[PATCH 2/9] V4L/DVB (5020): Fix: disable interrupts while atKM_BOUNCE_READ

[Mauro Carvalho Chehab]

From: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxx>

vivi.c uses the KM_BOUNCE_READ with local interrupts enabled. 
This means that if a disk interrupt occurs while vivi.c is using this
fixmap slot, the vivi.c driver will, upon return from that interrupt, find
that the fixmap slot now points at a different physical page.
The net result will probably be rare corruption of disk file contents,
because viv.c will now be altering the page which the disk code was
recently using. 

Thanks to Andrew Morton for pointing this.
Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxx>
---

 drivers/media/video/vivi.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/drivers/media/video/vivi.c b/drivers/media/video/vivi.c
index bacb311..d4cf556 100644
--- a/drivers/media/video/vivi.c
+++ b/drivers/media/video/vivi.c
@@ -270,10 +270,15 @@ static void gen_line(struct sg_to_addr t
 	char *p,*s,*basep;
 	struct page *pg;
 	u8   chr,r,g,b,color;
+	unsigned long flags;
+	spinlock_t spinlock;
+
+	spin_lock_init(&spinlock);
 
 	/* Get first addr pointed to pixel position */
 	oldpg=get_addr_pos(pos,pages,to_addr);
 	pg=pfn_to_page(sg_dma_address(to_addr[oldpg].sg) >> PAGE_SHIFT);
+	spin_lock_irqsave(&spinlock,flags);
 	basep = kmap_atomic(pg, KM_BOUNCE_READ)+to_addr[oldpg].sg->offset;
 
 	/* We will just duplicate the second pixel at the packet */
@@ -376,6 +381,8 @@ static void gen_line(struct sg_to_addr t
 
 end:
 	kunmap_atomic(basep, KM_BOUNCE_READ);
+	spin_unlock_irqrestore(&spinlock,flags);
+
 }
 static void vivi_fillbuff(struct vivi_dev *dev,struct vivi_buffer *buf)
 {

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/