From: Hans Verkuil Date: Tue, 3 Mar 2015 11:23:59 +0000 (-0300) Subject: [media] vb2: check if vb2_fop_write/read is allowed X-Git-Tag: firefly_0821_release~176^2~795^2~1244 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=ff05cb4b81d81e997476dc6d2c18e884389b5196;p=firefly-linux-kernel-4.4.55.git [media] vb2: check if vb2_fop_write/read is allowed Return -EINVAL if read() or write() is not supported by the queue. This makes it possible to provide both vb2_fop_read and vb2_fop_write in a struct v4l2_file_operations since the vb2_fop_* function will check if the file operation is allowed. A similar check exists in __vb2_init_fileio() which is called from __vb2_perform_fileio(), but that check is only done if no file I/O is active. So the sequence of read() followed by write() would be allowed, which is obviously a bug. In addition, vb2_fop_write/read should always return -EINVAL if the operation is not allowed, and by putting the check in the lower levels of the code it is possible that other error codes are returned (EBUSY or ERESTARTSYS). All these issues are avoided by just doing a quick explicit check. Signed-off-by: Hans Verkuil Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab --- diff --git a/drivers/media/v4l2-core/videobuf2-core.c b/drivers/media/v4l2-core/videobuf2-core.c index bc08a829bc13..167c1d93bd4c 100644 --- a/drivers/media/v4l2-core/videobuf2-core.c +++ b/drivers/media/v4l2-core/videobuf2-core.c @@ -3416,6 +3416,8 @@ ssize_t vb2_fop_write(struct file *file, const char __user *buf, struct mutex *lock = vdev->queue->lock ? vdev->queue->lock : vdev->lock; int err = -EBUSY; + if (!(vdev->queue->io_modes & VB2_WRITE)) + return -EINVAL; if (lock && mutex_lock_interruptible(lock)) return -ERESTARTSYS; if (vb2_queue_is_busy(vdev, file)) @@ -3438,6 +3440,8 @@ ssize_t vb2_fop_read(struct file *file, char __user *buf, struct mutex *lock = vdev->queue->lock ? vdev->queue->lock : vdev->lock; int err = -EBUSY; + if (!(vdev->queue->io_modes & VB2_READ)) + return -EINVAL; if (lock && mutex_lock_interruptible(lock)) return -ERESTARTSYS; if (vb2_queue_is_busy(vdev, file))