[PATCH 5.4 326/453] media: ipu3-cio2: Serialise access to pad format

From: Greg Kroah-Hartman
Date: Mon Dec 28 2020 - 10:35:37 EST


From: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx>

commit 55a6c6b2be3d6670bf5772364d8208bd8dc17da4 upstream.

Pad format can be accessed from user space. Serialise access to it.

Fixes: c2a6a07afe4a ("media: intel-ipu3: cio2: add new MIPI-CSI2 driver")
Signed-off-by: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx>
Reviewed-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx>
Reviewed-by: Bingbu Cao <bingbu.cao@xxxxxxxxx>
Reviewed-by: Andy Shevchenko <andy.shevchenko@xxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx # v4.16 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/media/pci/intel/ipu3/ipu3-cio2.c | 11 +++++++++++
drivers/media/pci/intel/ipu3/ipu3-cio2.h | 1 +
2 files changed, 12 insertions(+)

--- a/drivers/media/pci/intel/ipu3/ipu3-cio2.c
+++ b/drivers/media/pci/intel/ipu3/ipu3-cio2.c
@@ -1245,11 +1245,15 @@ static int cio2_subdev_get_fmt(struct v4
{
struct cio2_queue *q = container_of(sd, struct cio2_queue, subdev);

+ mutex_lock(&q->subdev_lock);
+
if (fmt->which == V4L2_SUBDEV_FORMAT_TRY)
fmt->format = *v4l2_subdev_get_try_format(sd, cfg, fmt->pad);
else
fmt->format = q->subdev_fmt;

+ mutex_unlock(&q->subdev_lock);
+
return 0;
}

@@ -1273,6 +1277,8 @@ static int cio2_subdev_set_fmt(struct v4
if (fmt->pad == CIO2_PAD_SOURCE)
return cio2_subdev_get_fmt(sd, cfg, fmt);

+ mutex_lock(&q->subdev_lock);
+
if (fmt->which == V4L2_SUBDEV_FORMAT_TRY) {
*v4l2_subdev_get_try_format(sd, cfg, fmt->pad) = fmt->format;
} else {
@@ -1283,6 +1289,8 @@ static int cio2_subdev_set_fmt(struct v4
fmt->format = q->subdev_fmt;
}

+ mutex_unlock(&q->subdev_lock);
+
return 0;
}

@@ -1541,6 +1549,7 @@ static int cio2_queue_init(struct cio2_d

/* Initialize miscellaneous variables */
mutex_init(&q->lock);
+ mutex_init(&q->subdev_lock);

/* Initialize formats to default values */
fmt = &q->subdev_fmt;
@@ -1659,6 +1668,7 @@ fail_vdev_media_entity:
fail_subdev_media_entity:
cio2_fbpt_exit(q, &cio2->pci_dev->dev);
fail_fbpt:
+ mutex_destroy(&q->subdev_lock);
mutex_destroy(&q->lock);

return r;
@@ -1672,6 +1682,7 @@ static void cio2_queue_exit(struct cio2_
v4l2_device_unregister_subdev(&q->subdev);
media_entity_cleanup(&q->subdev.entity);
cio2_fbpt_exit(q, &cio2->pci_dev->dev);
+ mutex_destroy(&q->subdev_lock);
mutex_destroy(&q->lock);
}

--- a/drivers/media/pci/intel/ipu3/ipu3-cio2.h
+++ b/drivers/media/pci/intel/ipu3/ipu3-cio2.h
@@ -332,6 +332,7 @@ struct cio2_queue {

/* Subdev, /dev/v4l-subdevX */
struct v4l2_subdev subdev;
+ struct mutex subdev_lock; /* Serialise acces to subdev_fmt field */
struct media_pad subdev_pads[CIO2_PADS];
struct v4l2_mbus_framefmt subdev_fmt;
atomic_t frame_sequence;