V4L/DVB (8154): Fix protection problems in the main driver.
Jean-Francois Moine [Sun, 4 May 2008 09:46:21 +0000 (06:46 -0300)]
- Protect format change when streaming active.
- Protect USB exchanges on close.
- Set a timeout in frame wait.
- Have only one capture file and free the resources when closing this file.
- Simplify the URB buffer.
- Don't reset the control values at open time in pac207.
- Fix compilation warnings of stk014.

Signed-off-by: Jean-Francois Moine <moinejf@free.fr>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>

drivers/media/video/gspca/gspca.c
drivers/media/video/gspca/gspca.h
drivers/media/video/gspca/pac207.c
drivers/media/video/gspca/stk014.c

index c4735e1..04dbaba 100644 (file)
@@ -39,8 +39,8 @@ MODULE_AUTHOR("Jean-Francois Moine <http://moinejf.free.fr>");
 MODULE_DESCRIPTION("GSPCA USB Camera Driver");
 MODULE_LICENSE("GPL");
 
-#define DRIVER_VERSION_NUMBER  KERNEL_VERSION(0, 0, 30)
-static const char version[] = "0.0.30";
+#define DRIVER_VERSION_NUMBER  KERNEL_VERSION(0, 1, 1)
+static const char version[] = "0.1.1";
 
 static int video_nr = -1;
 
@@ -346,22 +346,17 @@ static int gspca_kill_transfer(struct gspca_dev *gspca_dev)
 
        PDEBUG(D_STREAM, "kill transfer");
        for (i = 0; i < NURBS; ++i) {
-               urb = gspca_dev->pktbuf[i].urb;
+               urb = gspca_dev->urb[i];
                if (urb == NULL)
                        continue;
 
-               gspca_dev->pktbuf[i].urb = NULL;
+               gspca_dev->urb[i] = NULL;
                usb_kill_urb(urb);
-
-               /* urb->transfer_buffer_length is not touched by USB core,
-                * so we can use it here as the buffer length */
-               if (gspca_dev->pktbuf[i].data) {
+               if (urb->transfer_buffer != 0)
                        usb_buffer_free(gspca_dev->dev,
                                        urb->transfer_buffer_length,
-                                       gspca_dev->pktbuf[i].data,
+                                       urb->transfer_buffer,
                                        urb->transfer_dma);
-                       gspca_dev->pktbuf[i].data = NULL;
-               }
                usb_free_urb(urb);
        }
        return 0;
@@ -460,25 +455,25 @@ static int create_urbs(struct gspca_dev *gspca_dev,
                        err("usb_alloc_urb failed");
                        return -ENOMEM;
                }
-               gspca_dev->pktbuf[n].data = usb_buffer_alloc(gspca_dev->dev,
+               urb->transfer_buffer = usb_buffer_alloc(gspca_dev->dev,
                                                bsize,
                                                GFP_KERNEL,
                                                &urb->transfer_dma);
 
-               if (gspca_dev->pktbuf[n].data == NULL) {
+               if (urb->transfer_buffer == NULL) {
                        usb_free_urb(urb);
                        gspca_kill_transfer(gspca_dev);
                        err("usb_buffer_urb failed");
                        return -ENOMEM;
                }
-               gspca_dev->pktbuf[n].urb = urb;
+               gspca_dev->urb[n] = urb;
                urb->dev = gspca_dev->dev;
                urb->context = gspca_dev;
                urb->pipe = usb_rcvisocpipe(gspca_dev->dev,
                                            ep->desc.bEndpointAddress);
-               urb->transfer_flags = URB_ISO_ASAP | URB_NO_TRANSFER_DMA_MAP;
+               urb->transfer_flags = URB_ISO_ASAP
+                                       | URB_NO_TRANSFER_DMA_MAP;
                urb->interval = ep->desc.bInterval;
-               urb->transfer_buffer = gspca_dev->pktbuf[n].data;
                urb->complete = isoc_irq;
                urb->number_of_packets = npkt;
                urb->transfer_buffer_length = bsize;
@@ -523,8 +518,7 @@ static int gspca_init_transfer(struct gspca_dev *gspca_dev)
 
                /* submit the URBs */
                for (n = 0; n < NURBS; n++) {
-                       ret = usb_submit_urb(gspca_dev->pktbuf[n].urb,
-                                                GFP_KERNEL);
+                       ret = usb_submit_urb(gspca_dev->urb[n], GFP_KERNEL);
                        if (ret < 0) {
                                PDEBUG(D_ERR|D_STREAM,
                                        "usb_submit_urb [%d] err %d", n, ret);
@@ -732,15 +726,13 @@ static int vidioc_g_fmt_cap(struct file *file, void *priv,
        return 0;
 }
 
-static int try_fmt_cap(struct file *file,
-                       void *priv,
+static int try_fmt_cap(struct gspca_dev *gspca_dev,
                        struct v4l2_format *fmt)
 {
-       struct gspca_dev *gspca_dev = priv;
        int w, h, mode, mode2, frsz;
 
-       w = (int) fmt->fmt.pix.width;
-       h = (int) fmt->fmt.pix.height;
+       w = fmt->fmt.pix.width;
+       h = fmt->fmt.pix.height;
 #ifdef GSPCA_DEBUG
        if (gspca_debug & D_CONF)
                PDEBUG_MODE("try fmt cap", fmt->fmt.pix.pixelformat, w, h);
@@ -786,9 +778,10 @@ static int vidioc_try_fmt_cap(struct file *file,
                              void *priv,
                              struct v4l2_format *fmt)
 {
+       struct gspca_dev *gspca_dev = priv;
        int ret;
 
-       ret = try_fmt_cap(file, priv, fmt);
+       ret = try_fmt_cap(gspca_dev, fmt);
        if (ret < 0)
                return ret;
        return 0;
@@ -809,14 +802,19 @@ static int vidioc_s_fmt_cap(struct file *file, void *priv,
 #endif
        if (mutex_lock_interruptible(&gspca_dev->queue_lock))
                return -ERESTARTSYS;
-       ret = try_fmt_cap(file, priv, fmt);
+       ret = try_fmt_cap(gspca_dev, fmt);
        if (ret < 0)
                goto out;
 
        if (ret == gspca_dev->curr_mode)
                goto out;                       /* same mode */
        was_streaming = gspca_dev->streaming;
-       if (was_streaming != 0) {
+       if (was_streaming) {
+               if (gspca_dev->capt_file != 0
+                   && gspca_dev->capt_file != file) {
+                       ret = -EBUSY;
+                       goto out;
+               }
                if (mutex_lock_interruptible(&gspca_dev->usb_lock)) {
                        ret = -ERESTARTSYS;
                        goto out;
@@ -824,8 +822,8 @@ static int vidioc_s_fmt_cap(struct file *file, void *priv,
                gspca_stream_off(gspca_dev);
                mutex_unlock(&gspca_dev->usb_lock);
        }
-       gspca_dev->width = (int) fmt->fmt.pix.width;
-       gspca_dev->height = (int) fmt->fmt.pix.height;
+       gspca_dev->width = fmt->fmt.pix.width;
+       gspca_dev->height = fmt->fmt.pix.height;
        gspca_dev->pixfmt = fmt->fmt.pix.pixelformat;
        gspca_dev->curr_mode = ret;
        if (was_streaming)
@@ -891,17 +889,18 @@ static int dev_close(struct inode *inode, struct file *file)
        if (mutex_lock_interruptible(&gspca_dev->queue_lock))
                return -ERESTARTSYS;
        gspca_dev->users--;
-       if (gspca_dev->users > 0) {
-               mutex_unlock(&gspca_dev->queue_lock);
-               return 0;
-       }
 
-       if (gspca_dev->streaming)
-               gspca_stream_off(gspca_dev);
-       gspca_dev->sd_desc->close(gspca_dev);
-
-       frame_free(gspca_dev);
-       file->private_data = NULL;
+       /* if the file did capture, free the streaming resources */
+       if (gspca_dev->capt_file == file) {
+               mutex_lock(&gspca_dev->usb_lock);
+               if (gspca_dev->streaming)
+                       gspca_stream_off(gspca_dev);
+               gspca_dev->sd_desc->close(gspca_dev);
+               mutex_unlock(&gspca_dev->usb_lock);
+               frame_free(gspca_dev);
+               file->private_data = NULL;
+               gspca_dev->capt_file = 0;
+       }
        mutex_unlock(&gspca_dev->queue_lock);
        PDEBUG(D_STREAM, "closed");
        return 0;
@@ -1052,12 +1051,19 @@ static int vidioc_reqbufs(struct file *file, void *priv,
                return frsz;
        if (mutex_lock_interruptible(&gspca_dev->queue_lock))
                return -ERESTARTSYS;
+       if (gspca_dev->capt_file != 0) { /* only one file may do capture */
+               ret = -EBUSY;
+               goto out;
+       }
        ret = frame_alloc(gspca_dev,
                                rb->count,
                                (unsigned int) frsz,
                                rb->memory);
-       if (ret == 0)
+       if (ret == 0) {
                rb->count = gspca_dev->nframes;
+               gspca_dev->capt_file = file;
+       }
+out:
        mutex_unlock(&gspca_dev->queue_lock);
        PDEBUG(D_STREAM, "reqbufs st:%d c:%d", ret, rb->count);
        return ret;
@@ -1099,6 +1105,10 @@ static int vidioc_streamon(struct file *file, void *priv,
                ret = -EINVAL;
                goto out;
        }
+       if (gspca_dev->capt_file != file) {
+               ret = -EINVAL;
+               goto out;
+       }
        if (!gspca_dev->streaming) {
                ret = gspca_init_transfer(gspca_dev);
                if (ret < 0)
@@ -1122,22 +1132,30 @@ static int vidioc_streamoff(struct file *file, void *priv,
                                enum v4l2_buf_type buf_type)
 {
        struct gspca_dev *gspca_dev = priv;
+       int ret;
 
        PDEBUG(D_STREAM, "stream off");
        if (buf_type != V4L2_BUF_TYPE_VIDEO_CAPTURE)
                return -EINVAL;
-       if (gspca_dev->streaming) {
-               if (mutex_lock_interruptible(&gspca_dev->queue_lock))
-                       return -ERESTARTSYS;
-               if (mutex_lock_interruptible(&gspca_dev->usb_lock)) {
-                       mutex_unlock(&gspca_dev->queue_lock);
-                       return -ERESTARTSYS;
-               }
-               gspca_stream_off(gspca_dev);
-               mutex_unlock(&gspca_dev->usb_lock);
-               mutex_unlock(&gspca_dev->queue_lock);
+       if (!gspca_dev->streaming)
+               return 0;
+       if (mutex_lock_interruptible(&gspca_dev->queue_lock))
+               return -ERESTARTSYS;
+       if (mutex_lock_interruptible(&gspca_dev->usb_lock)) {
+               ret = -ERESTARTSYS;
+               goto out;
        }
-       return 0;
+       if (gspca_dev->capt_file != file) {
+               ret = -EINVAL;
+               goto out2;
+       }
+       gspca_stream_off(gspca_dev);
+       ret = 0;
+out2:
+       mutex_unlock(&gspca_dev->usb_lock);
+out:
+       mutex_unlock(&gspca_dev->queue_lock);
+       return ret;
 }
 
 static int vidioc_g_jpegcomp(struct file *file, void *priv,
@@ -1187,14 +1205,11 @@ static int vidioc_s_parm(struct file *filp, void *priv,
        struct gspca_dev *gspca_dev = priv;
        int n;
 
-       if (mutex_lock_interruptible(&gspca_dev->usb_lock))
-               return -ERESTARTSYS;
        n = parm->parm.capture.readbuffers;
        if (n == 0 || n > GSPCA_MAX_FRAMES)
                parm->parm.capture.readbuffers = gspca_dev->nbufread;
        else
                gspca_dev->nbufread = n;
-       mutex_unlock(&gspca_dev->usb_lock);
        return 0;
 }
 
@@ -1245,7 +1260,11 @@ static int dev_mmap(struct file *file, struct vm_area_struct *vma)
                return -ERESTARTSYS;
        if (!gspca_dev->present) {
                ret = -ENODEV;
-               goto done;
+               goto out;
+       }
+       if (gspca_dev->capt_file != file) {
+               ret = -EINVAL;
+               goto out;
        }
 
        for (i = 0; i < gspca_dev->nframes; ++i) {
@@ -1262,7 +1281,7 @@ static int dev_mmap(struct file *file, struct vm_area_struct *vma)
        if (frame == 0) {
                PDEBUG(D_STREAM, "mmap no frame buffer found");
                ret = -EINVAL;
-               goto done;
+               goto out;
        }
 #ifdef CONFIG_VIDEO_V4L1_COMPAT
        if (i == 0 && size == frame->v4l2_buf.length * gspca_dev->nframes)
@@ -1272,7 +1291,7 @@ static int dev_mmap(struct file *file, struct vm_area_struct *vma)
        if (size != frame->v4l2_buf.length) {
                PDEBUG(D_STREAM, "mmap bad size");
                ret = -EINVAL;
-               goto done;
+               goto out;
        }
 
        /*
@@ -1286,7 +1305,7 @@ static int dev_mmap(struct file *file, struct vm_area_struct *vma)
                page = vmalloc_to_page((void *) addr);
                ret = vm_insert_page(vma, start, page);
                if (ret < 0)
-                       goto done;
+                       goto out;
                start += PAGE_SIZE;
                addr += PAGE_SIZE;
                size -= PAGE_SIZE;
@@ -1304,7 +1323,7 @@ static int dev_mmap(struct file *file, struct vm_area_struct *vma)
        }
 #endif
        ret = 0;
-done:
+out:
        mutex_unlock(&gspca_dev->queue_lock);
        return ret;
 }
@@ -1356,10 +1375,14 @@ static int gspca_frame_wait(struct gspca_dev *gspca_dev,
 
        /* wait till a frame is ready */
        for (;;) {
-               ret = wait_event_interruptible(gspca_dev->wq,
-                                       atomic_read(&gspca_dev->nevent) > 0);
-               if (ret != 0)
-                       return ret;
+               ret = wait_event_interruptible_timeout(gspca_dev->wq,
+                                       atomic_read(&gspca_dev->nevent) > 0,
+                                       msecs_to_jiffies(3000));
+               if (ret <= 0) {
+                       if (ret < 0)
+                               return ret;
+                       return -EIO;
+               }
                if (!gspca_dev->streaming || !gspca_dev->present)
                        return -EIO;
                i = gspca_dev->fr_o;
@@ -1402,6 +1425,10 @@ static int vidioc_dqbuf(struct file *file, void *priv,
                return -EINVAL;
        if (!gspca_dev->streaming)
                return -EINVAL;
+       if (gspca_dev->capt_file != file) {
+               ret = -EINVAL;
+               goto out;
+       }
 
        /* only one read */
        if (mutex_lock_interruptible(&gspca_dev->read_lock))
@@ -1409,14 +1436,14 @@ static int vidioc_dqbuf(struct file *file, void *priv,
 
        ret = gspca_frame_wait(gspca_dev, file->f_flags & O_NONBLOCK);
        if (ret < 0)
-               goto done;
+               goto out;
        i = ret;                                /* frame index */
        frame = &gspca_dev->frame[i];
        frame->v4l2_buf.flags &= ~V4L2_BUF_FLAG_DONE;
        memcpy(v4l2_buf, &frame->v4l2_buf, sizeof *v4l2_buf);
        PDEBUG(D_FRAM, "dqbuf %d", i);
        ret = 0;
-done:
+out:
        mutex_unlock(&gspca_dev->read_lock);
        return ret;
 }
@@ -1450,6 +1477,8 @@ static int vidioc_qbuf(struct file *file, void *priv,
                PDEBUG(D_STREAM, "qbuf bad memory type");
                return -EINVAL;
        }
+       if (gspca_dev->capt_file != file)
+               return -EINVAL;
 
        if (mutex_lock_interruptible(&gspca_dev->queue_lock))
                return -ERESTARTSYS;
@@ -1524,7 +1553,9 @@ static ssize_t dev_read(struct file *file, char __user *data,
                                return ret;
                        }
                }
-       }
+       } else if (gspca_dev->capt_file != file)
+               return -EINVAL;
+
        if (!gspca_dev->streaming) {
                ret = vidioc_streamon(file, gspca_dev,
                                        V4L2_BUF_TYPE_VIDEO_CAPTURE);
@@ -1719,7 +1750,7 @@ EXPORT_SYMBOL(gspca_dev_probe);
  */
 void gspca_disconnect(struct usb_interface *intf)
 {
-       struct gspca_dev *gspca_dev  = usb_get_intfdata(intf);
+       struct gspca_dev *gspca_dev = usb_get_intfdata(intf);
 
        if (!gspca_dev)
                return;
index 3bfb364..c2618c0 100644 (file)
@@ -108,11 +108,6 @@ struct sd_desc {
        cam_qmnu_op querymenu;
 };
 
-struct gspca_pktbuf {
-       char *data;
-       struct urb *urb;
-};
-
 /* packet types when moving from iso buf to frame buf */
 #define DISCARD_PACKET 0
 #define FIRST_PACKET   1
@@ -121,19 +116,20 @@ struct gspca_pktbuf {
 
 struct gspca_frame {
        unsigned char *data;            /* frame buffer */
-       unsigned char *data_end;        /* current end of frame while filling */
+       unsigned char *data_end;        /* end of frame while filling */
        int vma_use_count;
        struct v4l2_buffer v4l2_buf;
 };
 
 struct gspca_dev {
-       struct video_device vdev;               /* !! must be the first item */
+       struct video_device vdev;       /* !! must be the first item */
        struct usb_device *dev;
+       struct file *capt_file;         /* file doing video capture */
 
        struct cam cam;                         /* device information */
        const struct sd_desc *sd_desc;          /* subdriver description */
 
-       struct gspca_pktbuf pktbuf[NURBS];
+       struct urb *urb[NURBS];
 
        __u8 *frbuf;                            /* buffer for nframes */
        struct gspca_frame frame[GSPCA_MAX_FRAMES];
@@ -147,7 +143,7 @@ struct gspca_dev {
 
        __u8 iface;                     /* USB interface number */
        __u8 alt;                       /* USB alternate setting */
-       char curr_mode;                 /* current camera mode */
+       unsigned char curr_mode;        /* current camera mode */
        __u32 pixfmt;                   /* current mode parameters */
        short width;
        short height;
@@ -158,7 +154,7 @@ struct gspca_dev {
        struct mutex read_lock;         /* read protection */
        struct mutex queue_lock;        /* ISOC queue protection */
        __u32 sequence;                 /* frame sequence number */
-       signed char streaming;
+       char streaming;
        char users;                     /* # open */
        char present;                   /* device connected */
        char nbufread;                  /* number of buffers for read() */
index ac16c73..57d48f5 100644 (file)
@@ -27,8 +27,8 @@
 
 #include "gspca.h"
 
-#define DRIVER_VERSION_NUMBER  KERNEL_VERSION(0, 0, 30)
-static const char version[] = "0.0.30";
+#define DRIVER_VERSION_NUMBER  KERNEL_VERSION(0, 1, 1)
+static const char version[] = "0.1.1";
 
 MODULE_AUTHOR("Hans de Goede <j.w.r.degoede@hhs.nl>");
 MODULE_DESCRIPTION("Pixart PAC207");
@@ -251,6 +251,7 @@ int pac207_read_reg(struct gspca_dev *gspca_dev, u16 index)
 static int sd_config(struct gspca_dev *gspca_dev,
                        const struct usb_device_id *id)
 {
+       struct sd *sd = (struct sd *) gspca_dev;
        struct cam *cam;
        u8 idreg[2];
 
@@ -282,6 +283,9 @@ static int sd_config(struct gspca_dev *gspca_dev,
        cam->epaddr = 0x05;
        cam->cam_mode = sif_mode;
        cam->nmodes = ARRAY_SIZE(sif_mode);
+       sd->brightness = PAC207_BRIGHTNESS_DEFAULT;
+       sd->exposure = PAC207_EXPOSURE_DEFAULT;
+       sd->gain = PAC207_GAIN_DEFAULT;
 
        return 0;
 }
@@ -291,9 +295,6 @@ static int sd_open(struct gspca_dev *gspca_dev)
 {
        struct sd *sd = (struct sd *) gspca_dev;
 
-       sd->brightness = PAC207_BRIGHTNESS_DEFAULT;
-       sd->exposure = PAC207_EXPOSURE_DEFAULT;
-       sd->gain = PAC207_GAIN_DEFAULT;
        sd->autogain = 1;
 
        return 0;
index 8fd4ff0..2e4cf64 100644 (file)
@@ -24,8 +24,8 @@
 #include "gspca.h"
 #include "jpeg.h"
 
-#define DRIVER_VERSION_NUMBER  KERNEL_VERSION(0, 0, 22)
-static const char version[] = "0.0.22";
+#define DRIVER_VERSION_NUMBER  KERNEL_VERSION(0, 1, 0)
+static const char version[] = "0.1.0";
 
 MODULE_AUTHOR("Jean-Francois Moine <http://moinejf.free.fr>");
 MODULE_DESCRIPTION("Syntek DV4000 (STK014) USB Camera Driver");
@@ -390,6 +390,7 @@ static void sd_pkt_scan(struct gspca_dev *gspca_dev,
                        int len)                        /* iso packet length */
 {
        int l;
+       static unsigned char ffd9[] = {0xff, 0xd9};
 
        /* a frame starts with:
         *      - 0xff 0xfe
@@ -445,7 +446,7 @@ static void sd_pkt_scan(struct gspca_dev *gspca_dev,
        if (len > frame->v4l2_buf.bytesused - 2 - l)
                len = frame->v4l2_buf.bytesused - 2 - l;
        gspca_frame_add(gspca_dev, INTER_PACKET, frame, data, len);
-       gspca_frame_add(gspca_dev, LAST_PACKET, frame, "\xff\xd9", 2);
+       gspca_frame_add(gspca_dev, LAST_PACKET, frame, ffd9, 2);
 }
 
 static int sd_setbrightness(struct gspca_dev *gspca_dev, __s32 val)