korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-07 22:34:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
747a121914
linux/drivers/media/usb/uvc
History
Ricardo Ribalda 8e62139840 media: uvcvideo: Fix race condition with usb_kill_urb 
commit 619d9b710c upstream.

usb_kill_urb warranties that all the handlers are finished when it
returns, but does not protect against threads that might be handling
asynchronously the urb.

For UVC, the function uvc_ctrl_status_event_async() takes care of
control changes asynchronously.

If the code is executed in the following order:

CPU 0					CPU 1
===== 					=====
uvc_status_complete()
					uvc_status_stop()
uvc_ctrl_status_event_work()
					uvc_status_start() -> FAIL

Then uvc_status_start will keep failing and this error will be shown:

<4>[    5.540139] URB 0000000000000000 submitted while active
drivers/usb/core/urb.c:378 usb_submit_urb+0x4c3/0x528

Let's improve the current situation, by not re-submiting the urb if
we are stopping the status event. Also process the queued work
(if any) during stop.

CPU 0					CPU 1
===== 					=====
uvc_status_complete()
					uvc_status_stop()
					uvc_status_start()
uvc_ctrl_status_event_work() -> FAIL

Hopefully, with the usb layer protection this should be enough to cover
all the cases.

Cc: stable@vger.kernel.org
Fixes: e5225c820c ("media: uvcvideo: Send a control event when a Control Change interrupt arrives")
Reviewed-by: Yunke Cao <yunkec@chromium.org>
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-03-11 13:57:39 +01:00
..
Kconfig
Makefile
uvc_ctrl.c media: uvcvideo: Fix race condition with usb_kill_urb 2023-03-11 13:57:39 +01:00
uvc_debugfs.c media: usb: uvc: no need to check return value of debugfs_create functions 2020-09-26 10:15:17 +02:00
uvc_driver.c media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 2023-03-11 13:57:33 +01:00
uvc_entity.c media: uvcvideo: Handle cameras with invalid descriptors 2023-03-11 13:57:33 +01:00
uvc_isight.c media: uvcvideo: Rename debug functions 2021-01-27 15:08:19 +01:00
uvc_metadata.c
uvc_queue.c media: uvcvideo: Rename debug functions 2021-01-27 15:08:19 +01:00
uvc_status.c media: uvcvideo: Fix race condition with usb_kill_urb 2023-03-11 13:57:39 +01:00
uvc_v4l2.c media: uvcvideo: Remove format descriptions 2023-03-11 13:57:33 +01:00
uvc_video.c media: uvcvideo: Silence memcpy() run-time false positive warnings 2023-03-11 13:57:33 +01:00
uvcvideo.h media: uvcvideo: Fix race condition with usb_kill_urb 2023-03-11 13:57:39 +01:00