
|
|
|
!q->mem_ops->detach_dmabuf || !q->mem_ops->map_dmabuf ||
|
|
|
|
!q->mem_ops->unmap_dmabuf)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/**
|
2012-06-27 20:10:30 +00:00
|
|
|
* __verify_memory_type() - Check whether the memory type and buffer type
|
|
|
|
* passed to a buffer operation are compatible with the queue.
|
|
|
|
*/
|
|
|
|
static int __verify_memory_type(struct vb2_queue *q,
|
|
|
|
enum v4l2_memory memory, enum v4l2_buf_type type)
|
|
|
|
{
|
2012-06-14 13:37:37 +00:00
|
|
|
if (memory != V4L2_MEMORY_MMAP && memory != V4L2_MEMORY_USERPTR &&
|
|
|
|
memory != V4L2_MEMORY_DMABUF) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "unsupported memory type\n");
|
2012-06-27 20:10:30 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (type != q->type) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "requested type is incorrect\n");
|
2012-06-27 20:10:30 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Make sure all the required memory ops for given memory type
|
|
|
|
* are available.
|
|
|
|
*/
|
|
|
|
if (memory == V4L2_MEMORY_MMAP && __verify_mmap_ops(q)) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "MMAP for current setup unsupported\n");
|
2012-06-27 20:10:30 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (memory == V4L2_MEMORY_USERPTR && __verify_userptr_ops(q)) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "USERPTR for current setup unsupported\n");
|
2012-06-27 20:10:30 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2012-06-14 13:37:37 +00:00
|
|
|
if (memory == V4L2_MEMORY_DMABUF && __verify_dmabuf_ops(q)) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "DMABUF for current setup unsupported\n");
|
2012-06-14 13:37:37 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2012-06-27 20:10:30 +00:00
|
|
|
/*
|
|
|
|
* Place the busy tests at the end: -EBUSY can be ignored when
|
|
|
|
* create_bufs is called with count == 0, but count == 0 should still
|
|
|
|
* do the memory and type validation.
|
|
|
|
*/
|
2014-04-07 12:23:50 +00:00
|
|
|
if (vb2_fileio_is_active(q)) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "file io in progress\n");
|
2012-06-27 20:10:30 +00:00
|
|
|
return -EBUSY;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __reqbufs() - Initiate streaming
|
2010-10-11 13:56:41 +00:00
|
|
|
* @q: videobuf2 queue
|
|
|
|
* @req: struct passed from userspace to vidioc_reqbufs handler in driver
|
|
|
|
*
|
|
|
|
* Should be called from vidioc_reqbufs ioctl handler of a driver.
|
|
|
|
* This function:
|
|
|
|
* 1) verifies streaming parameters passed from the userspace,
|
|
|
|
* 2) sets up the queue,
|
|
|
|
* 3) negotiates number of buffers and planes per buffer with the driver
|
|
|
|
* to be used during streaming,
|
|
|
|
* 4) allocates internal buffer structures (struct vb2_buffer), according to
|
|
|
|
* the agreed parameters,
|
|
|
|
* 5) for MMAP memory type, allocates actual video memory, using the
|
|
|
|
* memory handling/allocation routines provided during queue initialization
|
|
|
|
*
|
|
|
|
* If req->count is 0, all the memory will be freed instead.
|
|
|
|
* If the queue has been allocated previously (by a previous vb2_reqbufs) call
|
|
|
|
* and the queue is not busy, memory will be reallocated.
|
|
|
|
*
|
|
|
|
* The return values from this function are intended to be directly returned
|
|
|
|
* from vidioc_reqbufs handler in driver.
|
|
|
|
*/
|
2012-06-27 20:10:30 +00:00
|
|
|
static int __reqbufs(struct vb2_queue *q, struct v4l2_requestbuffers *req)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
2011-09-28 12:23:02 +00:00
|
|
|
unsigned int num_buffers, allocated_buffers, num_planes = 0;
|
2012-06-27 20:10:30 +00:00
|
|
|
int ret;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
if (q->streaming) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "streaming active\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EBUSY;
|
|
|
|
}
|
|
|
|
|
2011-03-09 17:03:24 +00:00
|
|
|
if (req->count == 0 || q->num_buffers != 0 || q->memory != req->memory) {
|
2010-10-11 13:56:41 +00:00
|
|
|
/*
|
|
|
|
* We already have buffers allocated, so first check if they
|
|
|
|
* are not in use and can be freed.
|
|
|
|
*/
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_lock(&q->mmap_lock);
|
2010-10-11 13:56:41 +00:00
|
|
|
if (q->memory == V4L2_MEMORY_MMAP && __buffers_in_use(q)) {
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_unlock(&q->mmap_lock);
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "memory in use, cannot free\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EBUSY;
|
|
|
|
}
|
|
|
|
|
2014-02-28 15:49:18 +00:00
|
|
|
/*
|
|
|
|
* Call queue_cancel to clean up any buffers in the PREPARED or
|
|
|
|
* QUEUED state which is possible if buffers were prepared or
|
|
|
|
* queued without ever calling STREAMON.
|
|
|
|
*/
|
|
|
|
__vb2_queue_cancel(q);
|
2013-12-13 16:13:40 +00:00
|
|
|
ret = __vb2_queue_free(q, q->num_buffers);
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_unlock(&q->mmap_lock);
|
2013-12-13 16:13:40 +00:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
2011-03-09 17:03:24 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* In case of REQBUFS(0) return immediately without calling
|
|
|
|
* driver's queue_setup() callback and allocating resources.
|
|
|
|
*/
|
|
|
|
if (req->count == 0)
|
|
|
|
return 0;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Make sure the requested values and current defaults are sane.
|
|
|
|
*/
|
|
|
|
num_buffers = min_t(unsigned int, req->count, VIDEO_MAX_FRAME);
|
2014-05-09 15:32:10 +00:00
|
|
|
num_buffers = max_t(unsigned int, num_buffers, q->min_buffers_needed);
|
2011-08-24 09:36:26 +00:00
|
|
|
memset(q->plane_sizes, 0, sizeof(q->plane_sizes));
|
2010-10-11 13:56:41 +00:00
|
|
|
memset(q->alloc_ctx, 0, sizeof(q->alloc_ctx));
|
2011-04-14 10:17:44 +00:00
|
|
|
q->memory = req->memory;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Ask the driver how many buffers and planes per buffer it requires.
|
|
|
|
* Driver also sets the size and allocator context for each plane.
|
|
|
|
*/
|
2011-08-24 13:30:21 +00:00
|
|
|
ret = call_qop(q, queue_setup, q, NULL, &num_buffers, &num_planes,
|
2011-08-24 09:36:26 +00:00
|
|
|
q->plane_sizes, q->alloc_ctx);
|
2014-03-17 12:54:21 +00:00
|
|
|
if (ret)
|
2010-10-11 13:56:41 +00:00
|
|
|
return ret;
|
|
|
|
|
|
|
|
/* Finally, allocate buffers and video memory */
|
2014-02-24 16:41:20 +00:00
|
|
|
allocated_buffers = __vb2_queue_alloc(q, req->memory, num_buffers, num_planes);
|
|
|
|
if (allocated_buffers == 0) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "memory allocation failed\n");
|
2011-06-28 11:29:02 +00:00
|
|
|
return -ENOMEM;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
2014-02-24 16:51:03 +00:00
|
|
|
/*
|
|
|
|
* There is no point in continuing if we can't allocate the minimum
|
|
|
|
* number of buffers needed by this vb2_queue.
|
|
|
|
*/
|
|
|
|
if (allocated_buffers < q->min_buffers_needed)
|
|
|
|
ret = -ENOMEM;
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/*
|
|
|
|
* Check if driver can handle the allocated number of buffers.
|
|
|
|
*/
|
2014-02-24 16:51:03 +00:00
|
|
|
if (!ret && allocated_buffers < num_buffers) {
|
2011-09-28 12:23:02 +00:00
|
|
|
num_buffers = allocated_buffers;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2011-08-24 13:30:21 +00:00
|
|
|
ret = call_qop(q, queue_setup, q, NULL, &num_buffers,
|
|
|
|
&num_planes, q->plane_sizes, q->alloc_ctx);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2011-09-28 12:23:02 +00:00
|
|
|
if (!ret && allocated_buffers < num_buffers)
|
2010-10-11 13:56:41 +00:00
|
|
|
ret = -ENOMEM;
|
|
|
|
|
|
|
|
/*
|
2011-09-28 12:23:02 +00:00
|
|
|
* Either the driver has accepted a smaller number of buffers,
|
|
|
|
* or .queue_setup() returned an error
|
2010-10-11 13:56:41 +00:00
|
|
|
*/
|
2011-09-28 12:23:02 +00:00
|
|
|
}
|
|
|
|
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_lock(&q->mmap_lock);
|
2011-09-28 12:23:02 +00:00
|
|
|
q->num_buffers = allocated_buffers;
|
|
|
|
|
|
|
|
if (ret < 0) {
|
2014-02-24 16:41:20 +00:00
|
|
|
/*
|
|
|
|
* Note: __vb2_queue_free() will subtract 'allocated_buffers'
|
|
|
|
* from q->num_buffers.
|
|
|
|
*/
|
2011-09-28 12:23:02 +00:00
|
|
|
__vb2_queue_free(q, allocated_buffers);
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_unlock(&q->mmap_lock);
|
2011-09-28 12:23:02 +00:00
|
|
|
return ret;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_unlock(&q->mmap_lock);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Return the number of successfully allocated buffers
|
|
|
|
* to the userspace.
|
|
|
|
*/
|
2011-09-28 12:23:02 +00:00
|
|
|
req->count = allocated_buffers;
|
2014-09-20 19:16:35 +00:00
|
|
|
q->waiting_for_buffers = !V4L2_TYPE_IS_OUTPUT(q->type);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2012-06-27 20:10:30 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* vb2_reqbufs() - Wrapper for __reqbufs() that also verifies the memory and
|
|
|
|
* type values.
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
* @req: struct passed from userspace to vidioc_reqbufs handler in driver
|
|
|
|
*/
|
|
|
|
int vb2_reqbufs(struct vb2_queue *q, struct v4l2_requestbuffers *req)
|
|
|
|
{
|
|
|
|
int ret = __verify_memory_type(q, req->memory, req->type);
|
|
|
|
|
|
|
|
return ret ? ret : __reqbufs(q, req);
|
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
EXPORT_SYMBOL_GPL(vb2_reqbufs);
|
|
|
|
|
2011-09-28 12:23:02 +00:00
|
|
|
/**
|
2012-06-27 20:10:30 +00:00
|
|
|
* __create_bufs() - Allocate buffers and any required auxiliary structs
|
2011-09-28 12:23:02 +00:00
|
|
|
* @q: videobuf2 queue
|
|
|
|
* @create: creation parameters, passed from userspace to vidioc_create_bufs
|
|
|
|
* handler in driver
|
|
|
|
*
|
|
|
|
* Should be called from vidioc_create_bufs ioctl handler of a driver.
|
|
|
|
* This function:
|
|
|
|
* 1) verifies parameter sanity
|
|
|
|
* 2) calls the .queue_setup() queue operation
|
|
|
|
* 3) performs any necessary memory allocations
|
|
|
|
*
|
|
|
|
* The return values from this function are intended to be directly returned
|
|
|
|
* from vidioc_create_bufs handler in driver.
|
|
|
|
*/
|
2012-06-27 20:10:30 +00:00
|
|
|
static int __create_bufs(struct vb2_queue *q, struct v4l2_create_buffers *create)
|
2011-09-28 12:23:02 +00:00
|
|
|
{
|
|
|
|
unsigned int num_planes = 0, num_buffers, allocated_buffers;
|
2012-06-27 20:10:30 +00:00
|
|
|
int ret;
|
2011-09-28 12:23:02 +00:00
|
|
|
|
|
|
|
if (q->num_buffers == VIDEO_MAX_FRAME) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "maximum number of buffers already allocated\n");
|
2011-09-28 12:23:02 +00:00
|
|
|
return -ENOBUFS;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!q->num_buffers) {
|
|
|
|
memset(q->plane_sizes, 0, sizeof(q->plane_sizes));
|
|
|
|
memset(q->alloc_ctx, 0, sizeof(q->alloc_ctx));
|
|
|
|
q->memory = create->memory;
|
2014-09-20 19:16:35 +00:00
|
|
|
q->waiting_for_buffers = !V4L2_TYPE_IS_OUTPUT(q->type);
|
2011-09-28 12:23:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
num_buffers = min(create->count, VIDEO_MAX_FRAME - q->num_buffers);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Ask the driver, whether the requested number of buffers, planes per
|
|
|
|
* buffer and their sizes are acceptable
|
|
|
|
*/
|
|
|
|
ret = call_qop(q, queue_setup, q, &create->format, &num_buffers,
|
|
|
|
&num_planes, q->plane_sizes, q->alloc_ctx);
|
2014-03-17 12:54:21 +00:00
|
|
|
if (ret)
|
2011-09-28 12:23:02 +00:00
|
|
|
return ret;
|
|
|
|
|
|
|
|
/* Finally, allocate buffers and video memory */
|
2014-02-24 16:41:20 +00:00
|
|
|
allocated_buffers = __vb2_queue_alloc(q, create->memory, num_buffers,
|
2011-09-28 12:23:02 +00:00
|
|
|
num_planes);
|
2014-02-24 16:41:20 +00:00
|
|
|
if (allocated_buffers == 0) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "memory allocation failed\n");
|
2012-06-22 08:44:14 +00:00
|
|
|
return -ENOMEM;
|
2011-09-28 12:23:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check if driver can handle the so far allocated number of buffers.
|
|
|
|
*/
|
2014-02-24 16:41:20 +00:00
|
|
|
if (allocated_buffers < num_buffers) {
|
|
|
|
num_buffers = allocated_buffers;
|
2011-09-28 12:23:02 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* q->num_buffers contains the total number of buffers, that the
|
|
|
|
* queue driver has set up
|
|
|
|
*/
|
|
|
|
ret = call_qop(q, queue_setup, q, &create->format, &num_buffers,
|
|
|
|
&num_planes, q->plane_sizes, q->alloc_ctx);
|
|
|
|
|
|
|
|
if (!ret && allocated_buffers < num_buffers)
|
|
|
|
ret = -ENOMEM;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Either the driver has accepted a smaller number of buffers,
|
|
|
|
* or .queue_setup() returned an error
|
|
|
|
*/
|
|
|
|
}
|
|
|
|
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_lock(&q->mmap_lock);
|
2011-09-28 12:23:02 +00:00
|
|
|
q->num_buffers += allocated_buffers;
|
|
|
|
|
|
|
|
if (ret < 0) {
|
2014-02-24 16:41:20 +00:00
|
|
|
/*
|
|
|
|
* Note: __vb2_queue_free() will subtract 'allocated_buffers'
|
|
|
|
* from q->num_buffers.
|
|
|
|
*/
|
2011-09-28 12:23:02 +00:00
|
|
|
__vb2_queue_free(q, allocated_buffers);
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_unlock(&q->mmap_lock);
|
2012-06-22 08:44:14 +00:00
|
|
|
return -ENOMEM;
|
2011-09-28 12:23:02 +00:00
|
|
|
}
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_unlock(&q->mmap_lock);
|
2011-09-28 12:23:02 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Return the number of successfully allocated buffers
|
|
|
|
* to the userspace.
|
|
|
|
*/
|
|
|
|
create->count = allocated_buffers;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2012-06-27 20:10:30 +00:00
|
|
|
|
|
|
|
/**
|
2012-07-20 12:25:37 +00:00
|
|
|
* vb2_create_bufs() - Wrapper for __create_bufs() that also verifies the
|
|
|
|
* memory and type values.
|
2012-06-27 20:10:30 +00:00
|
|
|
* @q: videobuf2 queue
|
|
|
|
* @create: creation parameters, passed from userspace to vidioc_create_bufs
|
|
|
|
* handler in driver
|
|
|
|
*/
|
|
|
|
int vb2_create_bufs(struct vb2_queue *q, struct v4l2_create_buffers *create)
|
|
|
|
{
|
|
|
|
int ret = __verify_memory_type(q, create->memory, create->format.type);
|
|
|
|
|
|
|
|
create->index = q->num_buffers;
|
2012-06-22 08:44:14 +00:00
|
|
|
if (create->count == 0)
|
|
|
|
return ret != -EBUSY ? ret : 0;
|
2012-06-27 20:10:30 +00:00
|
|
|
return ret ? ret : __create_bufs(q, create);
|
|
|
|
}
|
2011-09-28 12:23:02 +00:00
|
|
|
EXPORT_SYMBOL_GPL(vb2_create_bufs);
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/**
|
|
|
|
* vb2_plane_vaddr() - Return a kernel virtual address of a given plane
|
|
|
|
* @vb: vb2_buffer to which the plane in question belongs to
|
|
|
|
* @plane_no: plane number for which the address is to be returned
|
|
|
|
*
|
|
|
|
* This function returns a kernel virtual address of a given plane if
|
|
|
|
* such a mapping exist, NULL otherwise.
|
|
|
|
*/
|
|
|
|
void *vb2_plane_vaddr(struct vb2_buffer *vb, unsigned int plane_no)
|
|
|
|
{
|
2011-12-15 08:53:06 +00:00
|
|
|
if (plane_no > vb->num_planes || !vb->planes[plane_no].mem_priv)
|
2010-10-11 13:56:41 +00:00
|
|
|
return NULL;
|
|
|
|
|
2014-03-17 12:54:21 +00:00
|
|
|
return call_ptr_memop(vb, vaddr, vb->planes[plane_no].mem_priv);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_plane_vaddr);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* vb2_plane_cookie() - Return allocator specific cookie for the given plane
|
|
|
|
* @vb: vb2_buffer to which the plane in question belongs to
|
|
|
|
* @plane_no: plane number for which the cookie is to be returned
|
|
|
|
*
|
|
|
|
* This function returns an allocator specific cookie for a given plane if
|
|
|
|
* available, NULL otherwise. The allocator should provide some simple static
|
|
|
|
* inline function, which would convert this cookie to the allocator specific
|
|
|
|
* type that can be used directly by the driver to access the buffer. This can
|
|
|
|
* be for example physical address, pointer to scatter list or IOMMU mapping.
|
|
|
|
*/
|
|
|
|
void *vb2_plane_cookie(struct vb2_buffer *vb, unsigned int plane_no)
|
|
|
|
{
|
2014-08-22 02:28:21 +00:00
|
|
|
if (plane_no >= vb->num_planes || !vb->planes[plane_no].mem_priv)
|
2010-10-11 13:56:41 +00:00
|
|
|
return NULL;
|
|
|
|
|
2014-03-17 12:54:21 +00:00
|
|
|
return call_ptr_memop(vb, cookie, vb->planes[plane_no].mem_priv);
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_plane_cookie);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* vb2_buffer_done() - inform videobuf that an operation on a buffer is finished
|
|
|
|
* @vb: vb2_buffer returned from the driver
|
2015-01-20 15:18:16 +00:00
|
|
|
* @state: either VB2_BUF_STATE_DONE if the operation finished successfully,
|
|
|
|
* VB2_BUF_STATE_ERROR if the operation finished with an error or
|
|
|
|
* VB2_BUF_STATE_QUEUED if the driver wants to requeue buffers.
|
2014-02-24 16:51:03 +00:00
|
|
|
* If start_streaming fails then it should return buffers with state
|
|
|
|
* VB2_BUF_STATE_QUEUED to put them back into the queue.
|
2010-10-11 13:56:41 +00:00
|
|
|
*
|
|
|
|
* This function should be called by the driver after a hardware operation on
|
|
|
|
* a buffer is finished and the buffer may be returned to userspace. The driver
|
|
|
|
* cannot use this buffer anymore until it is queued back to it by videobuf
|
|
|
|
* by the means of buf_queue callback. Only buffers previously queued to the
|
|
|
|
* driver by buf_queue can be passed to this function.
|
2014-02-24 16:51:03 +00:00
|
|
|
*
|
|
|
|
* While streaming a buffer can only be returned in state DONE or ERROR.
|
|
|
|
* The start_streaming op can also return them in case the DMA engine cannot
|
|
|
|
* be started for some reason. In that case the buffers should be returned with
|
|
|
|
* state QUEUED.
|
2010-10-11 13:56:41 +00:00
|
|
|
*/
|
|
|
|
void vb2_buffer_done(struct vb2_buffer *vb, enum vb2_buffer_state state)
|
|
|
|
{
|
|
|
|
struct vb2_queue *q = vb->vb2_queue;
|
|
|
|
unsigned long flags;
|
2012-06-14 13:37:43 +00:00
|
|
|
unsigned int plane;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2014-02-24 16:51:03 +00:00
|
|
|
if (WARN_ON(vb->state != VB2_BUF_STATE_ACTIVE))
|
2010-10-11 13:56:41 +00:00
|
|
|
return;
|
|
|
|
|
2014-08-04 10:14:14 +00:00
|
|
|
if (WARN_ON(state != VB2_BUF_STATE_DONE &&
|
|
|
|
state != VB2_BUF_STATE_ERROR &&
|
|
|
|
state != VB2_BUF_STATE_QUEUED))
|
|
|
|
state = VB2_BUF_STATE_ERROR;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2014-01-29 14:53:25 +00:00
|
|
|
#ifdef CONFIG_VIDEO_ADV_DEBUG
|
|
|
|
/*
|
|
|
|
* Although this is not a callback, it still does have to balance
|
|
|
|
* with the buf_queue op. So update this counter manually.
|
|
|
|
*/
|
|
|
|
vb->cnt_buf_done++;
|
|
|
|
#endif
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(4, "done processing on buffer %d, state: %d\n",
|
2012-11-12 07:01:29 +00:00
|
|
|
vb->v4l2_buf.index, state);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2012-06-14 13:37:43 +00:00
|
|
|
/* sync buffers */
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane)
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_memop(vb, finish, vb->planes[plane].mem_priv);
|
2012-06-14 13:37:43 +00:00
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/* Add the buffer to the done buffers list */
|
|
|
|
spin_lock_irqsave(&q->done_lock, flags);
|
|
|
|
vb->state = state;
|
2014-02-24 16:51:03 +00:00
|
|
|
if (state != VB2_BUF_STATE_QUEUED)
|
|
|
|
list_add_tail(&vb->done_entry, &q->done_list);
|
2014-02-06 08:46:11 +00:00
|
|
|
atomic_dec(&q->owned_by_drv_count);
|
2010-10-11 13:56:41 +00:00
|
|
|
spin_unlock_irqrestore(&q->done_lock, flags);
|
|
|
|
|
2015-01-20 15:18:16 +00:00
|
|
|
if (state == VB2_BUF_STATE_QUEUED) {
|
|
|
|
if (q->start_streaming_called)
|
|
|
|
__enqueue_in_driver(vb);
|
2014-02-24 16:51:03 +00:00
|
|
|
return;
|
2015-01-20 15:18:16 +00:00
|
|
|
}
|
2014-02-24 16:51:03 +00:00
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/* Inform any processes that may be waiting for buffers */
|
|
|
|
wake_up(&q->done_wq);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_buffer_done);
|
|
|
|
|
2014-03-10 00:42:52 +00:00
|
|
|
/**
|
|
|
|
* vb2_discard_done() - discard all buffers marked as DONE
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
*
|
|
|
|
* This function is intended to be used with suspend/resume operations. It
|
|
|
|
* discards all 'done' buffers as they would be too old to be requested after
|
|
|
|
* resume.
|
|
|
|
*
|
|
|
|
* Drivers must stop the hardware and synchronize with interrupt handlers and/or
|
|
|
|
* delayed works before calling this function to make sure no buffer will be
|
|
|
|
* touched by the driver and/or hardware.
|
|
|
|
*/
|
|
|
|
void vb2_discard_done(struct vb2_queue *q)
|
|
|
|
{
|
|
|
|
struct vb2_buffer *vb;
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
spin_lock_irqsave(&q->done_lock, flags);
|
|
|
|
list_for_each_entry(vb, &q->done_list, done_entry)
|
|
|
|
vb->state = VB2_BUF_STATE_ERROR;
|
|
|
|
spin_unlock_irqrestore(&q->done_lock, flags);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_discard_done);
|
|
|
|
|
2015-06-19 11:50:07 +00:00
|
|
|
static void vb2_warn_zero_bytesused(struct vb2_buffer *vb)
|
|
|
|
{
|
|
|
|
static bool __check_once __read_mostly;
|
|
|
|
|
|
|
|
if (__check_once)
|
|
|
|
return;
|
|
|
|
|
|
|
|
__check_once = true;
|
|
|
|
__WARN();
|
|
|
|
|
|
|
|
pr_warn_once("use of bytesused == 0 is deprecated and will be removed in the future,\n");
|
|
|
|
if (vb->vb2_queue->allow_zero_bytesused)
|
|
|
|
pr_warn_once("use VIDIOC_DECODER_CMD(V4L2_DEC_CMD_STOP) instead.\n");
|
|
|
|
else
|
|
|
|
pr_warn_once("use the actual size instead.\n");
|
|
|
|
}
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/**
|
2012-09-28 09:12:53 +00:00
|
|
|
* __fill_vb2_buffer() - fill a vb2_buffer with information provided in a
|
|
|
|
* v4l2_buffer by the userspace. The caller has already verified that struct
|
|
|
|
* v4l2_buffer has a valid number of planes.
|
2010-10-11 13:56:41 +00:00
|
|
|
*/
|
2012-09-28 09:12:53 +00:00
|
|
|
static void __fill_vb2_buffer(struct vb2_buffer *vb, const struct v4l2_buffer *b,
|
2010-10-11 13:56:41 +00:00
|
|
|
struct v4l2_plane *v4l2_planes)
|
|
|
|
{
|
|
|
|
unsigned int plane;
|
|
|
|
|
|
|
|
if (V4L2_TYPE_IS_MULTIPLANAR(b->type)) {
|
|
|
|
if (b->memory == V4L2_MEMORY_USERPTR) {
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
|
|
|
v4l2_planes[plane].m.userptr =
|
|
|
|
b->m.planes[plane].m.userptr;
|
|
|
|
v4l2_planes[plane].length =
|
|
|
|
b->m.planes[plane].length;
|
|
|
|
}
|
|
|
|
}
|
2012-06-14 13:37:37 +00:00
|
|
|
if (b->memory == V4L2_MEMORY_DMABUF) {
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
|
|
|
v4l2_planes[plane].m.fd =
|
|
|
|
b->m.planes[plane].m.fd;
|
|
|
|
v4l2_planes[plane].length =
|
|
|
|
b->m.planes[plane].length;
|
|
|
|
}
|
|
|
|
}
|
2014-07-17 09:53:08 +00:00
|
|
|
|
|
|
|
/* Fill in driver-provided information for OUTPUT types */
|
|
|
|
if (V4L2_TYPE_IS_OUTPUT(b->type)) {
|
|
|
|
/*
|
|
|
|
* Will have to go up to b->length when API starts
|
|
|
|
* accepting variable number of planes.
|
|
|
|
*
|
|
|
|
* If bytesused == 0 for the output buffer, then fall
|
|
|
|
* back to the full buffer size. In that case
|
|
|
|
* userspace clearly never bothered to set it and
|
|
|
|
* it's a safe assumption that they really meant to
|
|
|
|
* use the full plane sizes.
|
2015-02-23 12:26:17 +00:00
|
|
|
*
|
|
|
|
* Some drivers, e.g. old codec drivers, use bytesused == 0
|
|
|
|
* as a way to indicate that streaming is finished.
|
|
|
|
* In that case, the driver should use the
|
|
|
|
* allow_zero_bytesused flag to keep old userspace
|
|
|
|
* applications working.
|
2014-07-17 09:53:08 +00:00
|
|
|
*/
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
|
|
|
struct v4l2_plane *pdst = &v4l2_planes[plane];
|
|
|
|
struct v4l2_plane *psrc = &b->m.planes[plane];
|
|
|
|
|
2015-06-19 11:50:07 +00:00
|
|
|
if (psrc->bytesused == 0)
|
|
|
|
vb2_warn_zero_bytesused(vb);
|
|
|
|
|
2015-02-23 12:26:17 +00:00
|
|
|
if (vb->vb2_queue->allow_zero_bytesused)
|
|
|
|
pdst->bytesused = psrc->bytesused;
|
|
|
|
else
|
|
|
|
pdst->bytesused = psrc->bytesused ?
|
|
|
|
psrc->bytesused : pdst->length;
|
2014-07-17 09:53:08 +00:00
|
|
|
pdst->data_offset = psrc->data_offset;
|
|
|
|
}
|
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Single-planar buffers do not use planes array,
|
|
|
|
* so fill in relevant v4l2_buffer struct fields instead.
|
|
|
|
* In videobuf we use our internal V4l2_planes struct for
|
|
|
|
* single-planar buffers as well, for simplicity.
|
2014-04-07 11:57:48 +00:00
|
|
|
*
|
2014-07-17 09:53:08 +00:00
|
|
|
* If bytesused == 0 for the output buffer, then fall back
|
|
|
|
* to the full buffer size as that's a sensible default.
|
2015-02-23 12:26:17 +00:00
|
|
|
*
|
|
|
|
* Some drivers, e.g. old codec drivers, use bytesused == 0 as
|
|
|
|
* a way to indicate that streaming is finished. In that case,
|
|
|
|
* the driver should use the allow_zero_bytesused flag to keep
|
|
|
|
* old userspace applications working.
|
2010-10-11 13:56:41 +00:00
|
|
|
*/
|
|
|
|
if (b->memory == V4L2_MEMORY_USERPTR) {
|
|
|
|
v4l2_planes[0].m.userptr = b->m.userptr;
|
|
|
|
v4l2_planes[0].length = b->length;
|
|
|
|
}
|
2012-06-14 13:37:37 +00:00
|
|
|
|
|
|
|
if (b->memory == V4L2_MEMORY_DMABUF) {
|
|
|
|
v4l2_planes[0].m.fd = b->m.fd;
|
|
|
|
v4l2_planes[0].length = b->length;
|
|
|
|
}
|
2014-07-17 09:53:08 +00:00
|
|
|
|
2015-02-23 12:26:17 +00:00
|
|
|
if (V4L2_TYPE_IS_OUTPUT(b->type)) {
|
2015-06-19 11:50:07 +00:00
|
|
|
if (b->bytesused == 0)
|
|
|
|
vb2_warn_zero_bytesused(vb);
|
|
|
|
|
2015-02-23 12:26:17 +00:00
|
|
|
if (vb->vb2_queue->allow_zero_bytesused)
|
|
|
|
v4l2_planes[0].bytesused = b->bytesused;
|
|
|
|
else
|
|
|
|
v4l2_planes[0].bytesused = b->bytesused ?
|
|
|
|
b->bytesused : v4l2_planes[0].length;
|
|
|
|
} else
|
2014-07-17 09:53:08 +00:00
|
|
|
v4l2_planes[0].bytesused = 0;
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
2014-02-24 17:44:50 +00:00
|
|
|
/* Zero flags that the vb2 core handles */
|
2012-10-22 20:10:16 +00:00
|
|
|
vb->v4l2_buf.flags = b->flags & ~V4L2_BUFFER_MASK_FLAGS;
|
2014-02-25 22:08:52 +00:00
|
|
|
if ((vb->vb2_queue->timestamp_flags & V4L2_BUF_FLAG_TIMESTAMP_MASK) !=
|
|
|
|
V4L2_BUF_FLAG_TIMESTAMP_COPY || !V4L2_TYPE_IS_OUTPUT(b->type)) {
|
|
|
|
/*
|
|
|
|
* Non-COPY timestamps and non-OUTPUT queues will get
|
|
|
|
* their timestamp and timestamp source flags from the
|
|
|
|
* queue.
|
|
|
|
*/
|
|
|
|
vb->v4l2_buf.flags &= ~V4L2_BUF_FLAG_TSTAMP_SRC_MASK;
|
|
|
|
}
|
|
|
|
|
2014-02-24 17:44:50 +00:00
|
|
|
if (V4L2_TYPE_IS_OUTPUT(b->type)) {
|
|
|
|
/*
|
|
|
|
* For output buffers mask out the timecode flag:
|
|
|
|
* this will be handled later in vb2_internal_qbuf().
|
|
|
|
* The 'field' is valid metadata for this output buffer
|
|
|
|
* and so that needs to be copied here.
|
|
|
|
*/
|
|
|
|
vb->v4l2_buf.flags &= ~V4L2_BUF_FLAG_TIMECODE;
|
|
|
|
vb->v4l2_buf.field = b->field;
|
|
|
|
} else {
|
|
|
|
/* Zero any output buffer flags as this is a capture buffer */
|
|
|
|
vb->v4l2_buf.flags &= ~V4L2_BUFFER_OUT_FLAGS;
|
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
2014-03-10 15:23:13 +00:00
|
|
|
/**
|
|
|
|
* __qbuf_mmap() - handle qbuf of an MMAP buffer
|
|
|
|
*/
|
|
|
|
static int __qbuf_mmap(struct vb2_buffer *vb, const struct v4l2_buffer *b)
|
|
|
|
{
|
|
|
|
__fill_vb2_buffer(vb, b, vb->v4l2_planes);
|
|
|
|
return call_vb_qop(vb, buf_prepare, vb);
|
|
|
|
}
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/**
|
|
|
|
* __qbuf_userptr() - handle qbuf of a USERPTR buffer
|
|
|
|
*/
|
2011-09-28 12:23:02 +00:00
|
|
|
static int __qbuf_userptr(struct vb2_buffer *vb, const struct v4l2_buffer *b)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
|
|
|
struct v4l2_plane planes[VIDEO_MAX_PLANES];
|
|
|
|
struct vb2_queue *q = vb->vb2_queue;
|
|
|
|
void *mem_priv;
|
|
|
|
unsigned int plane;
|
|
|
|
int ret;
|
2014-11-18 12:50:58 +00:00
|
|
|
enum dma_data_direction dma_dir =
|
|
|
|
V4L2_TYPE_IS_OUTPUT(q->type) ? DMA_TO_DEVICE : DMA_FROM_DEVICE;
|
2014-01-29 16:36:53 +00:00
|
|
|
bool reacquired = vb->planes[0].mem_priv == NULL;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2014-04-07 11:44:56 +00:00
|
|
|
memset(planes, 0, sizeof(planes[0]) * vb->num_planes);
|
2012-09-28 09:12:53 +00:00
|
|
|
/* Copy relevant information provided by the userspace */
|
|
|
|
__fill_vb2_buffer(vb, b, planes);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
|
|
|
/* Skip the plane if already verified */
|
2011-11-16 18:09:40 +00:00
|
|
|
if (vb->v4l2_planes[plane].m.userptr &&
|
|
|
|
vb->v4l2_planes[plane].m.userptr == planes[plane].m.userptr
|
2010-10-11 13:56:41 +00:00
|
|
|
&& vb->v4l2_planes[plane].length == planes[plane].length)
|
|
|
|
continue;
|
|
|
|
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(3, "userspace address for plane %d changed, "
|
2010-10-11 13:56:41 +00:00
|
|
|
"reacquiring memory\n", plane);
|
|
|
|
|
2011-08-24 09:36:26 +00:00
|
|
|
/* Check if the provided plane buffer is large enough */
|
|
|
|
if (planes[plane].length < q->plane_sizes[plane]) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "provided buffer size %u is less than "
|
2013-08-20 07:48:06 +00:00
|
|
|
"setup size %u for plane %d\n",
|
|
|
|
planes[plane].length,
|
|
|
|
q->plane_sizes[plane], plane);
|
2011-10-03 06:21:45 +00:00
|
|
|
ret = -EINVAL;
|
2011-08-24 09:36:26 +00:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/* Release previously acquired memory if present */
|
2014-01-29 16:36:53 +00:00
|
|
|
if (vb->planes[plane].mem_priv) {
|
|
|
|
if (!reacquired) {
|
|
|
|
reacquired = true;
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_vb_qop(vb, buf_cleanup, vb);
|
2014-01-29 16:36:53 +00:00
|
|
|
}
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_memop(vb, put_userptr, vb->planes[plane].mem_priv);
|
2014-01-29 16:36:53 +00:00
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
vb->planes[plane].mem_priv = NULL;
|
2014-01-29 16:36:53 +00:00
|
|
|
memset(&vb->v4l2_planes[plane], 0, sizeof(struct v4l2_plane));
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
/* Acquire each plane's memory */
|
2014-03-17 12:54:21 +00:00
|
|
|
mem_priv = call_ptr_memop(vb, get_userptr, q->alloc_ctx[plane],
|
2011-12-15 08:53:06 +00:00
|
|
|
planes[plane].m.userptr,
|
2014-11-18 12:50:58 +00:00
|
|
|
planes[plane].length, dma_dir);
|
2011-12-15 08:53:06 +00:00
|
|
|
if (IS_ERR_OR_NULL(mem_priv)) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "failed acquiring userspace "
|
2010-10-11 13:56:41 +00:00
|
|
|
"memory for plane %d\n", plane);
|
2011-12-15 08:53:06 +00:00
|
|
|
ret = mem_priv ? PTR_ERR(mem_priv) : -EINVAL;
|
|
|
|
goto err;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
2011-12-15 08:53:06 +00:00
|
|
|
vb->planes[plane].mem_priv = mem_priv;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now that everything is in order, copy relevant information
|
|
|
|
* provided by userspace.
|
|
|
|
*/
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane)
|
|
|
|
vb->v4l2_planes[plane] = planes[plane];
|
|
|
|
|
2014-01-29 16:36:53 +00:00
|
|
|
if (reacquired) {
|
|
|
|
/*
|
|
|
|
* One or more planes changed, so we must call buf_init to do
|
|
|
|
* the driver-specific initialization on the newly acquired
|
|
|
|
* buffer, if provided.
|
|
|
|
*/
|
|
|
|
ret = call_vb_qop(vb, buf_init, vb);
|
|
|
|
if (ret) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "buffer initialization failed\n");
|
2014-01-29 16:36:53 +00:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = call_vb_qop(vb, buf_prepare, vb);
|
|
|
|
if (ret) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "buffer preparation failed\n");
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_vb_qop(vb, buf_cleanup, vb);
|
2014-01-29 16:36:53 +00:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
return 0;
|
|
|
|
err:
|
|
|
|
/* In case of errors, release planes that were already acquired */
|
2011-08-24 09:36:26 +00:00
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
|
|
|
if (vb->planes[plane].mem_priv)
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_memop(vb, put_userptr, vb->planes[plane].mem_priv);
|
2011-08-24 09:36:26 +00:00
|
|
|
vb->planes[plane].mem_priv = NULL;
|
|
|
|
vb->v4l2_planes[plane].m.userptr = 0;
|
|
|
|
vb->v4l2_planes[plane].length = 0;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2012-06-14 13:37:37 +00:00
|
|
|
/**
|
|
|
|
* __qbuf_dmabuf() - handle qbuf of a DMABUF buffer
|
|
|
|
*/
|
|
|
|
static int __qbuf_dmabuf(struct vb2_buffer *vb, const struct v4l2_buffer *b)
|
|
|
|
{
|
|
|
|
struct v4l2_plane planes[VIDEO_MAX_PLANES];
|
|
|
|
struct vb2_queue *q = vb->vb2_queue;
|
|
|
|
void *mem_priv;
|
|
|
|
unsigned int plane;
|
|
|
|
int ret;
|
2014-11-18 12:50:58 +00:00
|
|
|
enum dma_data_direction dma_dir =
|
|
|
|
V4L2_TYPE_IS_OUTPUT(q->type) ? DMA_TO_DEVICE : DMA_FROM_DEVICE;
|
2014-01-29 16:36:53 +00:00
|
|
|
bool reacquired = vb->planes[0].mem_priv == NULL;
|
2012-06-14 13:37:37 +00:00
|
|
|
|
2014-04-07 11:44:56 +00:00
|
|
|
memset(planes, 0, sizeof(planes[0]) * vb->num_planes);
|
2014-01-01 12:10:48 +00:00
|
|
|
/* Copy relevant information provided by the userspace */
|
2012-06-14 13:37:37 +00:00
|
|
|
__fill_vb2_buffer(vb, b, planes);
|
|
|
|
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
|
|
|
struct dma_buf *dbuf = dma_buf_get(planes[plane].m.fd);
|
|
|
|
|
|
|
|
if (IS_ERR_OR_NULL(dbuf)) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "invalid dmabuf fd for plane %d\n",
|
2012-06-14 13:37:37 +00:00
|
|
|
plane);
|
|
|
|
ret = -EINVAL;
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* use DMABUF size if length is not provided */
|
|
|
|
if (planes[plane].length == 0)
|
|
|
|
planes[plane].length = dbuf->size;
|
|
|
|
|
2014-04-07 11:44:56 +00:00
|
|
|
if (planes[plane].length < q->plane_sizes[plane]) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "invalid dmabuf length for plane %d\n",
|
2013-11-29 07:50:29 +00:00
|
|
|
plane);
|
2012-06-14 13:37:37 +00:00
|
|
|
ret = -EINVAL;
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Skip the plane if already verified */
|
|
|
|
if (dbuf == vb->planes[plane].dbuf &&
|
|
|
|
vb->v4l2_planes[plane].length == planes[plane].length) {
|
|
|
|
dma_buf_put(dbuf);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "buffer for plane %d changed\n", plane);
|
2012-06-14 13:37:37 +00:00
|
|
|
|
2014-01-29 16:36:53 +00:00
|
|
|
if (!reacquired) {
|
|
|
|
reacquired = true;
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_vb_qop(vb, buf_cleanup, vb);
|
2014-01-29 16:36:53 +00:00
|
|
|
}
|
|
|
|
|
2012-06-14 13:37:37 +00:00
|
|
|
/* Release previously acquired memory if present */
|
2014-01-29 14:53:25 +00:00
|
|
|
__vb2_plane_dmabuf_put(vb, &vb->planes[plane]);
|
2012-06-14 13:37:37 +00:00
|
|
|
memset(&vb->v4l2_planes[plane], 0, sizeof(struct v4l2_plane));
|
|
|
|
|
|
|
|
/* Acquire each plane's memory */
|
2014-03-17 12:54:21 +00:00
|
|
|
mem_priv = call_ptr_memop(vb, attach_dmabuf, q->alloc_ctx[plane],
|
2014-11-18 12:50:58 +00:00
|
|
|
dbuf, planes[plane].length, dma_dir);
|
2012-06-14 13:37:37 +00:00
|
|
|
if (IS_ERR(mem_priv)) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "failed to attach dmabuf\n");
|
2012-06-14 13:37:37 +00:00
|
|
|
ret = PTR_ERR(mem_priv);
|
|
|
|
dma_buf_put(dbuf);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
vb->planes[plane].dbuf = dbuf;
|
|
|
|
vb->planes[plane].mem_priv = mem_priv;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* TODO: This pins the buffer(s) with dma_buf_map_attachment()).. but
|
|
|
|
* really we want to do this just before the DMA, not while queueing
|
|
|
|
* the buffer(s)..
|
|
|
|
*/
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
2014-01-29 14:53:25 +00:00
|
|
|
ret = call_memop(vb, map_dmabuf, vb->planes[plane].mem_priv);
|
2012-06-14 13:37:37 +00:00
|
|
|
if (ret) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "failed to map dmabuf for plane %d\n",
|
2012-06-14 13:37:37 +00:00
|
|
|
plane);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
vb->planes[plane].dbuf_mapped = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now that everything is in order, copy relevant information
|
|
|
|
* provided by userspace.
|
|
|
|
*/
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane)
|
|
|
|
vb->v4l2_planes[plane] = planes[plane];
|
|
|
|
|
2014-01-29 16:36:53 +00:00
|
|
|
if (reacquired) {
|
|
|
|
/*
|
|
|
|
* Call driver-specific initialization on the newly acquired buffer,
|
|
|
|
* if provided.
|
|
|
|
*/
|
|
|
|
ret = call_vb_qop(vb, buf_init, vb);
|
|
|
|
if (ret) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "buffer initialization failed\n");
|
2014-01-29 16:36:53 +00:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = call_vb_qop(vb, buf_prepare, vb);
|
|
|
|
if (ret) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "buffer preparation failed\n");
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_vb_qop(vb, buf_cleanup, vb);
|
2014-01-29 16:36:53 +00:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2012-06-14 13:37:37 +00:00
|
|
|
return 0;
|
|
|
|
err:
|
|
|
|
/* In case of errors, release planes that were already acquired */
|
|
|
|
__vb2_buf_dmabuf_put(vb);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/**
|
|
|
|
* __enqueue_in_driver() - enqueue a vb2_buffer in driver for processing
|
|
|
|
*/
|
|
|
|
static void __enqueue_in_driver(struct vb2_buffer *vb)
|
|
|
|
{
|
|
|
|
struct vb2_queue *q = vb->vb2_queue;
|
2012-06-14 13:37:43 +00:00
|
|
|
unsigned int plane;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
vb->state = VB2_BUF_STATE_ACTIVE;
|
2014-02-06 08:46:11 +00:00
|
|
|
atomic_inc(&q->owned_by_drv_count);
|
2012-06-14 13:37:43 +00:00
|
|
|
|
|
|
|
/* sync buffers */
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane)
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_memop(vb, prepare, vb->planes[plane].mem_priv);
|
2012-06-14 13:37:43 +00:00
|
|
|
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_vb_qop(vb, buf_queue, vb);
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
2011-09-28 12:23:02 +00:00
|
|
|
static int __buf_prepare(struct vb2_buffer *vb, const struct v4l2_buffer *b)
|
2011-08-31 09:51:10 +00:00
|
|
|
{
|
|
|
|
struct vb2_queue *q = vb->vb2_queue;
|
|
|
|
int ret;
|
|
|
|
|
2012-07-10 13:41:40 +00:00
|
|
|
ret = __verify_length(vb, b);
|
2013-08-26 14:47:53 +00:00
|
|
|
if (ret < 0) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "plane parameters verification failed: %d\n", ret);
|
2012-07-10 13:41:40 +00:00
|
|
|
return ret;
|
2013-08-26 14:47:53 +00:00
|
|
|
}
|
2014-04-07 12:20:39 +00:00
|
|
|
if (b->field == V4L2_FIELD_ALTERNATE && V4L2_TYPE_IS_OUTPUT(q->type)) {
|
|
|
|
/*
|
|
|
|
* If the format's field is ALTERNATE, then the buffer's field
|
|
|
|
* should be either TOP or BOTTOM, not ALTERNATE since that
|
|
|
|
* makes no sense. The driver has to know whether the
|
|
|
|
* buffer represents a top or a bottom field in order to
|
|
|
|
* program any DMA correctly. Using ALTERNATE is wrong, since
|
|
|
|
* that just says that it is either a top or a bottom field,
|
|
|
|
* but not which of the two it is.
|
|
|
|
*/
|
|
|
|
dprintk(1, "the field is incorrectly set to ALTERNATE for an output buffer\n");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
2012-07-10 13:41:40 +00:00
|
|
|
|
2014-06-03 21:53:25 +00:00
|
|
|
if (q->error) {
|
|
|
|
dprintk(1, "fatal error occurred on queue\n");
|
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
|
2013-12-13 16:13:38 +00:00
|
|
|
vb->state = VB2_BUF_STATE_PREPARING;
|
2014-02-24 17:44:50 +00:00
|
|
|
vb->v4l2_buf.timestamp.tv_sec = 0;
|
|
|
|
vb->v4l2_buf.timestamp.tv_usec = 0;
|
|
|
|
vb->v4l2_buf.sequence = 0;
|
|
|
|
|
2011-08-31 09:51:10 +00:00
|
|
|
switch (q->memory) {
|
|
|
|
case V4L2_MEMORY_MMAP:
|
|
|
|
ret = __qbuf_mmap(vb, b);
|
|
|
|
break;
|
|
|
|
case V4L2_MEMORY_USERPTR:
|
[media] Revert "[media] vb2: Push mmap_sem down to memops"
This reverts commit 48b25a3a713b90988b6882d318f7c0a6bed9aabc.
That commit caused two regressions. The first is a BUG:
Jun 14 18:42:15 test-media kernel: [ 115.972299] BUG: unable to handle kernel NULL pointer dereference at 0000000000000100
Jun 14 18:42:15 test-media kernel: [ 115.972307] IP: [<ffffffff810d5cd0>] __lock_acquire+0x2f0/0x2070
Jun 14 18:42:15 test-media kernel: [ 115.972316] PGD 0
Jun 14 18:42:15 test-media kernel: [ 115.972318] Oops: 0000 [#1] PREEMPT SMP
Jun 14 18:42:15 test-media kernel: [ 115.972321] Modules linked in: vivid v4l2_dv_timings videobuf2_vmalloc videobuf2_memops videobuf2_core v4l2_common videodev media vmw_balloon vmw_vmci acpi_cpufreq processor button
Jun 14 18:42:15 test-media kernel: [ 115.972333] CPU: 0 PID: 1542 Comm: v4l2-ctl Not tainted 4.1.0-rc3-test-media #1190
Jun 14 18:42:15 test-media kernel: [ 115.972336] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
Jun 14 18:42:15 test-media kernel: [ 115.972337] task: ffff880220ce4200 ti: ffff88021d16c000 task.ti: ffff88021d16c000
Jun 14 18:42:15 test-media kernel: [ 115.972339] RIP: 0010:[<ffffffff810d5cd0>] [<ffffffff810d5cd0>] __lock_acquire+0x2f0/0x2070
Jun 14 18:42:15 test-media kernel: [ 115.972342] RSP: 0018:ffff88021d16f9b8 EFLAGS: 00010002
Jun 14 18:42:15 test-media kernel: [ 115.972343] RAX: 0000000000000046 RBX: 0000000000000292 RCX: 0000000000000001
Jun 14 18:42:15 test-media kernel: [ 115.972345] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000100
Jun 14 18:42:15 test-media kernel: [ 115.972346] RBP: ffff88021d16fa88 R08: 0000000000000001 R09: 0000000000000000
Jun 14 18:42:15 test-media kernel: [ 115.972347] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
Jun 14 18:42:15 test-media kernel: [ 115.972348] R13: ffff880220ce4200 R14: 0000000000000100 R15: 0000000000000000
Jun 14 18:42:15 test-media kernel: [ 115.972350] FS: 00007f2441e7f740(0000) GS:ffff880236e00000(0000) knlGS:0000000000000000
Jun 14 18:42:15 test-media kernel: [ 115.972351] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Jun 14 18:42:15 test-media kernel: [ 115.972353] CR2: 0000000000000100 CR3: 0000000001e0b000 CR4: 00000000001406f0
Jun 14 18:42:15 test-media kernel: [ 115.972424] Stack:
Jun 14 18:42:15 test-media kernel: [ 115.972427] ffff88021d16fa98 ffffffff810d6543 0000000000000006 0000000000000246
Jun 14 18:42:15 test-media kernel: [ 115.972431] ffff88021d16fa08 ffffffff810d532d ffff880220ce4a78 ffff880200000000
Jun 14 18:42:15 test-media kernel: [ 115.972433] ffff880200000001 0000000000000000 0000000000000001 000000000093a4a0
Jun 14 18:42:15 test-media kernel: [ 115.972436] Call Trace:
Jun 14 18:42:15 test-media kernel: [ 115.972440] [<ffffffff810d6543>] ? __lock_acquire+0xb63/0x2070
Jun 14 18:42:15 test-media kernel: [ 115.972443] [<ffffffff810d532d>] ? mark_held_locks+0x6d/0xa0
Jun 14 18:42:15 test-media kernel: [ 115.972445] [<ffffffff810d37a8>] ? __lock_is_held+0x58/0x80
Jun 14 18:42:15 test-media kernel: [ 115.972447] [<ffffffff810d852c>] lock_acquire+0x6c/0xa0
Jun 14 18:42:15 test-media kernel: [ 115.972452] [<ffffffffa039f1f6>] ? vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:42:15 test-media kernel: [ 115.972458] [<ffffffff819b1a92>] down_read+0x42/0x60
Jun 14 18:42:15 test-media kernel: [ 115.972460] [<ffffffffa039f1f6>] ? vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:42:15 test-media kernel: [ 115.972463] [<ffffffff819af1b1>] ? mutex_lock_nested+0x2b1/0x560
Jun 14 18:42:15 test-media kernel: [ 115.972467] [<ffffffffa038fdc5>] ? vb2_queue_release+0x25/0x40 [videobuf2_core]
Jun 14 18:42:15 test-media kernel: [ 115.972469] [<ffffffffa039f1f6>] vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:42:15 test-media kernel: [ 115.972472] [<ffffffffa038b626>] __vb2_queue_free+0x146/0x5e0 [videobuf2_core]
Jun 14 18:42:15 test-media kernel: [ 115.972475] [<ffffffffa038fdd3>] vb2_queue_release+0x33/0x40 [videobuf2_core]
Jun 14 18:42:15 test-media kernel: [ 115.972478] [<ffffffffa038fe75>] _vb2_fop_release+0x95/0xb0 [videobuf2_core]
Jun 14 18:42:15 test-media kernel: [ 115.972481] [<ffffffffa038feb9>] vb2_fop_release+0x29/0x50 [videobuf2_core]
Jun 14 18:42:15 test-media kernel: [ 115.972485] [<ffffffffa03ad372>] vivid_fop_release+0x92/0x230 [vivid]
Jun 14 18:42:15 test-media kernel: [ 115.972491] [<ffffffffa0358460>] v4l2_release+0x30/0x80 [videodev]
Jun 14 18:42:15 test-media kernel: [ 115.972496] [<ffffffff811a51d5>] __fput+0xe5/0x200
Jun 14 18:42:15 test-media kernel: [ 115.972498] [<ffffffff811a5339>] ____fput+0x9/0x10
Jun 14 18:42:15 test-media kernel: [ 115.972501] [<ffffffff810a9fa4>] task_work_run+0xc4/0xf0
Jun 14 18:42:15 test-media kernel: [ 115.972504] [<ffffffff8108c670>] do_exit+0x3a0/0xaf0
Jun 14 18:42:15 test-media kernel: [ 115.972507] [<ffffffff819b3a9b>] ? _raw_spin_unlock_irq+0x2b/0x60
Jun 14 18:42:15 test-media kernel: [ 115.972509] [<ffffffff8108e0ff>] do_group_exit+0x4f/0xe0
Jun 14 18:42:15 test-media kernel: [ 115.972511] [<ffffffff8109a170>] get_signal+0x200/0x8c0
Jun 14 18:42:15 test-media kernel: [ 115.972514] [<ffffffff819b14b5>] ? __mutex_unlock_slowpath+0xf5/0x240
Jun 14 18:42:15 test-media kernel: [ 115.972518] [<ffffffff81002593>] do_signal+0x23/0x820
Jun 14 18:42:15 test-media kernel: [ 115.972521] [<ffffffff819b1609>] ? mutex_unlock+0x9/0x10
Jun 14 18:42:15 test-media kernel: [ 115.972524] [<ffffffffa0358648>] ? v4l2_ioctl+0x78/0xf0 [videodev]
Jun 14 18:42:15 test-media kernel: [ 115.972526] [<ffffffff819b4653>] ? int_very_careful+0x5/0x46
Jun 14 18:42:15 test-media kernel: [ 115.972529] [<ffffffff810d54bd>] ? trace_hardirqs_on_caller+0x15d/0x200
Jun 14 18:42:15 test-media kernel: [ 115.972531] [<ffffffff81002de0>] do_notify_resume+0x50/0x60
Jun 14 18:42:15 test-media kernel: [ 115.972533] [<ffffffff819b46a6>] int_signal+0x12/0x17
Jun 14 18:42:15 test-media kernel: [ 115.972534] Code: ca 81 31 c0 e8 7a e2 8c 00 e8 aa 1d 8d 00 0f 1f 44 00 00 31 db 48 81 c4 a8 00 00 00 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 90 <49> 81 3e 40 4e 02 82 b8 00 00 00 00 44 0f 44 e0 41 83 ff 01 0f
Jun 14 18:42:15 test-media kernel: [ 115.972567] RIP [<ffffffff810d5cd0>] __lock_acquire+0x2f0/0x2070
Jun 14 18:42:15 test-media kernel: [ 115.972569] RSP <ffff88021d16f9b8>
Jun 14 18:42:15 test-media kernel: [ 115.972570] CR2: 0000000000000100
Jun 14 18:42:15 test-media kernel: [ 115.972573] ---[ end trace 25595c2b8560cb57 ]---
Jun 14 18:42:15 test-media kernel: [ 115.972575] Fixing recursive fault but reboot is needed!
This can be reproduced by loading the vivid driver and running:
v4l2-ctl --stream-user
and pressing Ctrl-C. You may have to try a few times, but in my experience this BUG
is triggered quite quickly.
The second is a possible deadlock:
Jun 14 18:44:07 test-media kernel: [ 49.376650] ======================================================
Jun 14 18:44:07 test-media kernel: [ 49.376651] [ INFO: possible circular locking dependency detected ]
Jun 14 18:44:07 test-media kernel: [ 49.376653] 4.1.0-rc3-test-media #1190 Not tainted
Jun 14 18:44:07 test-media kernel: [ 49.376654] -------------------------------------------------------
Jun 14 18:44:07 test-media kernel: [ 49.376655] v4l2-compliance/1468 is trying to acquire lock:
Jun 14 18:44:07 test-media kernel: [ 49.376657] (&mm->mmap_sem){++++++}, at: [<ffffffffa03a81f6>] vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:44:07 test-media kernel: [ 49.376665]
Jun 14 18:44:07 test-media kernel: [ 49.376665] but task is already holding lock:
Jun 14 18:44:07 test-media kernel: [ 49.376666] (&q->mmap_lock){+.+...}, at: [<ffffffffa0398dc5>] vb2_queue_release+0x25/0x40 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376670]
Jun 14 18:44:07 test-media kernel: [ 49.376670] which lock already depends on the new lock.
Jun 14 18:44:07 test-media kernel: [ 49.376670]
Jun 14 18:44:07 test-media kernel: [ 49.376671]
Jun 14 18:44:07 test-media kernel: [ 49.376671] the existing dependency chain (in reverse order) is:
Jun 14 18:44:07 test-media kernel: [ 49.376672]
Jun 14 18:44:07 test-media kernel: [ 49.376672] -> #1 (&q->mmap_lock){+.+...}:
Jun 14 18:44:07 test-media kernel: [ 49.376675] [<ffffffff810d852c>] lock_acquire+0x6c/0xa0
Jun 14 18:44:07 test-media kernel: [ 49.376682] [<ffffffff819aef5e>] mutex_lock_nested+0x5e/0x560
Jun 14 18:44:07 test-media kernel: [ 49.376689] [<ffffffffa03934a2>] vb2_mmap+0x232/0x350 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376691] [<ffffffffa0395a60>] vb2_fop_mmap+0x20/0x30 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376694] [<ffffffffa0361102>] v4l2_mmap+0x52/0x90 [videodev]
Jun 14 18:44:07 test-media kernel: [ 49.376698] [<ffffffff81177e33>] mmap_region+0x3b3/0x5e0
Jun 14 18:44:07 test-media kernel: [ 49.376701] [<ffffffff81178377>] do_mmap_pgoff+0x317/0x400
Jun 14 18:44:07 test-media kernel: [ 49.376703] [<ffffffff81165320>] vm_mmap_pgoff+0x90/0xc0
Jun 14 18:44:07 test-media kernel: [ 49.376708] [<ffffffff81176867>] SyS_mmap_pgoff+0x1d7/0x280
Jun 14 18:44:07 test-media kernel: [ 49.376709] [<ffffffff81007f8d>] SyS_mmap+0x1d/0x20
Jun 14 18:44:07 test-media kernel: [ 49.376714] [<ffffffff819b44ae>] system_call_fastpath+0x12/0x76
Jun 14 18:44:07 test-media kernel: [ 49.376716]
Jun 14 18:44:07 test-media kernel: [ 49.376716] -> #0 (&mm->mmap_sem){++++++}:
Jun 14 18:44:07 test-media kernel: [ 49.376718] [<ffffffff810d79b3>] __lock_acquire+0x1fd3/0x2070
Jun 14 18:44:07 test-media kernel: [ 49.376720] [<ffffffff810d852c>] lock_acquire+0x6c/0xa0
Jun 14 18:44:07 test-media kernel: [ 49.376721] [<ffffffff819b1a92>] down_read+0x42/0x60
Jun 14 18:44:07 test-media kernel: [ 49.376723] [<ffffffffa03a81f6>] vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:44:07 test-media kernel: [ 49.376725] [<ffffffffa0394626>] __vb2_queue_free+0x146/0x5e0 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376727] [<ffffffffa0398dd3>] vb2_queue_release+0x33/0x40 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376729] [<ffffffffa0398e75>] _vb2_fop_release+0x95/0xb0 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376731] [<ffffffffa0398eb9>] vb2_fop_release+0x29/0x50 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376733] [<ffffffffa03b6372>] vivid_fop_release+0x92/0x230 [vivid]
Jun 14 18:44:07 test-media kernel: [ 49.376737] [<ffffffffa0361460>] v4l2_release+0x30/0x80 [videodev]
Jun 14 18:44:07 test-media kernel: [ 49.376739] [<ffffffff811a51d5>] __fput+0xe5/0x200
Jun 14 18:44:07 test-media kernel: [ 49.376744] [<ffffffff811a5339>] ____fput+0x9/0x10
Jun 14 18:44:07 test-media kernel: [ 49.376746] [<ffffffff810a9fa4>] task_work_run+0xc4/0xf0
Jun 14 18:44:07 test-media kernel: [ 49.376749] [<ffffffff81002dd1>] do_notify_resume+0x41/0x60
Jun 14 18:44:07 test-media kernel: [ 49.376752] [<ffffffff819b46a6>] int_signal+0x12/0x17
Jun 14 18:44:07 test-media kernel: [ 49.376754]
Jun 14 18:44:07 test-media kernel: [ 49.376754] other info that might help us debug this:
Jun 14 18:44:07 test-media kernel: [ 49.376754]
Jun 14 18:44:07 test-media kernel: [ 49.376755] Possible unsafe locking scenario:
Jun 14 18:44:07 test-media kernel: [ 49.376755]
Jun 14 18:44:07 test-media kernel: [ 49.376756] CPU0 CPU1
Jun 14 18:44:07 test-media kernel: [ 49.376757] ---- ----
Jun 14 18:44:07 test-media kernel: [ 49.376758] lock(&q->mmap_lock);
Jun 14 18:44:07 test-media kernel: [ 49.376759] lock(&mm->mmap_sem);
Jun 14 18:44:07 test-media kernel: [ 49.376760] lock(&q->mmap_lock);
Jun 14 18:44:07 test-media kernel: [ 49.376761] lock(&mm->mmap_sem);
Jun 14 18:44:07 test-media kernel: [ 49.376763]
Jun 14 18:44:07 test-media kernel: [ 49.376763] *** DEADLOCK ***
Jun 14 18:44:07 test-media kernel: [ 49.376763]
Jun 14 18:44:07 test-media kernel: [ 49.376764] 2 locks held by v4l2-compliance/1468:
Jun 14 18:44:07 test-media kernel: [ 49.376765] #0: (&dev->mutex#3){+.+.+.}, at: [<ffffffffa0398e0a>] _vb2_fop_release+0x2a/0xb0 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376770] #1: (&q->mmap_lock){+.+...}, at: [<ffffffffa0398dc5>] vb2_queue_release+0x25/0x40 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376773]
Jun 14 18:44:07 test-media kernel: [ 49.376773] stack backtrace:
Jun 14 18:44:07 test-media kernel: [ 49.376776] CPU: 2 PID: 1468 Comm: v4l2-compliance Not tainted 4.1.0-rc3-test-media #1190
Jun 14 18:44:07 test-media kernel: [ 49.376777] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
Jun 14 18:44:07 test-media kernel: [ 49.376779] ffffffff8279e0b0 ffff88021d6f7ba8 ffffffff819a7aac 0000000000000011
Jun 14 18:44:07 test-media kernel: [ 49.376781] ffffffff8279e0b0 ffff88021d6f7bf8 ffffffff819a3964 ffff88021d6f7bd8
Jun 14 18:44:07 test-media kernel: [ 49.376783] ffff8800ac8aa100 0000000000000002 ffff8800ac8aa9a0 0000000000000002
Jun 14 18:44:07 test-media kernel: [ 49.376785] Call Trace:
Jun 14 18:44:07 test-media kernel: [ 49.376788] [<ffffffff819a7aac>] dump_stack+0x4f/0x7b
Jun 14 18:44:07 test-media kernel: [ 49.376792] [<ffffffff819a3964>] print_circular_bug+0x20f/0x251
Jun 14 18:44:07 test-media kernel: [ 49.376793] [<ffffffff810d79b3>] __lock_acquire+0x1fd3/0x2070
Jun 14 18:44:07 test-media kernel: [ 49.376795] [<ffffffff810d6543>] ? __lock_acquire+0xb63/0x2070
Jun 14 18:44:07 test-media kernel: [ 49.376797] [<ffffffff810d37a8>] ? __lock_is_held+0x58/0x80
Jun 14 18:44:07 test-media kernel: [ 49.376798] [<ffffffff810d852c>] lock_acquire+0x6c/0xa0
Jun 14 18:44:07 test-media kernel: [ 49.376800] [<ffffffffa03a81f6>] ? vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:44:07 test-media kernel: [ 49.376802] [<ffffffff819b1a92>] down_read+0x42/0x60
Jun 14 18:44:07 test-media kernel: [ 49.376803] [<ffffffffa03a81f6>] ? vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:44:07 test-media kernel: [ 49.376805] [<ffffffff819af1b1>] ? mutex_lock_nested+0x2b1/0x560
Jun 14 18:44:07 test-media kernel: [ 49.376807] [<ffffffffa0398dc5>] ? vb2_queue_release+0x25/0x40 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376808] [<ffffffffa03a81f6>] vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:44:07 test-media kernel: [ 49.376810] [<ffffffffa0398e0a>] ? _vb2_fop_release+0x2a/0xb0 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376812] [<ffffffffa0394626>] __vb2_queue_free+0x146/0x5e0 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376814] [<ffffffffa0398dd3>] vb2_queue_release+0x33/0x40 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376816] [<ffffffffa0398e75>] _vb2_fop_release+0x95/0xb0 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376818] [<ffffffffa0398eb9>] vb2_fop_release+0x29/0x50 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376820] [<ffffffffa03b6372>] vivid_fop_release+0x92/0x230 [vivid]
Jun 14 18:44:07 test-media kernel: [ 49.376822] [<ffffffffa0361460>] v4l2_release+0x30/0x80 [videodev]
Jun 14 18:44:07 test-media kernel: [ 49.376824] [<ffffffff811a51d5>] __fput+0xe5/0x200
Jun 14 18:44:07 test-media kernel: [ 49.376825] [<ffffffff819b4653>] ? int_very_careful+0x5/0x46
Jun 14 18:44:07 test-media kernel: [ 49.376827] [<ffffffff811a5339>] ____fput+0x9/0x10
Jun 14 18:44:07 test-media kernel: [ 49.376828] [<ffffffff810a9fa4>] task_work_run+0xc4/0xf0
Jun 14 18:44:07 test-media kernel: [ 49.376830] [<ffffffff81002dd1>] do_notify_resume+0x41/0x60
Jun 14 18:44:07 test-media kernel: [ 49.376832] [<ffffffff819b46a6>] int_signal+0x12/0x17
This can be triggered by loading the vivid module with the module option 'no_error_inj=1'
and running 'v4l2-compliance -s5'. Again, it may take a few attempts to trigger this
but for me it happens quite quickly.
Without this patch I cannot reproduce these two issues. So reverting is the best
solution for now.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2015-06-15 07:16:32 +00:00
|
|
|
down_read(¤t->mm->mmap_sem);
|
2011-08-31 09:51:10 +00:00
|
|
|
ret = __qbuf_userptr(vb, b);
|
[media] Revert "[media] vb2: Push mmap_sem down to memops"
This reverts commit 48b25a3a713b90988b6882d318f7c0a6bed9aabc.
That commit caused two regressions. The first is a BUG:
Jun 14 18:42:15 test-media kernel: [ 115.972299] BUG: unable to handle kernel NULL pointer dereference at 0000000000000100
Jun 14 18:42:15 test-media kernel: [ 115.972307] IP: [<ffffffff810d5cd0>] __lock_acquire+0x2f0/0x2070
Jun 14 18:42:15 test-media kernel: [ 115.972316] PGD 0
Jun 14 18:42:15 test-media kernel: [ 115.972318] Oops: 0000 [#1] PREEMPT SMP
Jun 14 18:42:15 test-media kernel: [ 115.972321] Modules linked in: vivid v4l2_dv_timings videobuf2_vmalloc videobuf2_memops videobuf2_core v4l2_common videodev media vmw_balloon vmw_vmci acpi_cpufreq processor button
Jun 14 18:42:15 test-media kernel: [ 115.972333] CPU: 0 PID: 1542 Comm: v4l2-ctl Not tainted 4.1.0-rc3-test-media #1190
Jun 14 18:42:15 test-media kernel: [ 115.972336] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
Jun 14 18:42:15 test-media kernel: [ 115.972337] task: ffff880220ce4200 ti: ffff88021d16c000 task.ti: ffff88021d16c000
Jun 14 18:42:15 test-media kernel: [ 115.972339] RIP: 0010:[<ffffffff810d5cd0>] [<ffffffff810d5cd0>] __lock_acquire+0x2f0/0x2070
Jun 14 18:42:15 test-media kernel: [ 115.972342] RSP: 0018:ffff88021d16f9b8 EFLAGS: 00010002
Jun 14 18:42:15 test-media kernel: [ 115.972343] RAX: 0000000000000046 RBX: 0000000000000292 RCX: 0000000000000001
Jun 14 18:42:15 test-media kernel: [ 115.972345] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000100
Jun 14 18:42:15 test-media kernel: [ 115.972346] RBP: ffff88021d16fa88 R08: 0000000000000001 R09: 0000000000000000
Jun 14 18:42:15 test-media kernel: [ 115.972347] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
Jun 14 18:42:15 test-media kernel: [ 115.972348] R13: ffff880220ce4200 R14: 0000000000000100 R15: 0000000000000000
Jun 14 18:42:15 test-media kernel: [ 115.972350] FS: 00007f2441e7f740(0000) GS:ffff880236e00000(0000) knlGS:0000000000000000
Jun 14 18:42:15 test-media kernel: [ 115.972351] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Jun 14 18:42:15 test-media kernel: [ 115.972353] CR2: 0000000000000100 CR3: 0000000001e0b000 CR4: 00000000001406f0
Jun 14 18:42:15 test-media kernel: [ 115.972424] Stack:
Jun 14 18:42:15 test-media kernel: [ 115.972427] ffff88021d16fa98 ffffffff810d6543 0000000000000006 0000000000000246
Jun 14 18:42:15 test-media kernel: [ 115.972431] ffff88021d16fa08 ffffffff810d532d ffff880220ce4a78 ffff880200000000
Jun 14 18:42:15 test-media kernel: [ 115.972433] ffff880200000001 0000000000000000 0000000000000001 000000000093a4a0
Jun 14 18:42:15 test-media kernel: [ 115.972436] Call Trace:
Jun 14 18:42:15 test-media kernel: [ 115.972440] [<ffffffff810d6543>] ? __lock_acquire+0xb63/0x2070
Jun 14 18:42:15 test-media kernel: [ 115.972443] [<ffffffff810d532d>] ? mark_held_locks+0x6d/0xa0
Jun 14 18:42:15 test-media kernel: [ 115.972445] [<ffffffff810d37a8>] ? __lock_is_held+0x58/0x80
Jun 14 18:42:15 test-media kernel: [ 115.972447] [<ffffffff810d852c>] lock_acquire+0x6c/0xa0
Jun 14 18:42:15 test-media kernel: [ 115.972452] [<ffffffffa039f1f6>] ? vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:42:15 test-media kernel: [ 115.972458] [<ffffffff819b1a92>] down_read+0x42/0x60
Jun 14 18:42:15 test-media kernel: [ 115.972460] [<ffffffffa039f1f6>] ? vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:42:15 test-media kernel: [ 115.972463] [<ffffffff819af1b1>] ? mutex_lock_nested+0x2b1/0x560
Jun 14 18:42:15 test-media kernel: [ 115.972467] [<ffffffffa038fdc5>] ? vb2_queue_release+0x25/0x40 [videobuf2_core]
Jun 14 18:42:15 test-media kernel: [ 115.972469] [<ffffffffa039f1f6>] vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:42:15 test-media kernel: [ 115.972472] [<ffffffffa038b626>] __vb2_queue_free+0x146/0x5e0 [videobuf2_core]
Jun 14 18:42:15 test-media kernel: [ 115.972475] [<ffffffffa038fdd3>] vb2_queue_release+0x33/0x40 [videobuf2_core]
Jun 14 18:42:15 test-media kernel: [ 115.972478] [<ffffffffa038fe75>] _vb2_fop_release+0x95/0xb0 [videobuf2_core]
Jun 14 18:42:15 test-media kernel: [ 115.972481] [<ffffffffa038feb9>] vb2_fop_release+0x29/0x50 [videobuf2_core]
Jun 14 18:42:15 test-media kernel: [ 115.972485] [<ffffffffa03ad372>] vivid_fop_release+0x92/0x230 [vivid]
Jun 14 18:42:15 test-media kernel: [ 115.972491] [<ffffffffa0358460>] v4l2_release+0x30/0x80 [videodev]
Jun 14 18:42:15 test-media kernel: [ 115.972496] [<ffffffff811a51d5>] __fput+0xe5/0x200
Jun 14 18:42:15 test-media kernel: [ 115.972498] [<ffffffff811a5339>] ____fput+0x9/0x10
Jun 14 18:42:15 test-media kernel: [ 115.972501] [<ffffffff810a9fa4>] task_work_run+0xc4/0xf0
Jun 14 18:42:15 test-media kernel: [ 115.972504] [<ffffffff8108c670>] do_exit+0x3a0/0xaf0
Jun 14 18:42:15 test-media kernel: [ 115.972507] [<ffffffff819b3a9b>] ? _raw_spin_unlock_irq+0x2b/0x60
Jun 14 18:42:15 test-media kernel: [ 115.972509] [<ffffffff8108e0ff>] do_group_exit+0x4f/0xe0
Jun 14 18:42:15 test-media kernel: [ 115.972511] [<ffffffff8109a170>] get_signal+0x200/0x8c0
Jun 14 18:42:15 test-media kernel: [ 115.972514] [<ffffffff819b14b5>] ? __mutex_unlock_slowpath+0xf5/0x240
Jun 14 18:42:15 test-media kernel: [ 115.972518] [<ffffffff81002593>] do_signal+0x23/0x820
Jun 14 18:42:15 test-media kernel: [ 115.972521] [<ffffffff819b1609>] ? mutex_unlock+0x9/0x10
Jun 14 18:42:15 test-media kernel: [ 115.972524] [<ffffffffa0358648>] ? v4l2_ioctl+0x78/0xf0 [videodev]
Jun 14 18:42:15 test-media kernel: [ 115.972526] [<ffffffff819b4653>] ? int_very_careful+0x5/0x46
Jun 14 18:42:15 test-media kernel: [ 115.972529] [<ffffffff810d54bd>] ? trace_hardirqs_on_caller+0x15d/0x200
Jun 14 18:42:15 test-media kernel: [ 115.972531] [<ffffffff81002de0>] do_notify_resume+0x50/0x60
Jun 14 18:42:15 test-media kernel: [ 115.972533] [<ffffffff819b46a6>] int_signal+0x12/0x17
Jun 14 18:42:15 test-media kernel: [ 115.972534] Code: ca 81 31 c0 e8 7a e2 8c 00 e8 aa 1d 8d 00 0f 1f 44 00 00 31 db 48 81 c4 a8 00 00 00 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 90 <49> 81 3e 40 4e 02 82 b8 00 00 00 00 44 0f 44 e0 41 83 ff 01 0f
Jun 14 18:42:15 test-media kernel: [ 115.972567] RIP [<ffffffff810d5cd0>] __lock_acquire+0x2f0/0x2070
Jun 14 18:42:15 test-media kernel: [ 115.972569] RSP <ffff88021d16f9b8>
Jun 14 18:42:15 test-media kernel: [ 115.972570] CR2: 0000000000000100
Jun 14 18:42:15 test-media kernel: [ 115.972573] ---[ end trace 25595c2b8560cb57 ]---
Jun 14 18:42:15 test-media kernel: [ 115.972575] Fixing recursive fault but reboot is needed!
This can be reproduced by loading the vivid driver and running:
v4l2-ctl --stream-user
and pressing Ctrl-C. You may have to try a few times, but in my experience this BUG
is triggered quite quickly.
The second is a possible deadlock:
Jun 14 18:44:07 test-media kernel: [ 49.376650] ======================================================
Jun 14 18:44:07 test-media kernel: [ 49.376651] [ INFO: possible circular locking dependency detected ]
Jun 14 18:44:07 test-media kernel: [ 49.376653] 4.1.0-rc3-test-media #1190 Not tainted
Jun 14 18:44:07 test-media kernel: [ 49.376654] -------------------------------------------------------
Jun 14 18:44:07 test-media kernel: [ 49.376655] v4l2-compliance/1468 is trying to acquire lock:
Jun 14 18:44:07 test-media kernel: [ 49.376657] (&mm->mmap_sem){++++++}, at: [<ffffffffa03a81f6>] vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:44:07 test-media kernel: [ 49.376665]
Jun 14 18:44:07 test-media kernel: [ 49.376665] but task is already holding lock:
Jun 14 18:44:07 test-media kernel: [ 49.376666] (&q->mmap_lock){+.+...}, at: [<ffffffffa0398dc5>] vb2_queue_release+0x25/0x40 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376670]
Jun 14 18:44:07 test-media kernel: [ 49.376670] which lock already depends on the new lock.
Jun 14 18:44:07 test-media kernel: [ 49.376670]
Jun 14 18:44:07 test-media kernel: [ 49.376671]
Jun 14 18:44:07 test-media kernel: [ 49.376671] the existing dependency chain (in reverse order) is:
Jun 14 18:44:07 test-media kernel: [ 49.376672]
Jun 14 18:44:07 test-media kernel: [ 49.376672] -> #1 (&q->mmap_lock){+.+...}:
Jun 14 18:44:07 test-media kernel: [ 49.376675] [<ffffffff810d852c>] lock_acquire+0x6c/0xa0
Jun 14 18:44:07 test-media kernel: [ 49.376682] [<ffffffff819aef5e>] mutex_lock_nested+0x5e/0x560
Jun 14 18:44:07 test-media kernel: [ 49.376689] [<ffffffffa03934a2>] vb2_mmap+0x232/0x350 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376691] [<ffffffffa0395a60>] vb2_fop_mmap+0x20/0x30 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376694] [<ffffffffa0361102>] v4l2_mmap+0x52/0x90 [videodev]
Jun 14 18:44:07 test-media kernel: [ 49.376698] [<ffffffff81177e33>] mmap_region+0x3b3/0x5e0
Jun 14 18:44:07 test-media kernel: [ 49.376701] [<ffffffff81178377>] do_mmap_pgoff+0x317/0x400
Jun 14 18:44:07 test-media kernel: [ 49.376703] [<ffffffff81165320>] vm_mmap_pgoff+0x90/0xc0
Jun 14 18:44:07 test-media kernel: [ 49.376708] [<ffffffff81176867>] SyS_mmap_pgoff+0x1d7/0x280
Jun 14 18:44:07 test-media kernel: [ 49.376709] [<ffffffff81007f8d>] SyS_mmap+0x1d/0x20
Jun 14 18:44:07 test-media kernel: [ 49.376714] [<ffffffff819b44ae>] system_call_fastpath+0x12/0x76
Jun 14 18:44:07 test-media kernel: [ 49.376716]
Jun 14 18:44:07 test-media kernel: [ 49.376716] -> #0 (&mm->mmap_sem){++++++}:
Jun 14 18:44:07 test-media kernel: [ 49.376718] [<ffffffff810d79b3>] __lock_acquire+0x1fd3/0x2070
Jun 14 18:44:07 test-media kernel: [ 49.376720] [<ffffffff810d852c>] lock_acquire+0x6c/0xa0
Jun 14 18:44:07 test-media kernel: [ 49.376721] [<ffffffff819b1a92>] down_read+0x42/0x60
Jun 14 18:44:07 test-media kernel: [ 49.376723] [<ffffffffa03a81f6>] vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:44:07 test-media kernel: [ 49.376725] [<ffffffffa0394626>] __vb2_queue_free+0x146/0x5e0 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376727] [<ffffffffa0398dd3>] vb2_queue_release+0x33/0x40 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376729] [<ffffffffa0398e75>] _vb2_fop_release+0x95/0xb0 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376731] [<ffffffffa0398eb9>] vb2_fop_release+0x29/0x50 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376733] [<ffffffffa03b6372>] vivid_fop_release+0x92/0x230 [vivid]
Jun 14 18:44:07 test-media kernel: [ 49.376737] [<ffffffffa0361460>] v4l2_release+0x30/0x80 [videodev]
Jun 14 18:44:07 test-media kernel: [ 49.376739] [<ffffffff811a51d5>] __fput+0xe5/0x200
Jun 14 18:44:07 test-media kernel: [ 49.376744] [<ffffffff811a5339>] ____fput+0x9/0x10
Jun 14 18:44:07 test-media kernel: [ 49.376746] [<ffffffff810a9fa4>] task_work_run+0xc4/0xf0
Jun 14 18:44:07 test-media kernel: [ 49.376749] [<ffffffff81002dd1>] do_notify_resume+0x41/0x60
Jun 14 18:44:07 test-media kernel: [ 49.376752] [<ffffffff819b46a6>] int_signal+0x12/0x17
Jun 14 18:44:07 test-media kernel: [ 49.376754]
Jun 14 18:44:07 test-media kernel: [ 49.376754] other info that might help us debug this:
Jun 14 18:44:07 test-media kernel: [ 49.376754]
Jun 14 18:44:07 test-media kernel: [ 49.376755] Possible unsafe locking scenario:
Jun 14 18:44:07 test-media kernel: [ 49.376755]
Jun 14 18:44:07 test-media kernel: [ 49.376756] CPU0 CPU1
Jun 14 18:44:07 test-media kernel: [ 49.376757] ---- ----
Jun 14 18:44:07 test-media kernel: [ 49.376758] lock(&q->mmap_lock);
Jun 14 18:44:07 test-media kernel: [ 49.376759] lock(&mm->mmap_sem);
Jun 14 18:44:07 test-media kernel: [ 49.376760] lock(&q->mmap_lock);
Jun 14 18:44:07 test-media kernel: [ 49.376761] lock(&mm->mmap_sem);
Jun 14 18:44:07 test-media kernel: [ 49.376763]
Jun 14 18:44:07 test-media kernel: [ 49.376763] *** DEADLOCK ***
Jun 14 18:44:07 test-media kernel: [ 49.376763]
Jun 14 18:44:07 test-media kernel: [ 49.376764] 2 locks held by v4l2-compliance/1468:
Jun 14 18:44:07 test-media kernel: [ 49.376765] #0: (&dev->mutex#3){+.+.+.}, at: [<ffffffffa0398e0a>] _vb2_fop_release+0x2a/0xb0 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376770] #1: (&q->mmap_lock){+.+...}, at: [<ffffffffa0398dc5>] vb2_queue_release+0x25/0x40 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376773]
Jun 14 18:44:07 test-media kernel: [ 49.376773] stack backtrace:
Jun 14 18:44:07 test-media kernel: [ 49.376776] CPU: 2 PID: 1468 Comm: v4l2-compliance Not tainted 4.1.0-rc3-test-media #1190
Jun 14 18:44:07 test-media kernel: [ 49.376777] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
Jun 14 18:44:07 test-media kernel: [ 49.376779] ffffffff8279e0b0 ffff88021d6f7ba8 ffffffff819a7aac 0000000000000011
Jun 14 18:44:07 test-media kernel: [ 49.376781] ffffffff8279e0b0 ffff88021d6f7bf8 ffffffff819a3964 ffff88021d6f7bd8
Jun 14 18:44:07 test-media kernel: [ 49.376783] ffff8800ac8aa100 0000000000000002 ffff8800ac8aa9a0 0000000000000002
Jun 14 18:44:07 test-media kernel: [ 49.376785] Call Trace:
Jun 14 18:44:07 test-media kernel: [ 49.376788] [<ffffffff819a7aac>] dump_stack+0x4f/0x7b
Jun 14 18:44:07 test-media kernel: [ 49.376792] [<ffffffff819a3964>] print_circular_bug+0x20f/0x251
Jun 14 18:44:07 test-media kernel: [ 49.376793] [<ffffffff810d79b3>] __lock_acquire+0x1fd3/0x2070
Jun 14 18:44:07 test-media kernel: [ 49.376795] [<ffffffff810d6543>] ? __lock_acquire+0xb63/0x2070
Jun 14 18:44:07 test-media kernel: [ 49.376797] [<ffffffff810d37a8>] ? __lock_is_held+0x58/0x80
Jun 14 18:44:07 test-media kernel: [ 49.376798] [<ffffffff810d852c>] lock_acquire+0x6c/0xa0
Jun 14 18:44:07 test-media kernel: [ 49.376800] [<ffffffffa03a81f6>] ? vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:44:07 test-media kernel: [ 49.376802] [<ffffffff819b1a92>] down_read+0x42/0x60
Jun 14 18:44:07 test-media kernel: [ 49.376803] [<ffffffffa03a81f6>] ? vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:44:07 test-media kernel: [ 49.376805] [<ffffffff819af1b1>] ? mutex_lock_nested+0x2b1/0x560
Jun 14 18:44:07 test-media kernel: [ 49.376807] [<ffffffffa0398dc5>] ? vb2_queue_release+0x25/0x40 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376808] [<ffffffffa03a81f6>] vb2_vmalloc_put_userptr+0x36/0x110 [videobuf2_vmalloc]
Jun 14 18:44:07 test-media kernel: [ 49.376810] [<ffffffffa0398e0a>] ? _vb2_fop_release+0x2a/0xb0 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376812] [<ffffffffa0394626>] __vb2_queue_free+0x146/0x5e0 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376814] [<ffffffffa0398dd3>] vb2_queue_release+0x33/0x40 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376816] [<ffffffffa0398e75>] _vb2_fop_release+0x95/0xb0 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376818] [<ffffffffa0398eb9>] vb2_fop_release+0x29/0x50 [videobuf2_core]
Jun 14 18:44:07 test-media kernel: [ 49.376820] [<ffffffffa03b6372>] vivid_fop_release+0x92/0x230 [vivid]
Jun 14 18:44:07 test-media kernel: [ 49.376822] [<ffffffffa0361460>] v4l2_release+0x30/0x80 [videodev]
Jun 14 18:44:07 test-media kernel: [ 49.376824] [<ffffffff811a51d5>] __fput+0xe5/0x200
Jun 14 18:44:07 test-media kernel: [ 49.376825] [<ffffffff819b4653>] ? int_very_careful+0x5/0x46
Jun 14 18:44:07 test-media kernel: [ 49.376827] [<ffffffff811a5339>] ____fput+0x9/0x10
Jun 14 18:44:07 test-media kernel: [ 49.376828] [<ffffffff810a9fa4>] task_work_run+0xc4/0xf0
Jun 14 18:44:07 test-media kernel: [ 49.376830] [<ffffffff81002dd1>] do_notify_resume+0x41/0x60
Jun 14 18:44:07 test-media kernel: [ 49.376832] [<ffffffff819b46a6>] int_signal+0x12/0x17
This can be triggered by loading the vivid module with the module option 'no_error_inj=1'
and running 'v4l2-compliance -s5'. Again, it may take a few attempts to trigger this
but for me it happens quite quickly.
Without this patch I cannot reproduce these two issues. So reverting is the best
solution for now.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2015-06-15 07:16:32 +00:00
|
|
|
up_read(¤t->mm->mmap_sem);
|
2011-08-31 09:51:10 +00:00
|
|
|
break;
|
2012-06-14 13:37:37 +00:00
|
|
|
case V4L2_MEMORY_DMABUF:
|
|
|
|
ret = __qbuf_dmabuf(vb, b);
|
|
|
|
break;
|
2011-08-31 09:51:10 +00:00
|
|
|
default:
|
|
|
|
WARN(1, "Invalid queue type\n");
|
|
|
|
ret = -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ret)
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "buffer preparation failed: %d\n", ret);
|
2013-12-13 16:13:38 +00:00
|
|
|
vb->state = ret ? VB2_BUF_STATE_DEQUEUED : VB2_BUF_STATE_PREPARED;
|
2011-08-31 09:51:10 +00:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2013-08-09 11:11:26 +00:00
|
|
|
static int vb2_queue_or_prepare_buf(struct vb2_queue *q, struct v4l2_buffer *b,
|
2013-12-13 16:13:39 +00:00
|
|
|
const char *opname)
|
2011-09-28 12:23:02 +00:00
|
|
|
{
|
|
|
|
if (b->type != q->type) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "%s: invalid buffer type\n", opname);
|
2013-12-13 16:13:38 +00:00
|
|
|
return -EINVAL;
|
2011-09-28 12:23:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (b->index >= q->num_buffers) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "%s: buffer index out of range\n", opname);
|
2013-12-13 16:13:38 +00:00
|
|
|
return -EINVAL;
|
2011-09-28 12:23:02 +00:00
|
|
|
}
|
|
|
|
|
2013-12-13 16:13:39 +00:00
|
|
|
if (q->bufs[b->index] == NULL) {
|
2011-09-28 12:23:02 +00:00
|
|
|
/* Should never happen */
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "%s: buffer is NULL\n", opname);
|
2013-12-13 16:13:38 +00:00
|
|
|
return -EINVAL;
|
2011-09-28 12:23:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (b->memory != q->memory) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "%s: invalid memory type\n", opname);
|
2013-12-13 16:13:38 +00:00
|
|
|
return -EINVAL;
|
2011-09-28 12:23:02 +00:00
|
|
|
}
|
|
|
|
|
2013-12-13 16:13:39 +00:00
|
|
|
return __verify_planes_array(q->bufs[b->index], b);
|
2013-08-09 11:11:26 +00:00
|
|
|
}
|
2011-09-28 12:23:02 +00:00
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/**
|
2013-08-09 11:11:26 +00:00
|
|
|
* vb2_prepare_buf() - Pass ownership of a buffer from userspace to the kernel
|
2010-10-11 13:56:41 +00:00
|
|
|
* @q: videobuf2 queue
|
2013-08-09 11:11:26 +00:00
|
|
|
* @b: buffer structure passed from userspace to vidioc_prepare_buf
|
|
|
|
* handler in driver
|
2010-10-11 13:56:41 +00:00
|
|
|
*
|
2013-08-09 11:11:26 +00:00
|
|
|
* Should be called from vidioc_prepare_buf ioctl handler of a driver.
|
2010-10-11 13:56:41 +00:00
|
|
|
* This function:
|
|
|
|
* 1) verifies the passed buffer,
|
2013-08-09 11:11:26 +00:00
|
|
|
* 2) calls buf_prepare callback in the driver (if provided), in which
|
|
|
|
* driver-specific buffer initialization can be performed,
|
2010-10-11 13:56:41 +00:00
|
|
|
*
|
|
|
|
* The return values from this function are intended to be directly returned
|
2013-08-09 11:11:26 +00:00
|
|
|
* from vidioc_prepare_buf handler in driver.
|
2010-10-11 13:56:41 +00:00
|
|
|
*/
|
2013-08-09 11:11:26 +00:00
|
|
|
int vb2_prepare_buf(struct vb2_queue *q, struct v4l2_buffer *b)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
2013-12-13 16:13:39 +00:00
|
|
|
struct vb2_buffer *vb;
|
2013-12-13 16:13:41 +00:00
|
|
|
int ret;
|
|
|
|
|
2014-04-07 12:23:50 +00:00
|
|
|
if (vb2_fileio_is_active(q)) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "file io in progress\n");
|
2013-12-13 16:13:41 +00:00
|
|
|
return -EBUSY;
|
|
|
|
}
|
2013-12-13 16:13:39 +00:00
|
|
|
|
2013-12-13 16:13:41 +00:00
|
|
|
ret = vb2_queue_or_prepare_buf(q, b, "prepare_buf");
|
2013-12-13 16:13:39 +00:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
vb = q->bufs[b->index];
|
|
|
|
if (vb->state != VB2_BUF_STATE_DEQUEUED) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "invalid buffer state %d\n",
|
2013-12-13 16:13:39 +00:00
|
|
|
vb->state);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = __buf_prepare(vb, b);
|
|
|
|
if (!ret) {
|
|
|
|
/* Fill buffer information for the userspace */
|
|
|
|
__fill_v4l2_buffer(vb, b);
|
|
|
|
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "prepare of buffer %d succeeded\n", vb->v4l2_buf.index);
|
2013-12-13 16:13:39 +00:00
|
|
|
}
|
|
|
|
return ret;
|
2013-08-09 11:11:26 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_prepare_buf);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2013-12-13 16:13:42 +00:00
|
|
|
/**
|
|
|
|
* vb2_start_streaming() - Attempt to start streaming.
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
*
|
2014-02-24 16:51:03 +00:00
|
|
|
* Attempt to start streaming. When this function is called there must be
|
|
|
|
* at least q->min_buffers_needed buffers queued up (i.e. the minimum
|
|
|
|
* number of buffers required for the DMA engine to function). If the
|
|
|
|
* @start_streaming op fails it is supposed to return all the driver-owned
|
|
|
|
* buffers back to vb2 in state QUEUED. Check if that happened and if
|
|
|
|
* not warn and reclaim them forcefully.
|
2013-12-13 16:13:42 +00:00
|
|
|
*/
|
|
|
|
static int vb2_start_streaming(struct vb2_queue *q)
|
|
|
|
{
|
2014-02-24 16:51:03 +00:00
|
|
|
struct vb2_buffer *vb;
|
2013-12-13 16:13:42 +00:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
/*
|
2014-02-24 16:51:03 +00:00
|
|
|
* If any buffers were queued before streamon,
|
|
|
|
* we can now pass them to driver for processing.
|
2013-12-13 16:13:42 +00:00
|
|
|
*/
|
2014-02-24 16:51:03 +00:00
|
|
|
list_for_each_entry(vb, &q->queued_list, queued_entry)
|
|
|
|
__enqueue_in_driver(vb);
|
|
|
|
|
|
|
|
/* Tell the driver to start streaming */
|
2014-06-23 21:00:22 +00:00
|
|
|
q->start_streaming_called = 1;
|
2014-02-24 16:51:03 +00:00
|
|
|
ret = call_qop(q, start_streaming, q,
|
|
|
|
atomic_read(&q->owned_by_drv_count));
|
|
|
|
if (!ret)
|
2013-12-13 16:13:42 +00:00
|
|
|
return 0;
|
2014-02-24 16:51:03 +00:00
|
|
|
|
2014-06-23 21:00:22 +00:00
|
|
|
q->start_streaming_called = 0;
|
|
|
|
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "driver refused to start streaming\n");
|
2014-08-04 05:33:53 +00:00
|
|
|
/*
|
|
|
|
* If you see this warning, then the driver isn't cleaning up properly
|
|
|
|
* after a failed start_streaming(). See the start_streaming()
|
|
|
|
* documentation in videobuf2-core.h for more information how buffers
|
|
|
|
* should be returned to vb2 in start_streaming().
|
|
|
|
*/
|
2014-02-24 16:51:03 +00:00
|
|
|
if (WARN_ON(atomic_read(&q->owned_by_drv_count))) {
|
|
|
|
unsigned i;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Forcefully reclaim buffers if the driver did not
|
|
|
|
* correctly return them to vb2.
|
|
|
|
*/
|
|
|
|
for (i = 0; i < q->num_buffers; ++i) {
|
|
|
|
vb = q->bufs[i];
|
|
|
|
if (vb->state == VB2_BUF_STATE_ACTIVE)
|
|
|
|
vb2_buffer_done(vb, VB2_BUF_STATE_QUEUED);
|
|
|
|
}
|
|
|
|
/* Must be zero now */
|
|
|
|
WARN_ON(atomic_read(&q->owned_by_drv_count));
|
2013-12-13 16:13:42 +00:00
|
|
|
}
|
2014-08-04 10:14:14 +00:00
|
|
|
/*
|
|
|
|
* If done_list is not empty, then start_streaming() didn't call
|
|
|
|
* vb2_buffer_done(vb, VB2_BUF_STATE_QUEUED) but STATE_ERROR or
|
|
|
|
* STATE_DONE.
|
|
|
|
*/
|
|
|
|
WARN_ON(!list_empty(&q->done_list));
|
2013-12-13 16:13:42 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2013-12-13 16:13:41 +00:00
|
|
|
static int vb2_internal_qbuf(struct vb2_queue *q, struct v4l2_buffer *b)
|
2013-08-09 11:11:26 +00:00
|
|
|
{
|
2013-12-13 16:13:39 +00:00
|
|
|
int ret = vb2_queue_or_prepare_buf(q, b, "qbuf");
|
|
|
|
struct vb2_buffer *vb;
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
vb = q->bufs[b->index];
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2011-08-31 09:51:10 +00:00
|
|
|
switch (vb->state) {
|
|
|
|
case VB2_BUF_STATE_DEQUEUED:
|
|
|
|
ret = __buf_prepare(vb, b);
|
|
|
|
if (ret)
|
2013-08-09 11:11:26 +00:00
|
|
|
return ret;
|
2013-12-13 16:13:39 +00:00
|
|
|
break;
|
2011-08-31 09:51:10 +00:00
|
|
|
case VB2_BUF_STATE_PREPARED:
|
|
|
|
break;
|
2013-12-13 16:13:38 +00:00
|
|
|
case VB2_BUF_STATE_PREPARING:
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "buffer still being prepared\n");
|
2013-12-13 16:13:38 +00:00
|
|
|
return -EINVAL;
|
2011-08-31 09:51:10 +00:00
|
|
|
default:
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "invalid buffer state %d\n", vb->state);
|
2013-08-09 11:11:26 +00:00
|
|
|
return -EINVAL;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Add to the queued buffers list, a buffer will stay on it until
|
|
|
|
* dequeued in dqbuf.
|
|
|
|
*/
|
|
|
|
list_add_tail(&vb->queued_entry, &q->queued_list);
|
2014-02-24 16:51:03 +00:00
|
|
|
q->queued_count++;
|
2014-09-20 19:16:35 +00:00
|
|
|
q->waiting_for_buffers = false;
|
2010-10-11 13:56:41 +00:00
|
|
|
vb->state = VB2_BUF_STATE_QUEUED;
|
2014-02-24 17:44:50 +00:00
|
|
|
if (V4L2_TYPE_IS_OUTPUT(q->type)) {
|
|
|
|
/*
|
|
|
|
* For output buffers copy the timestamp if needed,
|
|
|
|
* and the timecode field and flag if needed.
|
|
|
|
*/
|
2014-03-01 13:28:02 +00:00
|
|
|
if ((q->timestamp_flags & V4L2_BUF_FLAG_TIMESTAMP_MASK) ==
|
|
|
|
V4L2_BUF_FLAG_TIMESTAMP_COPY)
|
2014-02-24 17:44:50 +00:00
|
|
|
vb->v4l2_buf.timestamp = b->timestamp;
|
|
|
|
vb->v4l2_buf.flags |= b->flags & V4L2_BUF_FLAG_TIMECODE;
|
|
|
|
if (b->flags & V4L2_BUF_FLAG_TIMECODE)
|
|
|
|
vb->v4l2_buf.timecode = b->timecode;
|
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If already streaming, give the buffer to driver for processing.
|
|
|
|
* If not, the buffer will be given to driver on next streamon.
|
|
|
|
*/
|
2014-02-24 16:51:03 +00:00
|
|
|
if (q->start_streaming_called)
|
2010-10-11 13:56:41 +00:00
|
|
|
__enqueue_in_driver(vb);
|
|
|
|
|
2013-12-13 16:13:39 +00:00
|
|
|
/* Fill buffer information for the userspace */
|
|
|
|
__fill_v4l2_buffer(vb, b);
|
2011-09-28 10:23:27 +00:00
|
|
|
|
2014-02-24 16:51:03 +00:00
|
|
|
/*
|
|
|
|
* If streamon has been called, and we haven't yet called
|
|
|
|
* start_streaming() since not enough buffers were queued, and
|
|
|
|
* we now have reached the minimum number of queued buffers,
|
|
|
|
* then we can finally call start_streaming().
|
|
|
|
*/
|
|
|
|
if (q->streaming && !q->start_streaming_called &&
|
|
|
|
q->queued_count >= q->min_buffers_needed) {
|
2013-12-13 16:13:42 +00:00
|
|
|
ret = vb2_start_streaming(q);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "qbuf of buffer %d succeeded\n", vb->v4l2_buf.index);
|
2013-12-13 16:13:39 +00:00
|
|
|
return 0;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
2013-12-13 16:13:41 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* vb2_qbuf() - Queue a buffer from userspace
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
* @b: buffer structure passed from userspace to vidioc_qbuf handler
|
|
|
|
* in driver
|
|
|
|
*
|
|
|
|
* Should be called from vidioc_qbuf ioctl handler of a driver.
|
|
|
|
* This function:
|
|
|
|
* 1) verifies the passed buffer,
|
|
|
|
* 2) if necessary, calls buf_prepare callback in the driver (if provided), in
|
|
|
|
* which driver-specific buffer initialization can be performed,
|
|
|
|
* 3) if streaming is on, queues the buffer in driver by the means of buf_queue
|
|
|
|
* callback for processing.
|
|
|
|
*
|
|
|
|
* The return values from this function are intended to be directly returned
|
|
|
|
* from vidioc_qbuf handler in driver.
|
|
|
|
*/
|
|
|
|
int vb2_qbuf(struct vb2_queue *q, struct v4l2_buffer *b)
|
|
|
|
{
|
2014-04-07 12:23:50 +00:00
|
|
|
if (vb2_fileio_is_active(q)) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "file io in progress\n");
|
2013-12-13 16:13:41 +00:00
|
|
|
return -EBUSY;
|
|
|
|
}
|
|
|
|
|
|
|
|
return vb2_internal_qbuf(q, b);
|
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
EXPORT_SYMBOL_GPL(vb2_qbuf);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __vb2_wait_for_done_vb() - wait for a buffer to become available
|
|
|
|
* for dequeuing
|
|
|
|
*
|
|
|
|
* Will sleep if required for nonblocking == false.
|
|
|
|
*/
|
|
|
|
static int __vb2_wait_for_done_vb(struct vb2_queue *q, int nonblocking)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* All operations on vb_done_list are performed under done_lock
|
|
|
|
* spinlock protection. However, buffers may be removed from
|
|
|
|
* it and returned to userspace only while holding both driver's
|
|
|
|
* lock and the done_lock spinlock. Thus we can be sure that as
|
|
|
|
* long as we hold the driver's lock, the list will remain not
|
|
|
|
* empty if list_empty() check succeeds.
|
|
|
|
*/
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (!q->streaming) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "streaming off, will not wait for buffers\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2014-06-03 21:53:25 +00:00
|
|
|
if (q->error) {
|
|
|
|
dprintk(1, "Queue in error state, will not wait for buffers\n");
|
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
|
2015-05-04 10:51:06 +00:00
|
|
|
if (q->last_buffer_dequeued) {
|
|
|
|
dprintk(3, "last buffer dequeued already, will not wait for buffers\n");
|
|
|
|
return -EPIPE;
|
|
|
|
}
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
if (!list_empty(&q->done_list)) {
|
|
|
|
/*
|
|
|
|
* Found a buffer that we were waiting for.
|
|
|
|
*/
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nonblocking) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "nonblocking and no buffers to dequeue, "
|
2010-10-11 13:56:41 +00:00
|
|
|
"will not wait\n");
|
|
|
|
return -EAGAIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We are streaming and blocking, wait for another buffer to
|
|
|
|
* become ready or for streamoff. Driver's lock is released to
|
|
|
|
* allow streamoff or qbuf to be called while waiting.
|
|
|
|
*/
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_qop(q, wait_prepare, q);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* All locks have been released, it is safe to sleep now.
|
|
|
|
*/
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(3, "will sleep waiting for buffers\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
ret = wait_event_interruptible(q->done_wq,
|
2014-06-03 21:53:25 +00:00
|
|
|
!list_empty(&q->done_list) || !q->streaming ||
|
|
|
|
q->error);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* We need to reevaluate both conditions again after reacquiring
|
|
|
|
* the locks or return an error if one occurred.
|
|
|
|
*/
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_qop(q, wait_finish, q);
|
2012-09-28 09:12:53 +00:00
|
|
|
if (ret) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "sleep was interrupted\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return ret;
|
2012-09-28 09:12:53 +00:00
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __vb2_get_done_vb() - get a buffer ready for dequeuing
|
|
|
|
*
|
|
|
|
* Will sleep if required for nonblocking == false.
|
|
|
|
*/
|
|
|
|
static int __vb2_get_done_vb(struct vb2_queue *q, struct vb2_buffer **vb,
|
2012-09-28 09:12:53 +00:00
|
|
|
struct v4l2_buffer *b, int nonblocking)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
|
|
|
unsigned long flags;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Wait for at least one buffer to become available on the done_list.
|
|
|
|
*/
|
|
|
|
ret = __vb2_wait_for_done_vb(q, nonblocking);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Driver's lock has been held since we last verified that done_list
|
|
|
|
* is not empty, so no need for another list_empty(done_list) check.
|
|
|
|
*/
|
|
|
|
spin_lock_irqsave(&q->done_lock, flags);
|
|
|
|
*vb = list_first_entry(&q->done_list, struct vb2_buffer, done_entry);
|
2012-09-28 09:12:53 +00:00
|
|
|
/*
|
|
|
|
* Only remove the buffer from done_list if v4l2_buffer can handle all
|
|
|
|
* the planes.
|
|
|
|
*/
|
|
|
|
ret = __verify_planes_array(*vb, b);
|
|
|
|
if (!ret)
|
|
|
|
list_del(&(*vb)->done_entry);
|
2010-10-11 13:56:41 +00:00
|
|
|
spin_unlock_irqrestore(&q->done_lock, flags);
|
|
|
|
|
2012-09-28 09:12:53 +00:00
|
|
|
return ret;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* vb2_wait_for_all_buffers() - wait until all buffers are given back to vb2
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
*
|
|
|
|
* This function will wait until all buffers that have been given to the driver
|
|
|
|
* by buf_queue() are given back to vb2 with vb2_buffer_done(). It doesn't call
|
|
|
|
* wait_prepare, wait_finish pair. It is intended to be called with all locks
|
|
|
|
* taken, for example from stop_streaming() callback.
|
|
|
|
*/
|
|
|
|
int vb2_wait_for_all_buffers(struct vb2_queue *q)
|
|
|
|
{
|
|
|
|
if (!q->streaming) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "streaming off, will not wait for buffers\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2014-02-24 16:51:03 +00:00
|
|
|
if (q->start_streaming_called)
|
2014-02-06 08:46:11 +00:00
|
|
|
wait_event(q->done_wq, !atomic_read(&q->owned_by_drv_count));
|
2010-10-11 13:56:41 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_wait_for_all_buffers);
|
|
|
|
|
2012-06-14 13:37:37 +00:00
|
|
|
/**
|
|
|
|
* __vb2_dqbuf() - bring back the buffer to the DEQUEUED state
|
|
|
|
*/
|
|
|
|
static void __vb2_dqbuf(struct vb2_buffer *vb)
|
|
|
|
{
|
|
|
|
struct vb2_queue *q = vb->vb2_queue;
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
/* nothing to do if the buffer is already dequeued */
|
|
|
|
if (vb->state == VB2_BUF_STATE_DEQUEUED)
|
|
|
|
return;
|
|
|
|
|
|
|
|
vb->state = VB2_BUF_STATE_DEQUEUED;
|
|
|
|
|
|
|
|
/* unmap DMABUF buffer */
|
|
|
|
if (q->memory == V4L2_MEMORY_DMABUF)
|
|
|
|
for (i = 0; i < vb->num_planes; ++i) {
|
|
|
|
if (!vb->planes[i].dbuf_mapped)
|
|
|
|
continue;
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_memop(vb, unmap_dmabuf, vb->planes[i].mem_priv);
|
2012-06-14 13:37:37 +00:00
|
|
|
vb->planes[i].dbuf_mapped = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-12-13 16:13:41 +00:00
|
|
|
static int vb2_internal_dqbuf(struct vb2_queue *q, struct v4l2_buffer *b, bool nonblocking)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
|
|
|
struct vb2_buffer *vb = NULL;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (b->type != q->type) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "invalid buffer type\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2012-09-28 09:12:53 +00:00
|
|
|
ret = __vb2_get_done_vb(q, &vb, b, nonblocking);
|
|
|
|
if (ret < 0)
|
2010-10-11 13:56:41 +00:00
|
|
|
return ret;
|
|
|
|
|
|
|
|
switch (vb->state) {
|
|
|
|
case VB2_BUF_STATE_DONE:
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(3, "returning done buffer\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
break;
|
|
|
|
case VB2_BUF_STATE_ERROR:
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(3, "returning done buffer with errors\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
break;
|
|
|
|
default:
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "invalid buffer state\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_vb_qop(vb, buf_finish, vb);
|
2014-02-28 16:30:48 +00:00
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/* Fill buffer information for the userspace */
|
|
|
|
__fill_v4l2_buffer(vb, b);
|
|
|
|
/* Remove from videobuf queue */
|
|
|
|
list_del(&vb->queued_entry);
|
2014-02-24 16:51:03 +00:00
|
|
|
q->queued_count--;
|
2015-05-04 10:51:06 +00:00
|
|
|
if (!V4L2_TYPE_IS_OUTPUT(q->type) &&
|
|
|
|
vb->v4l2_buf.flags & V4L2_BUF_FLAG_LAST)
|
|
|
|
q->last_buffer_dequeued = true;
|
2012-06-14 13:37:37 +00:00
|
|
|
/* go back to dequeued state */
|
|
|
|
__vb2_dqbuf(vb);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
dprintk(1, "dqbuf of buffer %d, with state %d\n",
|
|
|
|
vb->v4l2_buf.index, vb->state);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2013-12-13 16:13:41 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* vb2_dqbuf() - Dequeue a buffer to the userspace
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
* @b: buffer structure passed from userspace to vidioc_dqbuf handler
|
|
|
|
* in driver
|
|
|
|
* @nonblocking: if true, this call will not sleep waiting for a buffer if no
|
|
|
|
* buffers ready for dequeuing are present. Normally the driver
|
|
|
|
* would be passing (file->f_flags & O_NONBLOCK) here
|
|
|
|
*
|
|
|
|
* Should be called from vidioc_dqbuf ioctl handler of a driver.
|
|
|
|
* This function:
|
|
|
|
* 1) verifies the passed buffer,
|
|
|
|
* 2) calls buf_finish callback in the driver (if provided), in which
|
|
|
|
* driver can perform any additional operations that may be required before
|
|
|
|
* returning the buffer to userspace, such as cache sync,
|
|
|
|
* 3) the buffer struct members are filled with relevant information for
|
|
|
|
* the userspace.
|
|
|
|
*
|
|
|
|
* The return values from this function are intended to be directly returned
|
|
|
|
* from vidioc_dqbuf handler in driver.
|
|
|
|
*/
|
|
|
|
int vb2_dqbuf(struct vb2_queue *q, struct v4l2_buffer *b, bool nonblocking)
|
|
|
|
{
|
2014-04-07 12:23:50 +00:00
|
|
|
if (vb2_fileio_is_active(q)) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "file io in progress\n");
|
2013-12-13 16:13:41 +00:00
|
|
|
return -EBUSY;
|
|
|
|
}
|
|
|
|
return vb2_internal_dqbuf(q, b, nonblocking);
|
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
EXPORT_SYMBOL_GPL(vb2_dqbuf);
|
|
|
|
|
2011-08-29 11:51:49 +00:00
|
|
|
/**
|
|
|
|
* __vb2_queue_cancel() - cancel and stop (pause) streaming
|
|
|
|
*
|
|
|
|
* Removes all queued buffers from driver's queue and all buffers queued by
|
|
|
|
* userspace from videobuf's queue. Returns to state after reqbufs.
|
|
|
|
*/
|
|
|
|
static void __vb2_queue_cancel(struct vb2_queue *q)
|
|
|
|
{
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Tell driver to stop all transactions and release all queued
|
|
|
|
* buffers.
|
|
|
|
*/
|
2014-02-24 16:51:03 +00:00
|
|
|
if (q->start_streaming_called)
|
2014-04-17 05:47:21 +00:00
|
|
|
call_void_qop(q, stop_streaming, q);
|
2014-02-24 16:51:03 +00:00
|
|
|
|
2014-08-04 05:33:53 +00:00
|
|
|
/*
|
|
|
|
* If you see this warning, then the driver isn't cleaning up properly
|
|
|
|
* in stop_streaming(). See the stop_streaming() documentation in
|
|
|
|
* videobuf2-core.h for more information how buffers should be returned
|
|
|
|
* to vb2 in stop_streaming().
|
|
|
|
*/
|
2014-02-24 16:51:03 +00:00
|
|
|
if (WARN_ON(atomic_read(&q->owned_by_drv_count))) {
|
|
|
|
for (i = 0; i < q->num_buffers; ++i)
|
|
|
|
if (q->bufs[i]->state == VB2_BUF_STATE_ACTIVE)
|
|
|
|
vb2_buffer_done(q->bufs[i], VB2_BUF_STATE_ERROR);
|
|
|
|
/* Must be zero now */
|
|
|
|
WARN_ON(atomic_read(&q->owned_by_drv_count));
|
|
|
|
}
|
2011-08-29 11:51:49 +00:00
|
|
|
|
2014-04-20 23:55:41 +00:00
|
|
|
q->streaming = 0;
|
|
|
|
q->start_streaming_called = 0;
|
|
|
|
q->queued_count = 0;
|
2014-06-03 21:53:25 +00:00
|
|
|
q->error = 0;
|
2014-04-20 23:55:41 +00:00
|
|
|
|
2011-08-29 11:51:49 +00:00
|
|
|
/*
|
|
|
|
* Remove all buffers from videobuf's list...
|
|
|
|
*/
|
|
|
|
INIT_LIST_HEAD(&q->queued_list);
|
|
|
|
/*
|
|
|
|
* ...and done list; userspace will not receive any buffers it
|
|
|
|
* has not already dequeued before initiating cancel.
|
|
|
|
*/
|
|
|
|
INIT_LIST_HEAD(&q->done_list);
|
2014-02-06 08:46:11 +00:00
|
|
|
atomic_set(&q->owned_by_drv_count, 0);
|
2011-08-29 11:51:49 +00:00
|
|
|
wake_up_all(&q->done_wq);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Reinitialize all buffers for next use.
|
2014-03-04 10:34:49 +00:00
|
|
|
* Make sure to call buf_finish for any queued buffers. Normally
|
|
|
|
* that's done in dqbuf, but that's not going to happen when we
|
|
|
|
* cancel the whole queue. Note: this code belongs here, not in
|
|
|
|
* __vb2_dqbuf() since in vb2_internal_dqbuf() there is a critical
|
|
|
|
* call to __fill_v4l2_buffer() after buf_finish(). That order can't
|
|
|
|
* be changed, so we can't move the buf_finish() to __vb2_dqbuf().
|
2011-08-29 11:51:49 +00:00
|
|
|
*/
|
2014-03-04 10:34:49 +00:00
|
|
|
for (i = 0; i < q->num_buffers; ++i) {
|
|
|
|
struct vb2_buffer *vb = q->bufs[i];
|
|
|
|
|
|
|
|
if (vb->state != VB2_BUF_STATE_DEQUEUED) {
|
|
|
|
vb->state = VB2_BUF_STATE_PREPARED;
|
2014-03-17 12:54:21 +00:00
|
|
|
call_void_vb_qop(vb, buf_finish, vb);
|
2014-03-04 10:34:49 +00:00
|
|
|
}
|
|
|
|
__vb2_dqbuf(vb);
|
|
|
|
}
|
2011-08-29 11:51:49 +00:00
|
|
|
}
|
|
|
|
|
2013-12-13 16:13:41 +00:00
|
|
|
static int vb2_internal_streamon(struct vb2_queue *q, enum v4l2_buf_type type)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
2011-03-20 22:26:41 +00:00
|
|
|
int ret;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
if (type != q->type) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "invalid stream type\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (q->streaming) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(3, "already streaming\n");
|
2013-11-08 10:08:45 +00:00
|
|
|
return 0;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
|
2014-01-08 08:01:33 +00:00
|
|
|
if (!q->num_buffers) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "no buffers have been allocated\n");
|
2014-01-08 08:01:33 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2014-02-24 16:51:03 +00:00
|
|
|
if (q->num_buffers < q->min_buffers_needed) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "need at least %u allocated buffers\n",
|
2014-02-24 16:51:03 +00:00
|
|
|
q->min_buffers_needed);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
2014-01-08 08:01:33 +00:00
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/*
|
2014-02-24 16:51:03 +00:00
|
|
|
* Tell driver to start streaming provided sufficient buffers
|
|
|
|
* are available.
|
2010-10-11 13:56:41 +00:00
|
|
|
*/
|
2014-02-24 16:51:03 +00:00
|
|
|
if (q->queued_count >= q->min_buffers_needed) {
|
|
|
|
ret = vb2_start_streaming(q);
|
|
|
|
if (ret) {
|
|
|
|
__vb2_queue_cancel(q);
|
|
|
|
return ret;
|
|
|
|
}
|
2011-03-20 22:26:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
q->streaming = 1;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(3, "successful\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2014-06-03 21:53:25 +00:00
|
|
|
/**
|
|
|
|
* vb2_queue_error() - signal a fatal error on the queue
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
*
|
|
|
|
* Flag that a fatal unrecoverable error has occurred and wake up all processes
|
|
|
|
* waiting on the queue. Polling will now set POLLERR and queuing and dequeuing
|
|
|
|
* buffers will return -EIO.
|
|
|
|
*
|
|
|
|
* The error flag will be cleared when cancelling the queue, either from
|
|
|
|
* vb2_streamoff or vb2_queue_release. Drivers should thus not call this
|
|
|
|
* function before starting the stream, otherwise the error flag will remain set
|
|
|
|
* until the queue is released when closing the device node.
|
|
|
|
*/
|
|
|
|
void vb2_queue_error(struct vb2_queue *q)
|
|
|
|
{
|
|
|
|
q->error = 1;
|
|
|
|
|
|
|
|
wake_up_all(&q->done_wq);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_queue_error);
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/**
|
2013-12-13 16:13:41 +00:00
|
|
|
* vb2_streamon - start streaming
|
2010-10-11 13:56:41 +00:00
|
|
|
* @q: videobuf2 queue
|
2013-12-13 16:13:41 +00:00
|
|
|
* @type: type argument passed from userspace to vidioc_streamon handler
|
2010-10-11 13:56:41 +00:00
|
|
|
*
|
2013-12-13 16:13:41 +00:00
|
|
|
* Should be called from vidioc_streamon handler of a driver.
|
2010-10-11 13:56:41 +00:00
|
|
|
* This function:
|
2013-12-13 16:13:41 +00:00
|
|
|
* 1) verifies current state
|
|
|
|
* 2) passes any previously queued buffers to the driver and starts streaming
|
2010-10-11 13:56:41 +00:00
|
|
|
*
|
|
|
|
* The return values from this function are intended to be directly returned
|
2013-12-13 16:13:41 +00:00
|
|
|
* from vidioc_streamon handler in the driver.
|
2010-10-11 13:56:41 +00:00
|
|
|
*/
|
2013-12-13 16:13:41 +00:00
|
|
|
int vb2_streamon(struct vb2_queue *q, enum v4l2_buf_type type)
|
2010-10-11 13:56:41 +00:00
|
|
|
{
|
2014-04-07 12:23:50 +00:00
|
|
|
if (vb2_fileio_is_active(q)) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "file io in progress\n");
|
2010-12-06 08:56:55 +00:00
|
|
|
return -EBUSY;
|
|
|
|
}
|
2013-12-13 16:13:41 +00:00
|
|
|
return vb2_internal_streamon(q, type);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_streamon);
|
2010-12-06 08:56:55 +00:00
|
|
|
|
2013-12-13 16:13:41 +00:00
|
|
|
static int vb2_internal_streamoff(struct vb2_queue *q, enum v4l2_buf_type type)
|
|
|
|
{
|
2010-10-11 13:56:41 +00:00
|
|
|
if (type != q->type) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "invalid stream type\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Cancel will pause streaming and remove all buffers from the driver
|
|
|
|
* and videobuf, effectively returning control over them to userspace.
|
2014-02-25 12:42:45 +00:00
|
|
|
*
|
|
|
|
* Note that we do this even if q->streaming == 0: if you prepare or
|
|
|
|
* queue buffers, and then call streamoff without ever having called
|
|
|
|
* streamon, you would still expect those buffers to be returned to
|
|
|
|
* their normal dequeued state.
|
2010-10-11 13:56:41 +00:00
|
|
|
*/
|
|
|
|
__vb2_queue_cancel(q);
|
2014-09-20 19:16:35 +00:00
|
|
|
q->waiting_for_buffers = !V4L2_TYPE_IS_OUTPUT(q->type);
|
2015-05-04 10:51:06 +00:00
|
|
|
q->last_buffer_dequeued = false;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(3, "successful\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return 0;
|
|
|
|
}
|
2013-12-13 16:13:41 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* vb2_streamoff - stop streaming
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
* @type: type argument passed from userspace to vidioc_streamoff handler
|
|
|
|
*
|
|
|
|
* Should be called from vidioc_streamoff handler of a driver.
|
|
|
|
* This function:
|
|
|
|
* 1) verifies current state,
|
|
|
|
* 2) stop streaming and dequeues any queued buffers, including those previously
|
|
|
|
* passed to the driver (after waiting for the driver to finish).
|
|
|
|
*
|
|
|
|
* This call can be used for pausing playback.
|
|
|
|
* The return values from this function are intended to be directly returned
|
|
|
|
* from vidioc_streamoff handler in the driver
|
|
|
|
*/
|
|
|
|
int vb2_streamoff(struct vb2_queue *q, enum v4l2_buf_type type)
|
|
|
|
{
|
2014-04-07 12:23:50 +00:00
|
|
|
if (vb2_fileio_is_active(q)) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "file io in progress\n");
|
2013-12-13 16:13:41 +00:00
|
|
|
return -EBUSY;
|
|
|
|
}
|
|
|
|
return vb2_internal_streamoff(q, type);
|
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
EXPORT_SYMBOL_GPL(vb2_streamoff);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __find_plane_by_offset() - find plane associated with the given offset off
|
|
|
|
*/
|
|
|
|
static int __find_plane_by_offset(struct vb2_queue *q, unsigned long off,
|
|
|
|
unsigned int *_buffer, unsigned int *_plane)
|
|
|
|
{
|
|
|
|
struct vb2_buffer *vb;
|
|
|
|
unsigned int buffer, plane;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Go over all buffers and their planes, comparing the given offset
|
|
|
|
* with an offset assigned to each plane. If a match is found,
|
|
|
|
* return its buffer and plane numbers.
|
|
|
|
*/
|
|
|
|
for (buffer = 0; buffer < q->num_buffers; ++buffer) {
|
|
|
|
vb = q->bufs[buffer];
|
|
|
|
|
|
|
|
for (plane = 0; plane < vb->num_planes; ++plane) {
|
|
|
|
if (vb->v4l2_planes[plane].m.mem_offset == off) {
|
|
|
|
*_buffer = buffer;
|
|
|
|
*_plane = plane;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2012-06-14 14:32:24 +00:00
|
|
|
/**
|
|
|
|
* vb2_expbuf() - Export a buffer as a file descriptor
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
* @eb: export buffer structure passed from userspace to vidioc_expbuf
|
|
|
|
* handler in driver
|
|
|
|
*
|
|
|
|
* The return values from this function are intended to be directly returned
|
|
|
|
* from vidioc_expbuf handler in driver.
|
|
|
|
*/
|
|
|
|
int vb2_expbuf(struct vb2_queue *q, struct v4l2_exportbuffer *eb)
|
|
|
|
{
|
|
|
|
struct vb2_buffer *vb = NULL;
|
|
|
|
struct vb2_plane *vb_plane;
|
|
|
|
int ret;
|
|
|
|
struct dma_buf *dbuf;
|
|
|
|
|
|
|
|
if (q->memory != V4L2_MEMORY_MMAP) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "queue is not currently set up for mmap\n");
|
2012-06-14 14:32:24 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!q->mem_ops->get_dmabuf) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "queue does not support DMA buffer exporting\n");
|
2012-06-14 14:32:24 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2013-05-21 08:11:35 +00:00
|
|
|
if (eb->flags & ~(O_CLOEXEC | O_ACCMODE)) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "queue does support only O_CLOEXEC and access mode flags\n");
|
2012-06-14 14:32:24 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (eb->type != q->type) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(1, "invalid buffer type\n");
|
2012-06-14 14:32:24 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (eb->index >= q->num_buffers) {
|
|
|
|
dprintk(1, "buffer index out of range\n");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
vb = q->bufs[eb->index];
|
|
|
|
|
|
|
|
if (eb->plane >= vb->num_planes) {
|
|
|
|
dprintk(1, "buffer plane out of range\n");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2014-04-07 12:23:50 +00:00
|
|
|
if (vb2_fileio_is_active(q)) {
|
|
|
|
dprintk(1, "expbuf: file io in progress\n");
|
|
|
|
return -EBUSY;
|
|
|
|
}
|
|
|
|
|
2012-06-14 14:32:24 +00:00
|
|
|
vb_plane = &vb->planes[eb->plane];
|
|
|
|
|
2014-03-17 12:54:21 +00:00
|
|
|
dbuf = call_ptr_memop(vb, get_dmabuf, vb_plane->mem_priv, eb->flags & O_ACCMODE);
|
2012-06-14 14:32:24 +00:00
|
|
|
if (IS_ERR_OR_NULL(dbuf)) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "failed to export buffer %d, plane %d\n",
|
2012-06-14 14:32:24 +00:00
|
|
|
eb->index, eb->plane);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2013-05-21 08:11:35 +00:00
|
|
|
ret = dma_buf_fd(dbuf, eb->flags & ~O_ACCMODE);
|
2012-06-14 14:32:24 +00:00
|
|
|
if (ret < 0) {
|
|
|
|
dprintk(3, "buffer %d, plane %d failed to export (%d)\n",
|
|
|
|
eb->index, eb->plane, ret);
|
|
|
|
dma_buf_put(dbuf);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
dprintk(3, "buffer %d, plane %d exported as %d descriptor\n",
|
|
|
|
eb->index, eb->plane, ret);
|
|
|
|
eb->fd = ret;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_expbuf);
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/**
|
|
|
|
* vb2_mmap() - map video buffers into application address space
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
* @vma: vma passed to the mmap file operation handler in the driver
|
|
|
|
*
|
|
|
|
* Should be called from mmap file operation handler of a driver.
|
|
|
|
* This function maps one plane of one of the available video buffers to
|
|
|
|
* userspace. To map whole video memory allocated on reqbufs, this function
|
|
|
|
* has to be called once per each plane per each buffer previously allocated.
|
|
|
|
*
|
|
|
|
* When the userspace application calls mmap, it passes to it an offset returned
|
|
|
|
* to it earlier by the means of vidioc_querybuf handler. That offset acts as
|
|
|
|
* a "cookie", which is then used to identify the plane to be mapped.
|
|
|
|
* This function finds a plane with a matching offset and a mapping is performed
|
|
|
|
* by the means of a provided memory operation.
|
|
|
|
*
|
|
|
|
* The return values from this function are intended to be directly returned
|
|
|
|
* from the mmap handler in driver.
|
|
|
|
*/
|
|
|
|
int vb2_mmap(struct vb2_queue *q, struct vm_area_struct *vma)
|
|
|
|
{
|
|
|
|
unsigned long off = vma->vm_pgoff << PAGE_SHIFT;
|
|
|
|
struct vb2_buffer *vb;
|
[media] vb2: fix compiler warning
When compiling this for older kernels using the compatibility build
the compiler complains about uninitialized variables:
In file included from include/linux/kernel.h:20:0,
from include/linux/cache.h:4,
from include/linux/time.h:7,
from include/linux/input.h:13,
from /home/hans/work/build/media_build/v4l/compat.h:9,
from <command-line>:0:
/home/hans/work/build/media_build/v4l/videobuf2-core.c: In function 'vb2_mmap':
include/linux/dynamic_debug.h:60:9: warning: 'plane' may be used uninitialized in this function [-Wmaybe-uninitialized]
printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__); \
^
/home/hans/work/build/media_build/v4l/videobuf2-core.c:2381:23: note: 'plane' was declared here
unsigned int buffer, plane;
^
In file included from include/linux/kernel.h:20:0,
from include/linux/cache.h:4,
from include/linux/time.h:7,
from include/linux/input.h:13,
from /home/hans/work/build/media_build/v4l/compat.h:9,
from <command-line>:0:
include/linux/dynamic_debug.h:60:9: warning: 'buffer' may be used uninitialized in this function [-Wmaybe-uninitialized]
printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__); \
^
/home/hans/work/build/media_build/v4l/videobuf2-core.c:2381:15: note: 'buffer' was declared here
unsigned int buffer, plane;
^
While these warnings are bogus (the call to __find_plane_by_offset will
set buffer and plane), it doesn't hurt to initialize these variables.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-04-17 06:17:08 +00:00
|
|
|
unsigned int buffer = 0, plane = 0;
|
2010-10-11 13:56:41 +00:00
|
|
|
int ret;
|
2013-04-19 10:18:01 +00:00
|
|
|
unsigned long length;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
if (q->memory != V4L2_MEMORY_MMAP) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "queue is not currently set up for mmap\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check memory area access mode.
|
|
|
|
*/
|
|
|
|
if (!(vma->vm_flags & VM_SHARED)) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "invalid vma flags, VM_SHARED needed\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
if (V4L2_TYPE_IS_OUTPUT(q->type)) {
|
|
|
|
if (!(vma->vm_flags & VM_WRITE)) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "invalid vma flags, VM_WRITE needed\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if (!(vma->vm_flags & VM_READ)) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "invalid vma flags, VM_READ needed\n");
|
2010-10-11 13:56:41 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
2014-04-07 12:23:50 +00:00
|
|
|
if (vb2_fileio_is_active(q)) {
|
|
|
|
dprintk(1, "mmap: file io in progress\n");
|
|
|
|
return -EBUSY;
|
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Find the plane corresponding to the offset passed by userspace.
|
|
|
|
*/
|
|
|
|
ret = __find_plane_by_offset(q, off, &buffer, &plane);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
vb = q->bufs[buffer];
|
|
|
|
|
2013-04-19 10:18:01 +00:00
|
|
|
/*
|
|
|
|
* MMAP requires page_aligned buffers.
|
|
|
|
* The buffer length was page_aligned at __vb2_buf_mem_alloc(),
|
|
|
|
* so, we need to do the same here.
|
|
|
|
*/
|
|
|
|
length = PAGE_ALIGN(vb->v4l2_planes[plane].length);
|
|
|
|
if (length < (vma->vm_end - vma->vm_start)) {
|
|
|
|
dprintk(1,
|
|
|
|
"MMAP invalid, as it would overflow buffer length\n");
|
2013-04-12 02:57:57 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_lock(&q->mmap_lock);
|
2014-01-29 14:53:25 +00:00
|
|
|
ret = call_memop(vb, mmap, vb->planes[plane].mem_priv, vma);
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_unlock(&q->mmap_lock);
|
2014-03-17 12:54:21 +00:00
|
|
|
if (ret)
|
2010-10-11 13:56:41 +00:00
|
|
|
return ret;
|
|
|
|
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(3, "buffer %d, plane %d successfully mapped\n", buffer, plane);
|
2010-10-11 13:56:41 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_mmap);
|
|
|
|
|
2011-09-21 12:25:23 +00:00
|
|
|
#ifndef CONFIG_MMU
|
|
|
|
unsigned long vb2_get_unmapped_area(struct vb2_queue *q,
|
|
|
|
unsigned long addr,
|
|
|
|
unsigned long len,
|
|
|
|
unsigned long pgoff,
|
|
|
|
unsigned long flags)
|
|
|
|
{
|
|
|
|
unsigned long off = pgoff << PAGE_SHIFT;
|
|
|
|
struct vb2_buffer *vb;
|
|
|
|
unsigned int buffer, plane;
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
void *vaddr;
|
2011-09-21 12:25:23 +00:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (q->memory != V4L2_MEMORY_MMAP) {
|
2014-04-07 12:13:22 +00:00
|
|
|
dprintk(1, "queue is not currently set up for mmap\n");
|
2011-09-21 12:25:23 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Find the plane corresponding to the offset passed by userspace.
|
|
|
|
*/
|
|
|
|
ret = __find_plane_by_offset(q, off, &buffer, &plane);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
vb = q->bufs[buffer];
|
|
|
|
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
vaddr = vb2_plane_vaddr(vb, plane);
|
|
|
|
return vaddr ? (unsigned long)vaddr : -EINVAL;
|
2011-09-21 12:25:23 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_get_unmapped_area);
|
|
|
|
#endif
|
|
|
|
|
2010-12-06 08:56:55 +00:00
|
|
|
static int __vb2_init_fileio(struct vb2_queue *q, int read);
|
|
|
|
static int __vb2_cleanup_fileio(struct vb2_queue *q);
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* vb2_poll() - implements poll userspace operation
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
* @file: file argument passed to the poll file operation handler
|
|
|
|
* @wait: wait argument passed to the poll file operation handler
|
|
|
|
*
|
|
|
|
* This function implements poll file operation handler for a driver.
|
|
|
|
* For CAPTURE queues, if a buffer is ready to be dequeued, the userspace will
|
|
|
|
* be informed that the file descriptor of a video device is available for
|
|
|
|
* reading.
|
|
|
|
* For OUTPUT queues, if a buffer is ready to be dequeued, the file descriptor
|
|
|
|
* will be reported as available for writing.
|
|
|
|
*
|
2011-07-13 07:26:52 +00:00
|
|
|
* If the driver uses struct v4l2_fh, then vb2_poll() will also check for any
|
|
|
|
* pending events.
|
|
|
|
*
|
2010-10-11 13:56:41 +00:00
|
|
|
* The return values from this function are intended to be directly returned
|
|
|
|
* from poll handler in driver.
|
|
|
|
*/
|
|
|
|
unsigned int vb2_poll(struct vb2_queue *q, struct file *file, poll_table *wait)
|
|
|
|
{
|
2011-07-13 07:26:52 +00:00
|
|
|
struct video_device *vfd = video_devdata(file);
|
2011-07-13 07:01:30 +00:00
|
|
|
unsigned long req_events = poll_requested_events(wait);
|
2010-10-11 13:56:41 +00:00
|
|
|
struct vb2_buffer *vb = NULL;
|
2011-07-13 07:26:52 +00:00
|
|
|
unsigned int res = 0;
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
if (test_bit(V4L2_FL_USES_V4L2_FH, &vfd->flags)) {
|
|
|
|
struct v4l2_fh *fh = file->private_data;
|
|
|
|
|
|
|
|
if (v4l2_event_pending(fh))
|
|
|
|
res = POLLPRI;
|
|
|
|
else if (req_events & POLLPRI)
|
|
|
|
poll_wait(file, &fh->wait, wait);
|
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2013-01-30 16:29:02 +00:00
|
|
|
if (!V4L2_TYPE_IS_OUTPUT(q->type) && !(req_events & (POLLIN | POLLRDNORM)))
|
|
|
|
return res;
|
|
|
|
if (V4L2_TYPE_IS_OUTPUT(q->type) && !(req_events & (POLLOUT | POLLWRNORM)))
|
|
|
|
return res;
|
|
|
|
|
2010-12-06 08:56:55 +00:00
|
|
|
/*
|
2011-03-20 21:17:34 +00:00
|
|
|
* Start file I/O emulator only if streaming API has not been used yet.
|
2010-12-06 08:56:55 +00:00
|
|
|
*/
|
2014-04-07 12:23:50 +00:00
|
|
|
if (q->num_buffers == 0 && !vb2_fileio_is_active(q)) {
|
2011-07-13 07:01:30 +00:00
|
|
|
if (!V4L2_TYPE_IS_OUTPUT(q->type) && (q->io_modes & VB2_READ) &&
|
|
|
|
(req_events & (POLLIN | POLLRDNORM))) {
|
2011-07-13 07:26:52 +00:00
|
|
|
if (__vb2_init_fileio(q, 1))
|
|
|
|
return res | POLLERR;
|
2010-12-06 08:56:55 +00:00
|
|
|
}
|
2011-07-13 07:01:30 +00:00
|
|
|
if (V4L2_TYPE_IS_OUTPUT(q->type) && (q->io_modes & VB2_WRITE) &&
|
|
|
|
(req_events & (POLLOUT | POLLWRNORM))) {
|
2011-07-13 07:26:52 +00:00
|
|
|
if (__vb2_init_fileio(q, 0))
|
|
|
|
return res | POLLERR;
|
2010-12-06 08:56:55 +00:00
|
|
|
/*
|
|
|
|
* Write to OUTPUT queue can be done immediately.
|
|
|
|
*/
|
2011-07-13 07:26:52 +00:00
|
|
|
return res | POLLOUT | POLLWRNORM;
|
2010-12-06 08:56:55 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
/*
|
2014-09-20 19:16:35 +00:00
|
|
|
* There is nothing to wait for if the queue isn't streaming, or if the
|
|
|
|
* error flag is set.
|
2010-10-11 13:56:41 +00:00
|
|
|
*/
|
2014-09-20 19:16:35 +00:00
|
|
|
if (!vb2_is_streaming(q) || q->error)
|
|
|
|
return res | POLLERR;
|
|
|
|
/*
|
|
|
|
* For compatibility with vb1: if QBUF hasn't been called yet, then
|
|
|
|
* return POLLERR as well. This only affects capture queues, output
|
|
|
|
* queues will always initialize waiting_for_buffers to false.
|
|
|
|
*/
|
|
|
|
if (q->waiting_for_buffers)
|
2011-07-13 07:26:52 +00:00
|
|
|
return res | POLLERR;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2014-07-24 12:19:37 +00:00
|
|
|
/*
|
|
|
|
* For output streams you can write as long as there are fewer buffers
|
|
|
|
* queued than there are buffers available.
|
|
|
|
*/
|
|
|
|
if (V4L2_TYPE_IS_OUTPUT(q->type) && q->queued_count < q->num_buffers)
|
|
|
|
return res | POLLOUT | POLLWRNORM;
|
|
|
|
|
2015-05-04 10:51:06 +00:00
|
|
|
if (list_empty(&q->done_list)) {
|
|
|
|
/*
|
|
|
|
* If the last buffer was dequeued from a capture queue,
|
|
|
|
* return immediately. DQBUF will return -EPIPE.
|
|
|
|
*/
|
|
|
|
if (q->last_buffer_dequeued)
|
|
|
|
return res | POLLIN | POLLRDNORM;
|
|
|
|
|
2013-05-21 02:47:29 +00:00
|
|
|
poll_wait(file, &q->done_wq, wait);
|
2015-05-04 10:51:06 +00:00
|
|
|
}
|
2010-10-11 13:56:41 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Take first buffer available for dequeuing.
|
|
|
|
*/
|
|
|
|
spin_lock_irqsave(&q->done_lock, flags);
|
|
|
|
if (!list_empty(&q->done_list))
|
|
|
|
vb = list_first_entry(&q->done_list, struct vb2_buffer,
|
|
|
|
done_entry);
|
|
|
|
spin_unlock_irqrestore(&q->done_lock, flags);
|
|
|
|
|
|
|
|
if (vb && (vb->state == VB2_BUF_STATE_DONE
|
|
|
|
|| vb->state == VB2_BUF_STATE_ERROR)) {
|
2011-07-13 07:26:52 +00:00
|
|
|
return (V4L2_TYPE_IS_OUTPUT(q->type)) ?
|
|
|
|
res | POLLOUT | POLLWRNORM :
|
|
|
|
res | POLLIN | POLLRDNORM;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
2011-07-13 07:26:52 +00:00
|
|
|
return res;
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_poll);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* vb2_queue_init() - initialize a videobuf2 queue
|
|
|
|
* @q: videobuf2 queue; this structure should be allocated in driver
|
|
|
|
*
|
|
|
|
* The vb2_queue structure should be allocated by the driver. The driver is
|
|
|
|
* responsible of clearing it's content and setting initial values for some
|
|
|
|
* required entries before calling this function.
|
|
|
|
* q->ops, q->mem_ops, q->type and q->io_modes are mandatory. Please refer
|
|
|
|
* to the struct vb2_queue description in include/media/videobuf2-core.h
|
|
|
|
* for more information.
|
|
|
|
*/
|
|
|
|
int vb2_queue_init(struct vb2_queue *q)
|
|
|
|
{
|
2012-09-17 17:59:30 +00:00
|
|
|
/*
|
|
|
|
* Sanity check
|
|
|
|
*/
|
|
|
|
if (WARN_ON(!q) ||
|
|
|
|
WARN_ON(!q->ops) ||
|
|
|
|
WARN_ON(!q->mem_ops) ||
|
|
|
|
WARN_ON(!q->type) ||
|
|
|
|
WARN_ON(!q->io_modes) ||
|
|
|
|
WARN_ON(!q->ops->queue_setup) ||
|
2013-01-25 09:29:57 +00:00
|
|
|
WARN_ON(!q->ops->buf_queue) ||
|
2013-08-25 20:57:03 +00:00
|
|
|
WARN_ON(q->timestamp_flags &
|
|
|
|
~(V4L2_BUF_FLAG_TIMESTAMP_MASK |
|
|
|
|
V4L2_BUF_FLAG_TSTAMP_SRC_MASK)))
|
2012-09-17 17:59:30 +00:00
|
|
|
return -EINVAL;
|
2010-10-11 13:56:41 +00:00
|
|
|
|
2013-01-25 09:29:57 +00:00
|
|
|
/* Warn that the driver should choose an appropriate timestamp type */
|
2014-03-01 13:28:02 +00:00
|
|
|
WARN_ON((q->timestamp_flags & V4L2_BUF_FLAG_TIMESTAMP_MASK) ==
|
|
|
|
V4L2_BUF_FLAG_TIMESTAMP_UNKNOWN);
|
2013-01-25 09:29:57 +00:00
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
INIT_LIST_HEAD(&q->queued_list);
|
|
|
|
INIT_LIST_HEAD(&q->done_list);
|
|
|
|
spin_lock_init(&q->done_lock);
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_init(&q->mmap_lock);
|
2010-10-11 13:56:41 +00:00
|
|
|
init_waitqueue_head(&q->done_wq);
|
|
|
|
|
|
|
|
if (q->buf_struct_size == 0)
|
|
|
|
q->buf_struct_size = sizeof(struct vb2_buffer);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_queue_init);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* vb2_queue_release() - stop streaming, release the queue and free memory
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
*
|
|
|
|
* This function stops streaming and performs necessary clean ups, including
|
|
|
|
* freeing video buffer memory. The driver is responsible for freeing
|
|
|
|
* the vb2_queue structure itself.
|
|
|
|
*/
|
|
|
|
void vb2_queue_release(struct vb2_queue *q)
|
|
|
|
{
|
2010-12-06 08:56:55 +00:00
|
|
|
__vb2_cleanup_fileio(q);
|
2010-10-11 13:56:41 +00:00
|
|
|
__vb2_queue_cancel(q);
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_lock(&q->mmap_lock);
|
2011-09-28 12:23:02 +00:00
|
|
|
__vb2_queue_free(q, q->num_buffers);
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
mutex_unlock(&q->mmap_lock);
|
2010-10-11 13:56:41 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_queue_release);
|
|
|
|
|
2010-12-06 08:56:55 +00:00
|
|
|
/**
|
|
|
|
* struct vb2_fileio_buf - buffer context used by file io emulator
|
|
|
|
*
|
|
|
|
* vb2 provides a compatibility layer and emulator of file io (read and
|
|
|
|
* write) calls on top of streaming API. This structure is used for
|
|
|
|
* tracking context related to the buffers.
|
|
|
|
*/
|
|
|
|
struct vb2_fileio_buf {
|
|
|
|
void *vaddr;
|
|
|
|
unsigned int size;
|
|
|
|
unsigned int pos;
|
|
|
|
unsigned int queued:1;
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* struct vb2_fileio_data - queue context used by file io emulator
|
|
|
|
*
|
2014-02-14 09:46:50 +00:00
|
|
|
* @cur_index: the index of the buffer currently being read from or
|
|
|
|
* written to. If equal to q->num_buffers then a new buffer
|
|
|
|
* must be dequeued.
|
|
|
|
* @initial_index: in the read() case all buffers are queued up immediately
|
|
|
|
* in __vb2_init_fileio() and __vb2_perform_fileio() just cycles
|
|
|
|
* buffers. However, in the write() case no buffers are initially
|
|
|
|
* queued, instead whenever a buffer is full it is queued up by
|
|
|
|
* __vb2_perform_fileio(). Only once all available buffers have
|
|
|
|
* been queued up will __vb2_perform_fileio() start to dequeue
|
|
|
|
* buffers. This means that initially __vb2_perform_fileio()
|
|
|
|
* needs to know what buffer index to use when it is queuing up
|
|
|
|
* the buffers for the first time. That initial index is stored
|
|
|
|
* in this field. Once it is equal to q->num_buffers all
|
|
|
|
* available buffers have been queued and __vb2_perform_fileio()
|
|
|
|
* should start the normal dequeue/queue cycle.
|
|
|
|
*
|
2010-12-06 08:56:55 +00:00
|
|
|
* vb2 provides a compatibility layer and emulator of file io (read and
|
|
|
|
* write) calls on top of streaming API. For proper operation it required
|
|
|
|
* this structure to save the driver state between each call of the read
|
|
|
|
* or write function.
|
|
|
|
*/
|
|
|
|
struct vb2_fileio_data {
|
|
|
|
struct v4l2_requestbuffers req;
|
2014-04-11 07:40:03 +00:00
|
|
|
struct v4l2_plane p;
|
2010-12-06 08:56:55 +00:00
|
|
|
struct v4l2_buffer b;
|
|
|
|
struct vb2_fileio_buf bufs[VIDEO_MAX_FRAME];
|
2014-02-14 09:46:50 +00:00
|
|
|
unsigned int cur_index;
|
|
|
|
unsigned int initial_index;
|
2010-12-06 08:56:55 +00:00
|
|
|
unsigned int q_count;
|
|
|
|
unsigned int dq_count;
|
2015-02-23 12:26:16 +00:00
|
|
|
unsigned read_once:1;
|
|
|
|
unsigned write_immediately:1;
|
2010-12-06 08:56:55 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __vb2_init_fileio() - initialize file io emulator
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
* @read: mode selector (1 means read, 0 means write)
|
|
|
|
*/
|
|
|
|
static int __vb2_init_fileio(struct vb2_queue *q, int read)
|
|
|
|
{
|
|
|
|
struct vb2_fileio_data *fileio;
|
|
|
|
int i, ret;
|
|
|
|
unsigned int count = 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Sanity check
|
|
|
|
*/
|
2014-02-03 14:22:45 +00:00
|
|
|
if (WARN_ON((read && !(q->io_modes & VB2_READ)) ||
|
|
|
|
(!read && !(q->io_modes & VB2_WRITE))))
|
|
|
|
return -EINVAL;
|
2010-12-06 08:56:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Check if device supports mapping buffers to kernel virtual space.
|
|
|
|
*/
|
|
|
|
if (!q->mem_ops->vaddr)
|
|
|
|
return -EBUSY;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check if streaming api has not been already activated.
|
|
|
|
*/
|
|
|
|
if (q->streaming || q->num_buffers > 0)
|
|
|
|
return -EBUSY;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Start with count 1, driver can increase it in queue_setup()
|
|
|
|
*/
|
|
|
|
count = 1;
|
|
|
|
|
2015-02-23 12:26:16 +00:00
|
|
|
dprintk(3, "setting up file io: mode %s, count %d, read_once %d, write_immediately %d\n",
|
|
|
|
(read) ? "read" : "write", count, q->fileio_read_once,
|
|
|
|
q->fileio_write_immediately);
|
2010-12-06 08:56:55 +00:00
|
|
|
|
|
|
|
fileio = kzalloc(sizeof(struct vb2_fileio_data), GFP_KERNEL);
|
|
|
|
if (fileio == NULL)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2015-02-23 12:26:16 +00:00
|
|
|
fileio->read_once = q->fileio_read_once;
|
|
|
|
fileio->write_immediately = q->fileio_write_immediately;
|
2010-12-06 08:56:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Request buffers and use MMAP type to force driver
|
|
|
|
* to allocate buffers by itself.
|
|
|
|
*/
|
|
|
|
fileio->req.count = count;
|
|
|
|
fileio->req.memory = V4L2_MEMORY_MMAP;
|
|
|
|
fileio->req.type = q->type;
|
2014-04-07 12:23:50 +00:00
|
|
|
q->fileio = fileio;
|
|
|
|
ret = __reqbufs(q, &fileio->req);
|
2010-12-06 08:56:55 +00:00
|
|
|
if (ret)
|
|
|
|
goto err_kfree;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check if plane_count is correct
|
|
|
|
* (multiplane buffers are not supported).
|
|
|
|
*/
|
|
|
|
if (q->bufs[0]->num_planes != 1) {
|
|
|
|
ret = -EBUSY;
|
|
|
|
goto err_reqbufs;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get kernel address of each buffer.
|
|
|
|
*/
|
|
|
|
for (i = 0; i < q->num_buffers; i++) {
|
|
|
|
fileio->bufs[i].vaddr = vb2_plane_vaddr(q->bufs[i], 0);
|
2013-05-13 04:48:45 +00:00
|
|
|
if (fileio->bufs[i].vaddr == NULL) {
|
|
|
|
ret = -EINVAL;
|
2010-12-06 08:56:55 +00:00
|
|
|
goto err_reqbufs;
|
2013-05-13 04:48:45 +00:00
|
|
|
}
|
2010-12-06 08:56:55 +00:00
|
|
|
fileio->bufs[i].size = vb2_plane_size(q->bufs[i], 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Read mode requires pre queuing of all buffers.
|
|
|
|
*/
|
|
|
|
if (read) {
|
2014-04-11 07:40:03 +00:00
|
|
|
bool is_multiplanar = V4L2_TYPE_IS_MULTIPLANAR(q->type);
|
|
|
|
|
2010-12-06 08:56:55 +00:00
|
|
|
/*
|
|
|
|
* Queue all buffers.
|
|
|
|
*/
|
|
|
|
for (i = 0; i < q->num_buffers; i++) {
|
|
|
|
struct v4l2_buffer *b = &fileio->b;
|
2014-04-11 07:40:03 +00:00
|
|
|
|
2010-12-06 08:56:55 +00:00
|
|
|
memset(b, 0, sizeof(*b));
|
|
|
|
b->type = q->type;
|
2014-04-11 07:40:03 +00:00
|
|
|
if (is_multiplanar) {
|
|
|
|
memset(&fileio->p, 0, sizeof(fileio->p));
|
|
|
|
b->m.planes = &fileio->p;
|
|
|
|
b->length = 1;
|
|
|
|
}
|
2010-12-06 08:56:55 +00:00
|
|
|
b->memory = q->memory;
|
|
|
|
b->index = i;
|
2014-04-07 12:23:50 +00:00
|
|
|
ret = vb2_internal_qbuf(q, b);
|
2010-12-06 08:56:55 +00:00
|
|
|
if (ret)
|
|
|
|
goto err_reqbufs;
|
|
|
|
fileio->bufs[i].queued = 1;
|
|
|
|
}
|
2014-02-14 09:46:50 +00:00
|
|
|
/*
|
|
|
|
* All buffers have been queued, so mark that by setting
|
|
|
|
* initial_index to q->num_buffers
|
|
|
|
*/
|
|
|
|
fileio->initial_index = q->num_buffers;
|
|
|
|
fileio->cur_index = q->num_buffers;
|
2010-12-06 08:56:55 +00:00
|
|
|
}
|
|
|
|
|
2013-12-13 16:13:42 +00:00
|
|
|
/*
|
|
|
|
* Start streaming.
|
|
|
|
*/
|
2014-04-07 12:23:50 +00:00
|
|
|
ret = vb2_internal_streamon(q, q->type);
|
2013-12-13 16:13:42 +00:00
|
|
|
if (ret)
|
|
|
|
goto err_reqbufs;
|
|
|
|
|
2010-12-06 08:56:55 +00:00
|
|
|
return ret;
|
|
|
|
|
|
|
|
err_reqbufs:
|
2012-05-08 17:47:39 +00:00
|
|
|
fileio->req.count = 0;
|
2014-04-07 12:23:50 +00:00
|
|
|
__reqbufs(q, &fileio->req);
|
2010-12-06 08:56:55 +00:00
|
|
|
|
|
|
|
err_kfree:
|
2014-04-07 12:23:50 +00:00
|
|
|
q->fileio = NULL;
|
2010-12-06 08:56:55 +00:00
|
|
|
kfree(fileio);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __vb2_cleanup_fileio() - free resourced used by file io emulator
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
*/
|
|
|
|
static int __vb2_cleanup_fileio(struct vb2_queue *q)
|
|
|
|
{
|
|
|
|
struct vb2_fileio_data *fileio = q->fileio;
|
|
|
|
|
|
|
|
if (fileio) {
|
2013-12-13 16:13:41 +00:00
|
|
|
vb2_internal_streamoff(q, q->type);
|
2010-12-06 08:56:55 +00:00
|
|
|
q->fileio = NULL;
|
|
|
|
fileio->req.count = 0;
|
|
|
|
vb2_reqbufs(q, &fileio->req);
|
|
|
|
kfree(fileio);
|
|
|
|
dprintk(3, "file io emulator closed\n");
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __vb2_perform_fileio() - perform a single file io (read or write) operation
|
|
|
|
* @q: videobuf2 queue
|
|
|
|
* @data: pointed to target userspace buffer
|
|
|
|
* @count: number of bytes to read or write
|
|
|
|
* @ppos: file handle position tracking pointer
|
|
|
|
* @nonblock: mode selector (1 means blocking calls, 0 means nonblocking)
|
|
|
|
* @read: access mode selector (1 means read, 0 means write)
|
|
|
|
*/
|
|
|
|
static size_t __vb2_perform_fileio(struct vb2_queue *q, char __user *data, size_t count,
|
|
|
|
loff_t *ppos, int nonblock, int read)
|
|
|
|
{
|
|
|
|
struct vb2_fileio_data *fileio;
|
|
|
|
struct vb2_fileio_buf *buf;
|
2014-04-11 07:40:03 +00:00
|
|
|
bool is_multiplanar = V4L2_TYPE_IS_MULTIPLANAR(q->type);
|
2014-04-11 07:36:57 +00:00
|
|
|
/*
|
|
|
|
* When using write() to write data to an output video node the vb2 core
|
|
|
|
* should set timestamps if V4L2_BUF_FLAG_TIMESTAMP_COPY is set. Nobody
|
|
|
|
* else is able to provide this information with the write() operation.
|
|
|
|
*/
|
|
|
|
bool set_timestamp = !read &&
|
|
|
|
(q->timestamp_flags & V4L2_BUF_FLAG_TIMESTAMP_MASK) ==
|
|
|
|
V4L2_BUF_FLAG_TIMESTAMP_COPY;
|
2010-12-06 08:56:55 +00:00
|
|
|
int ret, index;
|
|
|
|
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(3, "mode %s, offset %ld, count %zd, %sblocking\n",
|
2010-12-06 08:56:55 +00:00
|
|
|
read ? "read" : "write", (long)*ppos, count,
|
|
|
|
nonblock ? "non" : "");
|
|
|
|
|
|
|
|
if (!data)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialize emulator on first call.
|
|
|
|
*/
|
2014-04-07 12:23:50 +00:00
|
|
|
if (!vb2_fileio_is_active(q)) {
|
2010-12-06 08:56:55 +00:00
|
|
|
ret = __vb2_init_fileio(q, read);
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(3, "vb2_init_fileio result: %d\n", ret);
|
2010-12-06 08:56:55 +00:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
fileio = q->fileio;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check if we need to dequeue the buffer.
|
|
|
|
*/
|
2014-02-14 09:46:50 +00:00
|
|
|
index = fileio->cur_index;
|
2013-12-13 16:13:45 +00:00
|
|
|
if (index >= q->num_buffers) {
|
2010-12-06 08:56:55 +00:00
|
|
|
/*
|
|
|
|
* Call vb2_dqbuf to get buffer back.
|
|
|
|
*/
|
|
|
|
memset(&fileio->b, 0, sizeof(fileio->b));
|
|
|
|
fileio->b.type = q->type;
|
|
|
|
fileio->b.memory = q->memory;
|
2014-04-11 07:40:03 +00:00
|
|
|
if (is_multiplanar) {
|
|
|
|
memset(&fileio->p, 0, sizeof(fileio->p));
|
|
|
|
fileio->b.m.planes = &fileio->p;
|
|
|
|
fileio->b.length = 1;
|
|
|
|
}
|
2013-12-13 16:13:41 +00:00
|
|
|
ret = vb2_internal_dqbuf(q, &fileio->b, nonblock);
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(5, "vb2_dqbuf result: %d\n", ret);
|
2010-12-06 08:56:55 +00:00
|
|
|
if (ret)
|
2013-12-13 16:13:41 +00:00
|
|
|
return ret;
|
2010-12-06 08:56:55 +00:00
|
|
|
fileio->dq_count += 1;
|
|
|
|
|
2014-02-14 09:46:50 +00:00
|
|
|
fileio->cur_index = index = fileio->b.index;
|
2013-12-13 16:13:45 +00:00
|
|
|
buf = &fileio->bufs[index];
|
|
|
|
|
2010-12-06 08:56:55 +00:00
|
|
|
/*
|
|
|
|
* Get number of bytes filled by the driver
|
|
|
|
*/
|
2013-12-13 16:13:45 +00:00
|
|
|
buf->pos = 0;
|
2010-12-06 08:56:55 +00:00
|
|
|
buf->queued = 0;
|
2013-12-13 16:13:45 +00:00
|
|
|
buf->size = read ? vb2_get_plane_payload(q->bufs[index], 0)
|
|
|
|
: vb2_plane_size(q->bufs[index], 0);
|
2014-07-25 09:08:36 +00:00
|
|
|
/* Compensate for data_offset on read in the multiplanar case. */
|
|
|
|
if (is_multiplanar && read &&
|
|
|
|
fileio->b.m.planes[0].data_offset < buf->size) {
|
|
|
|
buf->pos = fileio->b.m.planes[0].data_offset;
|
|
|
|
buf->size -= buf->pos;
|
|
|
|
}
|
2013-12-13 16:13:45 +00:00
|
|
|
} else {
|
|
|
|
buf = &fileio->bufs[index];
|
2010-12-06 08:56:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Limit count on last few bytes of the buffer.
|
|
|
|
*/
|
|
|
|
if (buf->pos + count > buf->size) {
|
|
|
|
count = buf->size - buf->pos;
|
2011-01-11 20:12:34 +00:00
|
|
|
dprintk(5, "reducing read count: %zd\n", count);
|
2010-12-06 08:56:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Transfer data to userspace.
|
|
|
|
*/
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(3, "copying %zd bytes - buffer %d, offset %u\n",
|
2010-12-06 08:56:55 +00:00
|
|
|
count, index, buf->pos);
|
|
|
|
if (read)
|
|
|
|
ret = copy_to_user(data, buf->vaddr + buf->pos, count);
|
|
|
|
else
|
|
|
|
ret = copy_from_user(buf->vaddr + buf->pos, data, count);
|
|
|
|
if (ret) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(3, "error copying data\n");
|
2013-12-13 16:13:41 +00:00
|
|
|
return -EFAULT;
|
2010-12-06 08:56:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Update counters.
|
|
|
|
*/
|
|
|
|
buf->pos += count;
|
|
|
|
*ppos += count;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Queue next buffer if required.
|
|
|
|
*/
|
2015-02-23 12:26:16 +00:00
|
|
|
if (buf->pos == buf->size || (!read && fileio->write_immediately)) {
|
2010-12-06 08:56:55 +00:00
|
|
|
/*
|
|
|
|
* Check if this is the last buffer to read.
|
|
|
|
*/
|
2015-02-23 12:26:16 +00:00
|
|
|
if (read && fileio->read_once && fileio->dq_count == 1) {
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(3, "read limit reached\n");
|
2010-12-06 08:56:55 +00:00
|
|
|
return __vb2_cleanup_fileio(q);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Call vb2_qbuf and give buffer to the driver.
|
|
|
|
*/
|
|
|
|
memset(&fileio->b, 0, sizeof(fileio->b));
|
|
|
|
fileio->b.type = q->type;
|
|
|
|
fileio->b.memory = q->memory;
|
|
|
|
fileio->b.index = index;
|
|
|
|
fileio->b.bytesused = buf->pos;
|
2014-04-11 07:40:03 +00:00
|
|
|
if (is_multiplanar) {
|
|
|
|
memset(&fileio->p, 0, sizeof(fileio->p));
|
|
|
|
fileio->p.bytesused = buf->pos;
|
|
|
|
fileio->b.m.planes = &fileio->p;
|
|
|
|
fileio->b.length = 1;
|
|
|
|
}
|
2014-04-11 07:36:57 +00:00
|
|
|
if (set_timestamp)
|
|
|
|
v4l2_get_timestamp(&fileio->b.timestamp);
|
2013-12-13 16:13:41 +00:00
|
|
|
ret = vb2_internal_qbuf(q, &fileio->b);
|
2014-04-07 12:08:47 +00:00
|
|
|
dprintk(5, "vb2_dbuf result: %d\n", ret);
|
2010-12-06 08:56:55 +00:00
|
|
|
if (ret)
|
2013-12-13 16:13:41 +00:00
|
|
|
return ret;
|
2010-12-06 08:56:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Buffer has been queued, update the status
|
|
|
|
*/
|
|
|
|
buf->pos = 0;
|
|
|
|
buf->queued = 1;
|
2013-12-13 16:13:45 +00:00
|
|
|
buf->size = vb2_plane_size(q->bufs[index], 0);
|
2010-12-06 08:56:55 +00:00
|
|
|
fileio->q_count += 1;
|
2014-02-14 09:46:50 +00:00
|
|
|
/*
|
|
|
|
* If we are queuing up buffers for the first time, then
|
|
|
|
* increase initial_index by one.
|
|
|
|
*/
|
|
|
|
if (fileio->initial_index < q->num_buffers)
|
|
|
|
fileio->initial_index++;
|
|
|
|
/*
|
|
|
|
* The next buffer to use is either a buffer that's going to be
|
|
|
|
* queued for the first time (initial_index < q->num_buffers)
|
|
|
|
* or it is equal to q->num_buffers, meaning that the next
|
|
|
|
* time we need to dequeue a buffer since we've now queued up
|
|
|
|
* all the 'first time' buffers.
|
|
|
|
*/
|
|
|
|
fileio->cur_index = fileio->initial_index;
|
2010-12-06 08:56:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return proper number of bytes processed.
|
|
|
|
*/
|
|
|
|
if (ret == 0)
|
|
|
|
ret = count;
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t vb2_read(struct vb2_queue *q, char __user *data, size_t count,
|
|
|
|
loff_t *ppos, int nonblocking)
|
|
|
|
{
|
|
|
|
return __vb2_perform_fileio(q, data, count, ppos, nonblocking, 1);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_read);
|
|
|
|
|
2013-08-28 07:39:29 +00:00
|
|
|
size_t vb2_write(struct vb2_queue *q, const char __user *data, size_t count,
|
2010-12-06 08:56:55 +00:00
|
|
|
loff_t *ppos, int nonblocking)
|
|
|
|
{
|
2013-08-28 07:39:29 +00:00
|
|
|
return __vb2_perform_fileio(q, (char __user *) data, count,
|
|
|
|
ppos, nonblocking, 0);
|
2010-12-06 08:56:55 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_write);
|
|
|
|
|
2014-04-14 10:33:00 +00:00
|
|
|
struct vb2_threadio_data {
|
|
|
|
struct task_struct *thread;
|
|
|
|
vb2_thread_fnc fnc;
|
|
|
|
void *priv;
|
|
|
|
bool stop;
|
|
|
|
};
|
|
|
|
|
|
|
|
static int vb2_thread(void *data)
|
|
|
|
{
|
|
|
|
struct vb2_queue *q = data;
|
|
|
|
struct vb2_threadio_data *threadio = q->threadio;
|
|
|
|
struct vb2_fileio_data *fileio = q->fileio;
|
|
|
|
bool set_timestamp = false;
|
|
|
|
int prequeue = 0;
|
|
|
|
int index = 0;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
if (V4L2_TYPE_IS_OUTPUT(q->type)) {
|
|
|
|
prequeue = q->num_buffers;
|
|
|
|
set_timestamp =
|
|
|
|
(q->timestamp_flags & V4L2_BUF_FLAG_TIMESTAMP_MASK) ==
|
|
|
|
V4L2_BUF_FLAG_TIMESTAMP_COPY;
|
|
|
|
}
|
|
|
|
|
|
|
|
set_freezable();
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
struct vb2_buffer *vb;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Call vb2_dqbuf to get buffer back.
|
|
|
|
*/
|
|
|
|
memset(&fileio->b, 0, sizeof(fileio->b));
|
|
|
|
fileio->b.type = q->type;
|
|
|
|
fileio->b.memory = q->memory;
|
|
|
|
if (prequeue) {
|
|
|
|
fileio->b.index = index++;
|
|
|
|
prequeue--;
|
|
|
|
} else {
|
|
|
|
call_void_qop(q, wait_finish, q);
|
2015-01-19 09:16:18 +00:00
|
|
|
if (!threadio->stop)
|
|
|
|
ret = vb2_internal_dqbuf(q, &fileio->b, 0);
|
2014-04-14 10:33:00 +00:00
|
|
|
call_void_qop(q, wait_prepare, q);
|
|
|
|
dprintk(5, "file io: vb2_dqbuf result: %d\n", ret);
|
|
|
|
}
|
2015-01-19 09:16:18 +00:00
|
|
|
if (ret || threadio->stop)
|
2014-04-14 10:33:00 +00:00
|
|
|
break;
|
|
|
|
try_to_freeze();
|
|
|
|
|
|
|
|
vb = q->bufs[fileio->b.index];
|
|
|
|
if (!(fileio->b.flags & V4L2_BUF_FLAG_ERROR))
|
2015-01-19 09:16:18 +00:00
|
|
|
if (threadio->fnc(vb, threadio->priv))
|
|
|
|
break;
|
2014-04-14 10:33:00 +00:00
|
|
|
call_void_qop(q, wait_finish, q);
|
|
|
|
if (set_timestamp)
|
|
|
|
v4l2_get_timestamp(&fileio->b.timestamp);
|
2015-01-19 09:16:18 +00:00
|
|
|
if (!threadio->stop)
|
|
|
|
ret = vb2_internal_qbuf(q, &fileio->b);
|
2014-04-14 10:33:00 +00:00
|
|
|
call_void_qop(q, wait_prepare, q);
|
2015-01-19 09:16:18 +00:00
|
|
|
if (ret || threadio->stop)
|
2014-04-14 10:33:00 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Hmm, linux becomes *very* unhappy without this ... */
|
|
|
|
while (!kthread_should_stop()) {
|
|
|
|
set_current_state(TASK_INTERRUPTIBLE);
|
|
|
|
schedule();
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This function should not be used for anything else but the videobuf2-dvb
|
|
|
|
* support. If you think you have another good use-case for this, then please
|
|
|
|
* contact the linux-media mailinglist first.
|
|
|
|
*/
|
|
|
|
int vb2_thread_start(struct vb2_queue *q, vb2_thread_fnc fnc, void *priv,
|
|
|
|
const char *thread_name)
|
|
|
|
{
|
|
|
|
struct vb2_threadio_data *threadio;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
if (q->threadio)
|
|
|
|
return -EBUSY;
|
|
|
|
if (vb2_is_busy(q))
|
|
|
|
return -EBUSY;
|
|
|
|
if (WARN_ON(q->fileio))
|
|
|
|
return -EBUSY;
|
|
|
|
|
|
|
|
threadio = kzalloc(sizeof(*threadio), GFP_KERNEL);
|
|
|
|
if (threadio == NULL)
|
|
|
|
return -ENOMEM;
|
|
|
|
threadio->fnc = fnc;
|
|
|
|
threadio->priv = priv;
|
|
|
|
|
|
|
|
ret = __vb2_init_fileio(q, !V4L2_TYPE_IS_OUTPUT(q->type));
|
|
|
|
dprintk(3, "file io: vb2_init_fileio result: %d\n", ret);
|
|
|
|
if (ret)
|
|
|
|
goto nomem;
|
|
|
|
q->threadio = threadio;
|
|
|
|
threadio->thread = kthread_run(vb2_thread, q, "vb2-%s", thread_name);
|
|
|
|
if (IS_ERR(threadio->thread)) {
|
|
|
|
ret = PTR_ERR(threadio->thread);
|
|
|
|
threadio->thread = NULL;
|
|
|
|
goto nothread;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
nothread:
|
|
|
|
__vb2_cleanup_fileio(q);
|
|
|
|
nomem:
|
|
|
|
kfree(threadio);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_thread_start);
|
|
|
|
|
|
|
|
int vb2_thread_stop(struct vb2_queue *q)
|
|
|
|
{
|
|
|
|
struct vb2_threadio_data *threadio = q->threadio;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
if (threadio == NULL)
|
|
|
|
return 0;
|
|
|
|
threadio->stop = true;
|
2015-02-16 10:49:07 +00:00
|
|
|
/* Wake up all pending sleeps in the thread */
|
|
|
|
vb2_queue_error(q);
|
2015-01-19 09:16:18 +00:00
|
|
|
err = kthread_stop(threadio->thread);
|
2015-02-16 10:49:07 +00:00
|
|
|
__vb2_cleanup_fileio(q);
|
2014-04-14 10:33:00 +00:00
|
|
|
threadio->thread = NULL;
|
|
|
|
kfree(threadio);
|
|
|
|
q->threadio = NULL;
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_thread_stop);
|
2012-07-02 08:59:18 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The following functions are not part of the vb2 core API, but are helper
|
|
|
|
* functions that plug into struct v4l2_ioctl_ops, struct v4l2_file_operations
|
|
|
|
* and struct vb2_ops.
|
|
|
|
* They contain boilerplate code that most if not all drivers have to do
|
|
|
|
* and so they simplify the driver code.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* The queue is busy if there is a owner and you are not that owner. */
|
|
|
|
static inline bool vb2_queue_is_busy(struct video_device *vdev, struct file *file)
|
|
|
|
{
|
|
|
|
return vdev->queue->owner && vdev->queue->owner != file->private_data;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* vb2 ioctl helpers */
|
|
|
|
|
|
|
|
int vb2_ioctl_reqbufs(struct file *file, void *priv,
|
|
|
|
struct v4l2_requestbuffers *p)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
int res = __verify_memory_type(vdev->queue, p->memory, p->type);
|
|
|
|
|
|
|
|
if (res)
|
|
|
|
return res;
|
|
|
|
if (vb2_queue_is_busy(vdev, file))
|
|
|
|
return -EBUSY;
|
|
|
|
res = __reqbufs(vdev->queue, p);
|
|
|
|
/* If count == 0, then the owner has released all buffers and he
|
|
|
|
is no longer owner of the queue. Otherwise we have a new owner. */
|
|
|
|
if (res == 0)
|
|
|
|
vdev->queue->owner = p->count ? file->private_data : NULL;
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_ioctl_reqbufs);
|
|
|
|
|
|
|
|
int vb2_ioctl_create_bufs(struct file *file, void *priv,
|
|
|
|
struct v4l2_create_buffers *p)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
int res = __verify_memory_type(vdev->queue, p->memory, p->format.type);
|
|
|
|
|
|
|
|
p->index = vdev->queue->num_buffers;
|
|
|
|
/* If count == 0, then just check if memory and type are valid.
|
|
|
|
Any -EBUSY result from __verify_memory_type can be mapped to 0. */
|
|
|
|
if (p->count == 0)
|
|
|
|
return res != -EBUSY ? res : 0;
|
|
|
|
if (res)
|
|
|
|
return res;
|
|
|
|
if (vb2_queue_is_busy(vdev, file))
|
|
|
|
return -EBUSY;
|
|
|
|
res = __create_bufs(vdev->queue, p);
|
|
|
|
if (res == 0)
|
|
|
|
vdev->queue->owner = file->private_data;
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_ioctl_create_bufs);
|
|
|
|
|
|
|
|
int vb2_ioctl_prepare_buf(struct file *file, void *priv,
|
|
|
|
struct v4l2_buffer *p)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
|
|
|
|
if (vb2_queue_is_busy(vdev, file))
|
|
|
|
return -EBUSY;
|
|
|
|
return vb2_prepare_buf(vdev->queue, p);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_ioctl_prepare_buf);
|
|
|
|
|
|
|
|
int vb2_ioctl_querybuf(struct file *file, void *priv, struct v4l2_buffer *p)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
|
|
|
|
/* No need to call vb2_queue_is_busy(), anyone can query buffers. */
|
|
|
|
return vb2_querybuf(vdev->queue, p);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_ioctl_querybuf);
|
|
|
|
|
|
|
|
int vb2_ioctl_qbuf(struct file *file, void *priv, struct v4l2_buffer *p)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
|
|
|
|
if (vb2_queue_is_busy(vdev, file))
|
|
|
|
return -EBUSY;
|
|
|
|
return vb2_qbuf(vdev->queue, p);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_ioctl_qbuf);
|
|
|
|
|
|
|
|
int vb2_ioctl_dqbuf(struct file *file, void *priv, struct v4l2_buffer *p)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
|
|
|
|
if (vb2_queue_is_busy(vdev, file))
|
|
|
|
return -EBUSY;
|
|
|
|
return vb2_dqbuf(vdev->queue, p, file->f_flags & O_NONBLOCK);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_ioctl_dqbuf);
|
|
|
|
|
|
|
|
int vb2_ioctl_streamon(struct file *file, void *priv, enum v4l2_buf_type i)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
|
|
|
|
if (vb2_queue_is_busy(vdev, file))
|
|
|
|
return -EBUSY;
|
|
|
|
return vb2_streamon(vdev->queue, i);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_ioctl_streamon);
|
|
|
|
|
|
|
|
int vb2_ioctl_streamoff(struct file *file, void *priv, enum v4l2_buf_type i)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
|
|
|
|
if (vb2_queue_is_busy(vdev, file))
|
|
|
|
return -EBUSY;
|
|
|
|
return vb2_streamoff(vdev->queue, i);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_ioctl_streamoff);
|
|
|
|
|
2012-06-14 14:32:24 +00:00
|
|
|
int vb2_ioctl_expbuf(struct file *file, void *priv, struct v4l2_exportbuffer *p)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
|
|
|
|
if (vb2_queue_is_busy(vdev, file))
|
|
|
|
return -EBUSY;
|
|
|
|
return vb2_expbuf(vdev->queue, p);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_ioctl_expbuf);
|
|
|
|
|
2012-07-02 08:59:18 +00:00
|
|
|
/* v4l2_file_operations helpers */
|
|
|
|
|
|
|
|
int vb2_fop_mmap(struct file *file, struct vm_area_struct *vma)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
return vb2_mmap(vdev->queue, vma);
|
2012-07-02 08:59:18 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_fop_mmap);
|
|
|
|
|
2013-11-25 08:49:02 +00:00
|
|
|
int _vb2_fop_release(struct file *file, struct mutex *lock)
|
2012-07-02 08:59:18 +00:00
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
|
2014-11-01 13:32:28 +00:00
|
|
|
if (lock)
|
|
|
|
mutex_lock(lock);
|
2012-07-02 08:59:18 +00:00
|
|
|
if (file->private_data == vdev->queue->owner) {
|
|
|
|
vb2_queue_release(vdev->queue);
|
|
|
|
vdev->queue->owner = NULL;
|
|
|
|
}
|
2014-11-01 13:32:28 +00:00
|
|
|
if (lock)
|
|
|
|
mutex_unlock(lock);
|
2012-07-02 08:59:18 +00:00
|
|
|
return v4l2_fh_release(file);
|
|
|
|
}
|
2013-11-25 08:49:02 +00:00
|
|
|
EXPORT_SYMBOL_GPL(_vb2_fop_release);
|
|
|
|
|
|
|
|
int vb2_fop_release(struct file *file)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
struct mutex *lock = vdev->queue->lock ? vdev->queue->lock : vdev->lock;
|
|
|
|
|
|
|
|
return _vb2_fop_release(file, lock);
|
|
|
|
}
|
2012-07-02 08:59:18 +00:00
|
|
|
EXPORT_SYMBOL_GPL(vb2_fop_release);
|
|
|
|
|
2013-08-28 07:39:29 +00:00
|
|
|
ssize_t vb2_fop_write(struct file *file, const char __user *buf,
|
2012-07-02 08:59:18 +00:00
|
|
|
size_t count, loff_t *ppos)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
struct mutex *lock = vdev->queue->lock ? vdev->queue->lock : vdev->lock;
|
|
|
|
int err = -EBUSY;
|
|
|
|
|
2015-03-03 11:23:59 +00:00
|
|
|
if (!(vdev->queue->io_modes & VB2_WRITE))
|
|
|
|
return -EINVAL;
|
2012-07-31 07:02:25 +00:00
|
|
|
if (lock && mutex_lock_interruptible(lock))
|
2012-07-02 08:59:18 +00:00
|
|
|
return -ERESTARTSYS;
|
|
|
|
if (vb2_queue_is_busy(vdev, file))
|
|
|
|
goto exit;
|
|
|
|
err = vb2_write(vdev->queue, buf, count, ppos,
|
|
|
|
file->f_flags & O_NONBLOCK);
|
2012-09-07 15:50:02 +00:00
|
|
|
if (vdev->queue->fileio)
|
2012-07-02 08:59:18 +00:00
|
|
|
vdev->queue->owner = file->private_data;
|
|
|
|
exit:
|
2012-07-31 07:02:25 +00:00
|
|
|
if (lock)
|
2012-07-02 08:59:18 +00:00
|
|
|
mutex_unlock(lock);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_fop_write);
|
|
|
|
|
|
|
|
ssize_t vb2_fop_read(struct file *file, char __user *buf,
|
|
|
|
size_t count, loff_t *ppos)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
struct mutex *lock = vdev->queue->lock ? vdev->queue->lock : vdev->lock;
|
|
|
|
int err = -EBUSY;
|
|
|
|
|
2015-03-03 11:23:59 +00:00
|
|
|
if (!(vdev->queue->io_modes & VB2_READ))
|
|
|
|
return -EINVAL;
|
2012-07-31 07:02:25 +00:00
|
|
|
if (lock && mutex_lock_interruptible(lock))
|
2012-07-02 08:59:18 +00:00
|
|
|
return -ERESTARTSYS;
|
|
|
|
if (vb2_queue_is_busy(vdev, file))
|
|
|
|
goto exit;
|
|
|
|
err = vb2_read(vdev->queue, buf, count, ppos,
|
|
|
|
file->f_flags & O_NONBLOCK);
|
2012-09-07 15:50:02 +00:00
|
|
|
if (vdev->queue->fileio)
|
2012-07-02 08:59:18 +00:00
|
|
|
vdev->queue->owner = file->private_data;
|
|
|
|
exit:
|
2012-07-31 07:02:25 +00:00
|
|
|
if (lock)
|
2012-07-02 08:59:18 +00:00
|
|
|
mutex_unlock(lock);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_fop_read);
|
|
|
|
|
|
|
|
unsigned int vb2_fop_poll(struct file *file, poll_table *wait)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
struct vb2_queue *q = vdev->queue;
|
|
|
|
struct mutex *lock = q->lock ? q->lock : vdev->lock;
|
|
|
|
unsigned res;
|
|
|
|
void *fileio;
|
|
|
|
|
2014-11-01 13:32:28 +00:00
|
|
|
/*
|
|
|
|
* If this helper doesn't know how to lock, then you shouldn't be using
|
|
|
|
* it but you should write your own.
|
|
|
|
*/
|
|
|
|
WARN_ON(!lock);
|
2012-07-02 08:59:18 +00:00
|
|
|
|
2014-11-01 13:32:28 +00:00
|
|
|
if (lock && mutex_lock_interruptible(lock))
|
2012-07-02 08:59:18 +00:00
|
|
|
return POLLERR;
|
|
|
|
|
|
|
|
fileio = q->fileio;
|
|
|
|
|
|
|
|
res = vb2_poll(vdev->queue, file, wait);
|
|
|
|
|
|
|
|
/* If fileio was started, then we have a new queue owner. */
|
2014-11-01 13:32:28 +00:00
|
|
|
if (!fileio && q->fileio)
|
2012-07-02 08:59:18 +00:00
|
|
|
q->owner = file->private_data;
|
2014-11-01 13:32:28 +00:00
|
|
|
if (lock)
|
2012-07-02 08:59:18 +00:00
|
|
|
mutex_unlock(lock);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_fop_poll);
|
|
|
|
|
|
|
|
#ifndef CONFIG_MMU
|
|
|
|
unsigned long vb2_fop_get_unmapped_area(struct file *file, unsigned long addr,
|
|
|
|
unsigned long len, unsigned long pgoff, unsigned long flags)
|
|
|
|
{
|
|
|
|
struct video_device *vdev = video_devdata(file);
|
|
|
|
|
[media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b24fc54ac209e44118ec8962051662e3
one year ago:
[ 403.117947] ======================================================
[ 403.117949] [ INFO: possible circular locking dependency detected ]
[ 403.117953] 3.16.0-rc6-test-media #961 Not tainted
[ 403.117954] -------------------------------------------------------
[ 403.117956] v4l2-ctl/15377 is trying to acquire lock:
[ 403.117959] (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.117974]
[ 403.117974] but task is already holding lock:
[ 403.117976] (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.117987]
[ 403.117987] which lock already depends on the new lock.
[ 403.117987]
[ 403.117990]
[ 403.117990] the existing dependency chain (in reverse order) is:
[ 403.117992]
[ 403.117992] -> #1 (&mm->mmap_sem){++++++}:
[ 403.117997] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118006] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118010] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118014] [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[ 403.118018] [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[ 403.118028] [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[ 403.118034] [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[ 403.118040] [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[ 403.118307] [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[ 403.118311] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118319]
[ 403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[ 403.118324] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118329] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118333] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118336] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118340] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118344] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118349] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118354] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118359] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118363] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118366] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118369] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118376] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[ 403.118381]
[ 403.118381] other info that might help us debug this:
[ 403.118381]
[ 403.118383] Possible unsafe locking scenario:
[ 403.118383]
[ 403.118385] CPU0 CPU1
[ 403.118387] ---- ----
[ 403.118388] lock(&mm->mmap_sem);
[ 403.118391] lock(&dev->mutex#3);
[ 403.118394] lock(&mm->mmap_sem);
[ 403.118397] lock(&dev->mutex#3);
[ 403.118400]
[ 403.118400] *** DEADLOCK ***
[ 403.118400]
[ 403.118403] 1 lock held by v4l2-ctl/15377:
[ 403.118405] #0: (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[ 403.118411]
[ 403.118411] stack backtrace:
[ 403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[ 403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 403.118420] ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[ 403.118425] ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[ 403.118429] ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[ 403.118433] Call Trace:
[ 403.118441] [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[ 403.118445] [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[ 403.118449] [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[ 403.118455] [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[ 403.118459] [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[ 403.118463] [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[ 403.118468] [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[ 403.118472] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118476] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118480] [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[ 403.118484] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118488] [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118493] [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[ 403.118497] [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[ 403.118502] [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[ 403.118506] [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[ 403.118510] [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[ 403.118513] [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[ 403.118517] [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[ 403.118521] [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[ 403.118525] [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.
However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?
There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.
The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.
The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.
In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.
As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.
All in all a much cleaner solution.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-07 06:47:14 +00:00
|
|
|
return vb2_get_unmapped_area(vdev->queue, addr, len, pgoff, flags);
|
2012-07-02 08:59:18 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_fop_get_unmapped_area);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* vb2_ops helpers. Only use if vq->lock is non-NULL. */
|
|
|
|
|
|
|
|
void vb2_ops_wait_prepare(struct vb2_queue *vq)
|
|
|
|
{
|
|
|
|
mutex_unlock(vq->lock);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_ops_wait_prepare);
|
|
|
|
|
|
|
|
void vb2_ops_wait_finish(struct vb2_queue *vq)
|
|
|
|
{
|
|
|
|
mutex_lock(vq->lock);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vb2_ops_wait_finish);
|
|
|
|
|
2010-10-11 13:56:41 +00:00
|
|
|
MODULE_DESCRIPTION("Driver helper framework for Video for Linux 2");
|
2011-03-13 18:23:32 +00:00
|
|
|
MODULE_AUTHOR("Pawel Osciak <pawel@osciak.com>, Marek Szyprowski");
|
2010-10-11 13:56:41 +00:00
|
|
|
MODULE_LICENSE("GPL");
|