Commit 78718e5d authored by Brandon Philips's avatar Brandon Philips Committed by Mauro Carvalho Chehab

V4L/DVB (7492): vivi: Simplify the vivi driver and avoid deadlocks

vivi previously had a very complex queuing system and held spinlocks while
doing copy_to_user, kmalloc, etc.  This caused the driver to easily deadlock
when a multi-threaded application used it and revealed bugs in videobuf too.

This replaces the copy_to_user with memcpy since we were never copying to user
space addresses.  And makes the kmalloc atomic.
Signed-off-by: default avatarBrandon Philips <bphilips@suse.de>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@infradead.org>
parent aa9dbac4
...@@ -146,8 +146,6 @@ struct vivi_buffer { ...@@ -146,8 +146,6 @@ struct vivi_buffer {
struct vivi_dmaqueue { struct vivi_dmaqueue {
struct list_head active; struct list_head active;
struct list_head queued;
struct timer_list timeout;
/* thread for generating video stream*/ /* thread for generating video stream*/
struct task_struct *kthread; struct task_struct *kthread;
...@@ -162,7 +160,6 @@ static LIST_HEAD(vivi_devlist); ...@@ -162,7 +160,6 @@ static LIST_HEAD(vivi_devlist);
struct vivi_dev { struct vivi_dev {
struct list_head vivi_devlist; struct list_head vivi_devlist;
struct mutex lock;
spinlock_t slock; spinlock_t slock;
struct mutex mutex; struct mutex mutex;
...@@ -323,24 +320,26 @@ static void gen_line(char *basep, int inipos, int wmax, ...@@ -323,24 +320,26 @@ static void gen_line(char *basep, int inipos, int wmax,
end: end:
return; return;
} }
static void vivi_fillbuff(struct vivi_dev *dev, struct vivi_buffer *buf) static void vivi_fillbuff(struct vivi_dev *dev, struct vivi_buffer *buf)
{ {
int h , pos = 0; int h , pos = 0;
int hmax = buf->vb.height; int hmax = buf->vb.height;
int wmax = buf->vb.width; int wmax = buf->vb.width;
struct timeval ts; struct timeval ts;
char *tmpbuf = kmalloc(wmax * 2, GFP_KERNEL); char *tmpbuf = kmalloc(wmax * 2, GFP_ATOMIC);
void *vbuf = videobuf_to_vmalloc(&buf->vb); void *vbuf = videobuf_to_vmalloc(&buf->vb);
if (!tmpbuf) if (!tmpbuf)
return; return;
if (!vbuf)
return;
for (h = 0; h < hmax; h++) { for (h = 0; h < hmax; h++) {
gen_line(tmpbuf, 0, wmax, hmax, h, dev->mv_count, gen_line(tmpbuf, 0, wmax, hmax, h, dev->mv_count,
dev->timestr); dev->timestr);
/* FIXME: replacing to __copy_to_user */ memcpy(vbuf + pos, tmpbuf, wmax * 2);
if (copy_to_user(vbuf + pos, tmpbuf, wmax * 2) != 0)
dprintk(dev, 2, "vivifill copy_to_user failed.\n");
pos += wmax*2; pos += wmax*2;
} }
...@@ -373,67 +372,58 @@ static void vivi_fillbuff(struct vivi_dev *dev, struct vivi_buffer *buf) ...@@ -373,67 +372,58 @@ static void vivi_fillbuff(struct vivi_dev *dev, struct vivi_buffer *buf)
dev->timestr, (unsigned long)tmpbuf, pos); dev->timestr, (unsigned long)tmpbuf, pos);
/* Advice that buffer was filled */ /* Advice that buffer was filled */
buf->vb.state = VIDEOBUF_DONE;
buf->vb.field_count++; buf->vb.field_count++;
do_gettimeofday(&ts); do_gettimeofday(&ts);
buf->vb.ts = ts; buf->vb.ts = ts;
buf->vb.state = VIDEOBUF_DONE;
list_del(&buf->vb.queue);
wake_up(&buf->vb.done);
} }
static int restart_video_queue(struct vivi_dmaqueue *dma_q); static void vivi_thread_tick(struct vivi_fh *fh)
static void vivi_thread_tick(struct vivi_dmaqueue *dma_q)
{ {
struct vivi_buffer *buf; struct vivi_buffer *buf;
struct vivi_dev *dev = container_of(dma_q, struct vivi_dev, vidq); struct vivi_dev *dev = fh->dev;
struct vivi_dmaqueue *dma_q = &dev->vidq;
int bc; unsigned long flags = 0;
spin_lock(&dev->slock); dprintk(dev, 1, "Thread tick\n");
/* Announces videobuf that all went ok */
for (bc = 0;; bc++) {
if (list_empty(&dma_q->active)) {
dprintk(dev, 1, "No active queue to serve\n");
break;
}
buf = list_entry(dma_q->active.next, spin_lock_irqsave(&dev->slock, flags);
struct vivi_buffer, vb.queue); if (list_empty(&dma_q->active)) {
dprintk(dev, 1, "No active queue to serve\n");
goto unlock;
}
/* Nobody is waiting something to be done, just return */ buf = list_entry(dma_q->active.next,
if (!waitqueue_active(&buf->vb.done)) { struct vivi_buffer, vb.queue);
mod_timer(&dma_q->timeout, jiffies+BUFFER_TIMEOUT);
spin_unlock(&dev->slock);
return;
}
do_gettimeofday(&buf->vb.ts); /* Nobody is waiting on this buffer, return */
dprintk(dev, 2, "[%p/%d] wakeup\n", buf, buf->vb. i); if (!waitqueue_active(&buf->vb.done))
goto unlock;
/* Fill buffer */ list_del(&buf->vb.queue);
vivi_fillbuff(dev, buf);
if (list_empty(&dma_q->active)) { do_gettimeofday(&buf->vb.ts);
del_timer(&dma_q->timeout);
} else { /* Fill buffer */
mod_timer(&dma_q->timeout, jiffies + BUFFER_TIMEOUT); vivi_fillbuff(dev, buf);
} dprintk(dev, 1, "filled buffer %p\n", buf);
}
if (bc != 1) wake_up(&buf->vb.done);
dprintk(dev, 1, "%s: %d buffers handled (should be 1)\n", dprintk(dev, 2, "[%p/%d] wakeup\n", buf, buf->vb. i);
__FUNCTION__, bc); unlock:
spin_unlock(&dev->slock); spin_unlock_irqrestore(&dev->slock, flags);
return;
} }
#define frames_to_ms(frames) \ #define frames_to_ms(frames) \
((frames * WAKE_NUMERATOR * 1000) / WAKE_DENOMINATOR) ((frames * WAKE_NUMERATOR * 1000) / WAKE_DENOMINATOR)
static void vivi_sleep(struct vivi_dmaqueue *dma_q) static void vivi_sleep(struct vivi_fh *fh)
{ {
struct vivi_dev *dev = container_of(dma_q, struct vivi_dev, vidq); struct vivi_dev *dev = fh->dev;
int timeout, running_time; struct vivi_dmaqueue *dma_q = &dev->vidq;
int timeout;
DECLARE_WAITQUEUE(wait, current); DECLARE_WAITQUEUE(wait, current);
dprintk(dev, 1, "%s dma_q=0x%08lx\n", __FUNCTION__, dprintk(dev, 1, "%s dma_q=0x%08lx\n", __FUNCTION__,
...@@ -443,37 +433,10 @@ static void vivi_sleep(struct vivi_dmaqueue *dma_q) ...@@ -443,37 +433,10 @@ static void vivi_sleep(struct vivi_dmaqueue *dma_q)
if (kthread_should_stop()) if (kthread_should_stop())
goto stop_task; goto stop_task;
running_time = jiffies - dma_q->ini_jiffies;
dma_q->frame++;
/* Calculate time to wake up */ /* Calculate time to wake up */
timeout = msecs_to_jiffies(frames_to_ms(dma_q->frame)) - running_time; timeout = msecs_to_jiffies(frames_to_ms(1));
if (timeout > msecs_to_jiffies(frames_to_ms(2)) || timeout <= 0) { vivi_thread_tick(fh);
int old = dma_q->frame;
int nframes;
dma_q->frame = (jiffies_to_msecs(running_time) /
frames_to_ms(1)) + 1;
timeout = msecs_to_jiffies(frames_to_ms(dma_q->frame))
- running_time;
if (unlikely (timeout <= 0))
timeout = 1;
nframes = (dma_q->frame > old)?
dma_q->frame - old : old - dma_q->frame;
dprintk(dev, 1, "%ld: %s %d frames. "
"Current frame is %d. Will sleep for %d jiffies\n",
jiffies,
(dma_q->frame > old)? "Underrun, losed" : "Overrun of",
nframes, dma_q->frame, timeout);
} else
dprintk(dev, 1, "will sleep for %d jiffies\n", timeout);
vivi_thread_tick(dma_q);
schedule_timeout_interruptible(timeout); schedule_timeout_interruptible(timeout);
...@@ -484,16 +447,15 @@ static void vivi_sleep(struct vivi_dmaqueue *dma_q) ...@@ -484,16 +447,15 @@ static void vivi_sleep(struct vivi_dmaqueue *dma_q)
static int vivi_thread(void *data) static int vivi_thread(void *data)
{ {
struct vivi_dmaqueue *dma_q = data; struct vivi_fh *fh = data;
struct vivi_dev *dev = container_of(dma_q, struct vivi_dev, vidq); struct vivi_dev *dev = fh->dev;
dprintk(dev, 1, "thread started\n"); dprintk(dev, 1, "thread started\n");
mod_timer(&dma_q->timeout, jiffies+BUFFER_TIMEOUT);
set_freezable(); set_freezable();
for (;;) { for (;;) {
vivi_sleep(dma_q); vivi_sleep(fh);
if (kthread_should_stop()) if (kthread_should_stop())
break; break;
...@@ -502,16 +464,17 @@ static int vivi_thread(void *data) ...@@ -502,16 +464,17 @@ static int vivi_thread(void *data)
return 0; return 0;
} }
static int vivi_start_thread(struct vivi_dmaqueue *dma_q) static int vivi_start_thread(struct vivi_fh *fh)
{ {
struct vivi_dev *dev = container_of(dma_q, struct vivi_dev, vidq); struct vivi_dev *dev = fh->dev;
struct vivi_dmaqueue *dma_q = &dev->vidq;
dma_q->frame = 0; dma_q->frame = 0;
dma_q->ini_jiffies = jiffies; dma_q->ini_jiffies = jiffies;
dprintk(dev, 1, "%s\n", __FUNCTION__); dprintk(dev, 1, "%s\n", __FUNCTION__);
dma_q->kthread = kthread_run(vivi_thread, dma_q, "vivi"); dma_q->kthread = kthread_run(vivi_thread, fh, "vivi");
if (IS_ERR(dma_q->kthread)) { if (IS_ERR(dma_q->kthread)) {
printk(KERN_ERR "vivi: kernel_thread() failed\n"); printk(KERN_ERR "vivi: kernel_thread() failed\n");
...@@ -536,91 +499,6 @@ static void vivi_stop_thread(struct vivi_dmaqueue *dma_q) ...@@ -536,91 +499,6 @@ static void vivi_stop_thread(struct vivi_dmaqueue *dma_q)
} }
} }
static int restart_video_queue(struct vivi_dmaqueue *dma_q)
{
struct vivi_dev *dev = container_of(dma_q, struct vivi_dev, vidq);
struct vivi_buffer *buf, *prev;
dprintk(dev, 1, "%s dma_q=0x%08lx\n", __FUNCTION__,
(unsigned long)dma_q);
if (!list_empty(&dma_q->active)) {
buf = list_entry(dma_q->active.next,
struct vivi_buffer, vb.queue);
dprintk(dev, 2, "restart_queue [%p/%d]: restart dma\n",
buf, buf->vb.i);
dprintk(dev, 1, "Restarting video dma\n");
vivi_stop_thread(dma_q);
/* cancel all outstanding capture / vbi requests */
list_for_each_entry_safe(buf, prev, &dma_q->active, vb.queue) {
list_del(&buf->vb.queue);
buf->vb.state = VIDEOBUF_ERROR;
wake_up(&buf->vb.done);
}
mod_timer(&dma_q->timeout, jiffies+BUFFER_TIMEOUT);
return 0;
}
prev = NULL;
for (;;) {
if (list_empty(&dma_q->queued))
return 0;
buf = list_entry(dma_q->queued.next,
struct vivi_buffer, vb.queue);
if (NULL == prev) {
list_del(&buf->vb.queue);
list_add_tail(&buf->vb.queue, &dma_q->active);
dprintk(dev, 1, "Restarting video dma\n");
vivi_stop_thread(dma_q);
vivi_start_thread(dma_q);
buf->vb.state = VIDEOBUF_ACTIVE;
mod_timer(&dma_q->timeout, jiffies+BUFFER_TIMEOUT);
dprintk(dev, 2,
"[%p/%d] restart_queue - first active\n",
buf, buf->vb.i);
} else if (prev->vb.width == buf->vb.width &&
prev->vb.height == buf->vb.height &&
prev->fmt == buf->fmt) {
list_del(&buf->vb.queue);
list_add_tail(&buf->vb.queue, &dma_q->active);
buf->vb.state = VIDEOBUF_ACTIVE;
dprintk(dev, 2,
"[%p/%d] restart_queue - move to active\n",
buf, buf->vb.i);
} else {
return 0;
}
prev = buf;
}
}
static void vivi_vid_timeout(unsigned long data)
{
struct vivi_dev *dev = (struct vivi_dev *)data;
struct vivi_dmaqueue *vidq = &dev->vidq;
struct vivi_buffer *buf;
spin_lock(&dev->slock);
while (!list_empty(&vidq->active)) {
buf = list_entry(vidq->active.next,
struct vivi_buffer, vb.queue);
list_del(&buf->vb.queue);
buf->vb.state = VIDEOBUF_ERROR;
wake_up(&buf->vb.done);
printk(KERN_INFO "vivi/0: [%p/%d] timeout\n", buf, buf->vb.i);
}
restart_video_queue(vidq);
spin_unlock(&dev->slock);
}
/* ------------------------------------------------------------------ /* ------------------------------------------------------------------
Videobuf operations Videobuf operations
------------------------------------------------------------------*/ ------------------------------------------------------------------*/
...@@ -649,13 +527,13 @@ static void free_buffer(struct videobuf_queue *vq, struct vivi_buffer *buf) ...@@ -649,13 +527,13 @@ static void free_buffer(struct videobuf_queue *vq, struct vivi_buffer *buf)
struct vivi_fh *fh = vq->priv_data; struct vivi_fh *fh = vq->priv_data;
struct vivi_dev *dev = fh->dev; struct vivi_dev *dev = fh->dev;
dprintk(dev, 1, "%s\n", __FUNCTION__); dprintk(dev, 1, "%s, state: %i\n", __FUNCTION__, buf->vb.state);
if (in_interrupt()) if (in_interrupt())
BUG(); BUG();
videobuf_waiton(&buf->vb, 0, 0);
videobuf_vmalloc_free(&buf->vb); videobuf_vmalloc_free(&buf->vb);
dprintk(dev, 1, "free_buffer: freed");
buf->vb.state = VIDEOBUF_NEEDS_INIT; buf->vb.state = VIDEOBUF_NEEDS_INIT;
} }
...@@ -668,28 +546,25 @@ buffer_prepare(struct videobuf_queue *vq, struct videobuf_buffer *vb, ...@@ -668,28 +546,25 @@ buffer_prepare(struct videobuf_queue *vq, struct videobuf_buffer *vb,
struct vivi_fh *fh = vq->priv_data; struct vivi_fh *fh = vq->priv_data;
struct vivi_dev *dev = fh->dev; struct vivi_dev *dev = fh->dev;
struct vivi_buffer *buf = container_of(vb, struct vivi_buffer, vb); struct vivi_buffer *buf = container_of(vb, struct vivi_buffer, vb);
int rc, init_buffer = 0; int rc;
dprintk(dev, 1, "%s, field=%d\n", __FUNCTION__, field); dprintk(dev, 1, "%s, field=%d\n", __FUNCTION__, field);
BUG_ON(NULL == fh->fmt); BUG_ON(NULL == fh->fmt);
if (fh->width < 48 || fh->width > norm_maxw() || if (fh->width < 48 || fh->width > norm_maxw() ||
fh->height < 32 || fh->height > norm_maxh()) fh->height < 32 || fh->height > norm_maxh())
return -EINVAL; return -EINVAL;
buf->vb.size = fh->width*fh->height*2; buf->vb.size = fh->width*fh->height*2;
if (0 != buf->vb.baddr && buf->vb.bsize < buf->vb.size) if (0 != buf->vb.baddr && buf->vb.bsize < buf->vb.size)
return -EINVAL; return -EINVAL;
if (buf->fmt != fh->fmt || /* These properties only change when queue is idle, see s_fmt */
buf->vb.width != fh->width || buf->fmt = fh->fmt;
buf->vb.height != fh->height || buf->vb.width = fh->width;
buf->vb.field != field) { buf->vb.height = fh->height;
buf->fmt = fh->fmt; buf->vb.field = field;
buf->vb.width = fh->width;
buf->vb.height = fh->height;
buf->vb.field = field;
init_buffer = 1;
}
if (VIDEOBUF_NEEDS_INIT == buf->vb.state) { if (VIDEOBUF_NEEDS_INIT == buf->vb.state) {
rc = videobuf_iolock(vq, &buf->vb, NULL); rc = videobuf_iolock(vq, &buf->vb, NULL);
...@@ -712,45 +587,12 @@ buffer_queue(struct videobuf_queue *vq, struct videobuf_buffer *vb) ...@@ -712,45 +587,12 @@ buffer_queue(struct videobuf_queue *vq, struct videobuf_buffer *vb)
struct vivi_buffer *buf = container_of(vb, struct vivi_buffer, vb); struct vivi_buffer *buf = container_of(vb, struct vivi_buffer, vb);
struct vivi_fh *fh = vq->priv_data; struct vivi_fh *fh = vq->priv_data;
struct vivi_dev *dev = fh->dev; struct vivi_dev *dev = fh->dev;
struct vivi_dmaqueue *vidq = &dev->vidq; struct vivi_dmaqueue *vidq = &dev->vidq;
struct vivi_buffer *prev;
dprintk(dev, 1, "%s\n", __FUNCTION__);
if (!list_empty(&vidq->queued)) {
dprintk(dev, 1, "adding vb queue=0x%08lx\n", buf->vb.state = VIDEOBUF_QUEUED;
(unsigned long)&buf->vb.queue); list_add_tail(&buf->vb.queue, &vidq->active);
list_add_tail(&buf->vb.queue, &vidq->queued);
buf->vb.state = VIDEOBUF_QUEUED;
dprintk(dev, 2, "[%p/%d] buffer_queue - append to queued\n",
buf, buf->vb.i);
} else if (list_empty(&vidq->active)) {
list_add_tail(&buf->vb.queue, &vidq->active);
buf->vb.state = VIDEOBUF_ACTIVE;
mod_timer(&vidq->timeout, jiffies+BUFFER_TIMEOUT);
dprintk(dev, 2, "[%p/%d] buffer_queue - first active\n",
buf, buf->vb.i);
vivi_start_thread(vidq);
} else {
prev = list_entry(vidq->active.prev,
struct vivi_buffer, vb.queue);
if (prev->vb.width == buf->vb.width &&
prev->vb.height == buf->vb.height &&
prev->fmt == buf->fmt) {
list_add_tail(&buf->vb.queue, &vidq->active);
buf->vb.state = VIDEOBUF_ACTIVE;
dprintk(dev, 2,
"[%p/%d] buffer_queue - append to active\n",
buf, buf->vb.i);
} else {
list_add_tail(&buf->vb.queue, &vidq->queued);
buf->vb.state = VIDEOBUF_QUEUED;
dprintk(dev, 2,
"[%p/%d] buffer_queue - first queued\n",
buf, buf->vb.i);
}
}
} }
static void buffer_release(struct videobuf_queue *vq, static void buffer_release(struct videobuf_queue *vq,
...@@ -759,12 +601,9 @@ static void buffer_release(struct videobuf_queue *vq, ...@@ -759,12 +601,9 @@ static void buffer_release(struct videobuf_queue *vq,
struct vivi_buffer *buf = container_of(vb, struct vivi_buffer, vb); struct vivi_buffer *buf = container_of(vb, struct vivi_buffer, vb);
struct vivi_fh *fh = vq->priv_data; struct vivi_fh *fh = vq->priv_data;
struct vivi_dev *dev = (struct vivi_dev *)fh->dev; struct vivi_dev *dev = (struct vivi_dev *)fh->dev;
struct vivi_dmaqueue *vidq = &dev->vidq;
dprintk(dev, 1, "%s\n", __FUNCTION__); dprintk(dev, 1, "%s\n", __FUNCTION__);
vivi_stop_thread(vidq);
free_buffer(vq, buf); free_buffer(vq, buf);
} }
...@@ -870,17 +709,31 @@ static int vidioc_s_fmt_cap(struct file *file, void *priv, ...@@ -870,17 +709,31 @@ static int vidioc_s_fmt_cap(struct file *file, void *priv,
struct v4l2_format *f) struct v4l2_format *f)
{ {
struct vivi_fh *fh = priv; struct vivi_fh *fh = priv;
struct videobuf_queue *q = &fh->vb_vidq;
int ret = vidioc_try_fmt_cap(file, fh, f); int ret = vidioc_try_fmt_cap(file, fh, f);
if (ret < 0) if (ret < 0)
return (ret); return (ret);
mutex_lock(&q->vb_lock);
if (videobuf_queue_is_busy(&fh->vb_vidq)) {
dprintk(fh->dev, 1, "%s queue busy\n", __FUNCTION__);
ret = -EBUSY;
goto out;
}
fh->fmt = &format; fh->fmt = &format;
fh->width = f->fmt.pix.width; fh->width = f->fmt.pix.width;
fh->height = f->fmt.pix.height; fh->height = f->fmt.pix.height;
fh->vb_vidq.field = f->fmt.pix.field; fh->vb_vidq.field = f->fmt.pix.field;
fh->type = f->type; fh->type = f->type;
return (0); ret = 0;
out:
mutex_unlock(&q->vb_lock);
return (ret);
} }
static int vidioc_reqbufs(struct file *file, void *priv, static int vidioc_reqbufs(struct file *file, void *priv,
...@@ -1097,6 +950,8 @@ static int vivi_open(struct inode *inode, struct file *file) ...@@ -1097,6 +950,8 @@ static int vivi_open(struct inode *inode, struct file *file)
NULL, &dev->slock, fh->type, V4L2_FIELD_INTERLACED, NULL, &dev->slock, fh->type, V4L2_FIELD_INTERLACED,
sizeof(struct vivi_buffer), fh); sizeof(struct vivi_buffer), fh);
vivi_start_thread(fh);
return 0; return 0;
} }
...@@ -1252,18 +1107,12 @@ static int __init vivi_init(void) ...@@ -1252,18 +1107,12 @@ static int __init vivi_init(void)
/* init video dma queues */ /* init video dma queues */
INIT_LIST_HEAD(&dev->vidq.active); INIT_LIST_HEAD(&dev->vidq.active);
INIT_LIST_HEAD(&dev->vidq.queued);
init_waitqueue_head(&dev->vidq.wq); init_waitqueue_head(&dev->vidq.wq);
/* initialize locks */ /* initialize locks */
mutex_init(&dev->lock);
spin_lock_init(&dev->slock); spin_lock_init(&dev->slock);
mutex_init(&dev->mutex); mutex_init(&dev->mutex);
dev->vidq.timeout.function = vivi_vid_timeout;
dev->vidq.timeout.data = (unsigned long)dev;
init_timer(&dev->vidq.timeout);
vfd = video_device_alloc(); vfd = video_device_alloc();
if (NULL == vfd) if (NULL == vfd)
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment