Commit 9ddc6b20 authored Oct 15, 2015 by Arun Menon

msm: vidc: Fix race condition with v4l2 event handler



The v4l2 event handler struct should be initialized
before we add inst to the core->instances list.
Consider a case where there are few video sessions playing,
and a new video instance is opened. Before the new instance
is fully initialized, suppose there is a sys error from
firmware. In the response handler thread, driver will try
to send notifications to all the clients. Here it will
access the uninitialzed event handler struct of the recently
opened instance and crash. The fix is to ensure that the
instance is completely initialized before being added to the
core instance list.

Change-Id: Ic94a78b8948d904e357b94861e33a360409b082b
Signed-off-by: Arun Menon <avmenon@codeaurora.org>

parent b06f2ad5

drivers/media/platform/msm/vidc/msm_vidc.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -1198,6 +1198,8 @@ void *msm_vidc_open(int core_id, int session_type)
		goto fail_bufq_output;
		}

		setup_event_queue(inst, &core->vdev[session_type].vdev);

		mutex_lock(&core->lock);
		list_add_tail(&inst->list, &core->instances);
		mutex_unlock(&core->lock);
		@@ -1211,10 +1213,10 @@ void *msm_vidc_open(int core_id, int session_type)
		inst->debugfs_root =
		msm_vidc_debugfs_init_inst(inst, core->debugfs_root);

		setup_event_queue(inst, &core->vdev[session_type].vdev);

		return inst;
		fail_init:
		v4l2_fh_del(&inst->event_handler);
		v4l2_fh_exit(&inst->event_handler);
		vb2_queue_release(&inst->bufq[OUTPUT_PORT].vb2_bufq);

		mutex_lock(&core->lock);