linux_dsm_epyc7002/include/media
Hans Verkuil f035eb4e97 [media] videobuf2: fix lockdep warning
The following lockdep warning has been there ever since commit a517cca6b2
one year ago:

[  403.117947] ======================================================
[  403.117949] [ INFO: possible circular locking dependency detected ]
[  403.117953] 3.16.0-rc6-test-media #961 Not tainted
[  403.117954] -------------------------------------------------------
[  403.117956] v4l2-ctl/15377 is trying to acquire lock:
[  403.117959]  (&dev->mutex#3){+.+.+.}, at: [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[  403.117974]
[  403.117974] but task is already holding lock:
[  403.117976]  (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[  403.117987]
[  403.117987] which lock already depends on the new lock.
[  403.117987]
[  403.117990]
[  403.117990] the existing dependency chain (in reverse order) is:
[  403.117992]
[  403.117992] -> #1 (&mm->mmap_sem){++++++}:
[  403.117997]        [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[  403.118006]        [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[  403.118010]        [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[  403.118014]        [<ffffffff8118c9ec>] might_fault+0x7c/0xb0
[  403.118018]        [<ffffffffa0028a25>] video_usercopy+0x425/0x610 [videodev]
[  403.118028]        [<ffffffffa0028c25>] video_ioctl2+0x15/0x20 [videodev]
[  403.118034]        [<ffffffffa0022764>] v4l2_ioctl+0x184/0x1a0 [videodev]
[  403.118040]        [<ffffffff811d77d0>] do_vfs_ioctl+0x2f0/0x4f0
[  403.118307]        [<ffffffff811d7a51>] SyS_ioctl+0x81/0xa0
[  403.118311]        [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[  403.118319]
[  403.118319] -> #0 (&dev->mutex#3){+.+.+.}:
[  403.118324]        [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[  403.118329]        [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[  403.118333]        [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[  403.118336]        [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[  403.118340]        [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[  403.118344]        [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[  403.118349]        [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[  403.118354]        [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[  403.118359]        [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[  403.118363]        [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[  403.118366]        [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[  403.118369]        [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[  403.118376]        [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b
[  403.118381]
[  403.118381] other info that might help us debug this:
[  403.118381]
[  403.118383]  Possible unsafe locking scenario:
[  403.118383]
[  403.118385]        CPU0                    CPU1
[  403.118387]        ----                    ----
[  403.118388]   lock(&mm->mmap_sem);
[  403.118391]                                lock(&dev->mutex#3);
[  403.118394]                                lock(&mm->mmap_sem);
[  403.118397]   lock(&dev->mutex#3);
[  403.118400]
[  403.118400]  *** DEADLOCK ***
[  403.118400]
[  403.118403] 1 lock held by v4l2-ctl/15377:
[  403.118405]  #0:  (&mm->mmap_sem){++++++}, at: [<ffffffff8118291f>] vm_mmap_pgoff+0x6f/0xc0
[  403.118411]
[  403.118411] stack backtrace:
[  403.118415] CPU: 0 PID: 15377 Comm: v4l2-ctl Not tainted 3.16.0-rc6-test-media #961
[  403.118418] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[  403.118420]  ffffffff82a6c9d0 ffff8800af37fb00 ffffffff819916a2 ffffffff82a6c9d0
[  403.118425]  ffff8800af37fb40 ffffffff810d5715 ffff8802308e4200 0000000000000000
[  403.118429]  ffff8802308e4a48 ffff8802308e4a48 ffff8802308e4200 0000000000000001
[  403.118433] Call Trace:
[  403.118441]  [<ffffffff819916a2>] dump_stack+0x4e/0x7a
[  403.118445]  [<ffffffff810d5715>] print_circular_bug+0x1d5/0x2a0
[  403.118449]  [<ffffffff810d6a96>] check_prevs_add+0x746/0x9f0
[  403.118455]  [<ffffffff8119c172>] ? find_vmap_area+0x42/0x70
[  403.118459]  [<ffffffff810d733c>] validate_chain.isra.39+0x5fc/0x9a0
[  403.118463]  [<ffffffff810d8bc3>] __lock_acquire+0x4d3/0xd30
[  403.118468]  [<ffffffff810d9da7>] lock_acquire+0xa7/0x160
[  403.118472]  [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[  403.118476]  [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[  403.118480]  [<ffffffff81999664>] mutex_lock_interruptible_nested+0x64/0x640
[  403.118484]  [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[  403.118488]  [<ffffffffa005a6c3>] ? vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[  403.118493]  [<ffffffff810d8055>] ? mark_held_locks+0x75/0xa0
[  403.118497]  [<ffffffffa005a6c3>] vb2_fop_mmap+0x33/0x90 [videobuf2_core]
[  403.118502]  [<ffffffffa0022122>] v4l2_mmap+0x62/0xa0 [videodev]
[  403.118506]  [<ffffffff81197270>] mmap_region+0x3d0/0x5d0
[  403.118510]  [<ffffffff8119778d>] do_mmap_pgoff+0x31d/0x400
[  403.118513]  [<ffffffff81182940>] vm_mmap_pgoff+0x90/0xc0
[  403.118517]  [<ffffffff81195cef>] SyS_mmap_pgoff+0x1df/0x2a0
[  403.118521]  [<ffffffff810085c2>] SyS_mmap+0x22/0x30
[  403.118525]  [<ffffffff8199dc69>] system_call_fastpath+0x16/0x1b

The reason is that vb2_fop_mmap and vb2_fop_get_unmapped_area take the core lock
while they are called with the mmap_sem semaphore held. But elsewhere in the code
the core lock is taken first but calls to copy_to/from_user() can take the mmap_sem
semaphore as well, potentially causing a classical A-B/B-A deadlock.

However, the mmap/get_unmapped_area calls really shouldn't take the core lock
at all. So what would happen if they don't take the core lock anymore?

There are two situations that need to be taken into account: calling mmap while
new buffers are being added and calling mmap while buffers are being deleted.

The first case works almost fine without a lock: in all cases mmap relies on
correctly filled-in q->num_buffers/q->num_planes values and those are only
updated by reqbufs and create_buffers *after* any new buffers have been
initialized completely. Except in one case: if an error occurred while allocating
the buffers it will increase num_buffers and rely on __vb2_queue_free to
decrease it again. So there is a short period where the buffer information
may be wrong.

The second case definitely does pose a problem: buffers may be in the process
of being deleted, without the internal structure being updated.

In order to fix this a new mutex is added to vb2_queue that is taken when
buffers are allocated or deleted, and in vb2_mmap. That way vb2_mmap won't
get stale buffer data. Note that this is a problem only for MEMORY_MMAP, so
even though __qbuf_userptr and __qbuf_dmabuf also mess around with buffers
(mem_priv in particular), this doesn't clash with vb2_mmap or
vb2_get_unmapped_area since those are MMAP specific.

As an additional bonus the hack in __buf_prepare, the USERPTR case, can be
removed as well since mmap() no longer takes the core lock.

All in all a much cleaner solution.

Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
2014-08-21 15:25:31 -05:00
..
blackfin [media] v4l2: blackfin: select proper pinctrl state in ppi_set_params if CONFIG_PINCTRL is enabled 2014-07-26 17:15:16 -03:00
davinci [media] media: davinci: vpfe: use v4l2_fh for priority handling 2014-04-16 18:24:15 -03:00
ad9389b.h
adp1653.h
adv7183.h
adv7343.h [media] media: i2c: adv7343: make the platform data members as array 2013-07-26 13:20:36 -03:00
adv7393.h
adv7511.h [media] adv7511: add new video encoder 2013-08-26 07:53:43 -03:00
adv7604.h [media] adv7604: Add LLC polarity configuration 2014-05-25 13:10:16 -03:00
adv7842.h [media] adv7842: platform-data for Hotplug Active (HPA) manual/auto 2014-02-04 09:57:36 -02:00
ak881x.h
as3645a.h
atmel-isi.h [media] media: atmel-isi: add v4l2 async probe support 2014-07-30 19:35:06 -03:00
bt819.h
cs53l32a.h
cs5345.h
cx2341x.h
cx25840.h
exynos-fimc.h [media] exynos4-is: Remove support for non-dt platforms 2014-05-23 18:52:54 -03:00
gpio-ir-recv.h
i2c-addr.h
ir-kbd-i2c.h [media] rc-core: improve ir-kbd-i2c get_key functions 2014-07-23 20:05:56 -03:00
ir-rx51.h
lirc_dev.h [media] media: lirc: Allow lirc dev to talk to rc device 2013-07-31 16:30:27 -03:00
lirc.h
lm3560.h [media] media: i2c: add driver for dual LED Flash, lm3560 2013-10-31 06:36:39 -02:00
lm3646.h [media] lm3646: add new dual LED Flash driver 2014-03-11 10:00:26 -03:00
m5mols.h
m52790.h
media-device.h [media] media: Use a better owner for the media device 2014-05-13 13:39:00 -03:00
media-devnode.h [media] media: Use a better owner for the media device 2014-05-13 13:39:00 -03:00
media-entity.h [media] media: Include linux/kernel.h for DIV_ROUND_UP() 2013-12-18 10:36:02 -02:00
mmp-camera.h
msp3400.h
mt9m032.h
mt9p031.h
mt9t001.h
mt9t112.h
mt9v011.h
mt9v022.h
mt9v032.h [media] mt9v032: Use the common clock framework 2013-08-22 11:37:46 -03:00
noon010pc30.h
omap1_camera.h
omap3isp.h [media] omap3isp: ccdc: Add basic support for interlaced video 2014-08-21 15:25:14 -05:00
omap4iss.h [media] v4l: omap4iss: Add support for OMAP4 camera interface - Core 2013-12-03 17:21:04 -02:00
ov772x.h
ov7670.h
ov9650.h
radio-si4713.h
rc-core.h [media] rc-core: don't use dynamic_pr_debug for IR_dprintk() 2014-07-25 23:40:06 -03:00
rc-map.h [media] rc: Add support for decoding XMP protocol 2014-07-26 19:38:04 -03:00
rj54n1cb0c.h
s3c_camif.h
s5c73m3.h
s5k4ecgx.h
s5k6aa.h
s5p_hdmi.h
saa6588.h [media] saa6588: add support for non-blocking mode 2014-01-07 07:42:19 -02:00
saa7115.h [media] saa7115: make multi-line comments compliant with CodingStyle 2013-08-18 08:39:24 -03:00
saa7127.h
saa7146_vv.h
saa7146.h
sh_mobile_ceu.h [media] V4L2: soc-camera: fix uninitialised use compiler warning 2013-06-28 14:57:18 -03:00
sh_mobile_csi2.h [media] sh_mobile_ceu_camera: add asynchronous subdevice probing support 2013-06-21 16:35:53 -03:00
sh_vou.h
si476x.h
si4713.h [media] si4713: move supply list to si4713_platform_data 2013-12-18 06:40:07 -02:00
sii9234.h
smiapp.h [media] smiapp: Call the clock "ext_clk" 2013-08-22 11:39:12 -03:00
soc_camera_platform.h
soc_camera.h [media] V4L2: soc-camera: work around unbalanced calls to .s_power() 2013-10-31 04:38:40 -02:00
soc_mediabus.h
sr030pc30.h
tea575x.h [media] tea575x: Move header from sound to media 2013-08-18 08:08:05 -03:00
ths7303.h
timb_radio.h
timb_video.h
tuner-types.h
tuner.h
tvaudio.h
tveeprom.h include: Convert ethernet mac address declarations to use ETH_ALEN 2013-08-02 12:33:54 -07:00
tvp514x.h
tvp5150.h
tvp7002.h
tw9910.h
uda1342.h
upd64031a.h
upd64083.h
v4l2-async.h [media] V4L: Merge struct v4l2_async_subdev_list with struct v4l2_subdev 2013-07-30 15:54:56 -03:00
v4l2-clk.h [media] V4L2: add a v4l2-clk helper macro to produce an I2C device ID 2013-10-31 04:33:02 -02:00
v4l2-common.h Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2013-11-18 15:50:07 -08:00
v4l2-ctrls.h [media] v4l2-ctrls: add new RDS TX controls 2014-07-25 19:26:14 -03:00
v4l2-dev.h [media] media: v4l2-dev.h: remove V4L2_FL_USE_FH_PRIO flag 2014-07-04 16:15:16 -03:00
v4l2-device.h [media] v4l2-subdev.h: fix sparse error with v4l2_subdev_notify 2014-04-16 18:13:56 -03:00
v4l2-dv-timings.h [media] v4l2-dv-timings: add callback to handle exceptions 2013-08-24 04:30:01 -03:00
v4l2-event.h [media] v4l: Add source change event 2014-05-23 19:50:40 -03:00
v4l2-fh.h [media] V4L: Add mem2mem ioctl and file operation helpers 2013-12-04 15:34:24 -02:00
v4l2-image-sizes.h
v4l2-ioctl.h [media] v4l2: integrate support for VIDIOC_QUERY_EXT_CTRL 2014-07-17 10:38:44 -03:00
v4l2-mediabus.h [media] media: OF: add "sync-on-green-active" property 2013-08-24 04:15:05 -03:00
v4l2-mem2mem.h [media] v4l2-mem2mem: export v4l2_m2m_try_schedule 2014-07-22 12:06:50 -03:00
v4l2-of.h [media] of: move common endpoint parsing to drivers/of 2014-03-06 17:41:48 +01:00
v4l2-subdev.h [media] v4l: subdev: Remove deprecated video-level DV timings operations 2014-05-25 12:59:08 -03:00
videobuf2-core.h [media] videobuf2: fix lockdep warning 2014-08-21 15:25:31 -05:00
videobuf2-dma-contig.h
videobuf2-dma-sg.h [media] videobuf2-dma-sg: Replace vb2_dma_sg_desc with sg_table 2013-09-26 07:33:59 -03:00
videobuf2-dvb.h [media] vb2: Add videobuf2-dvb support 2014-04-16 18:59:29 -03:00
videobuf2-memops.h
videobuf2-vmalloc.h
videobuf-core.h
videobuf-dma-contig.h
videobuf-dma-sg.h [media] vmalloc_sg: make sure all pages in vmalloc area are really DMA-ready 2014-07-26 11:33:15 -03:00
videobuf-dvb.h
videobuf-vmalloc.h
wm8775.h