Re: [PATCH] omap_vout: find_vma() needs ->mmap_sem held

From: Al Viro
Date: Sat Dec 15 2012 - 15:38:17 EST

Next message: Arvind R: "[PATCH 3.7.0 1/9] i82975x_edac.c: fix style errors"
Previous message: Arvind R: "[PATCH 3.7.0 0/9] i82975x_edac: driver cleanup"
In reply to: Al Viro: "[PATCH] omap_vout: find_vma() needs ->mmap_sem held"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Dec 15, 2012 at 08:12:37PM +0000, Al Viro wrote:
> Walking rbtree while it's modified is a Bad Idea(tm); besides,
> the result of find_vma() can be freed just as it's getting returned
> to caller. Fortunately, it's easy to fix - just take ->mmap_sem a bit
> earlier (and don't bother with find_vma() at all if virtp >= PAGE_OFFSET -
> in that case we don't even look at its result).

While we are at it, what prevents VIDIOC_PREPARE_BUF calling
v4l_prepare_buf() -> (e.g) vb2_ioctl_prepare_buf() -> vb2_prepare_buf() ->
__buf_prepare() -> __qbuf_userptr() -> vb2_vmalloc_get_userptr() -> find_vma(),
AFAICS without having taken ->mmap_sem anywhere in process? The code flow
is bloody convoluted and depends on a bunch of things done by initialization,
so I certainly might've missed something...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arvind R: "[PATCH 3.7.0 1/9] i82975x_edac.c: fix style errors"
Previous message: Arvind R: "[PATCH 3.7.0 0/9] i82975x_edac: driver cleanup"
In reply to: Al Viro: "[PATCH] omap_vout: find_vma() needs ->mmap_sem held"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]