On Thu Oct 23 16:26:34 2025 +0200, Marek Szyprowski wrote:
> vb2_ioctl_remove_bufs() call manipulates queue internal buffer list,
> potentially overwriting some pointers used by the legacy fileio access
> mode. Forbid that ioctl when fileio is active to protect internal queue
> state between subsequent read/write calls.
>
> CC: [email protected]
> Fixes: a3293a85381e ("media: v4l2: Add REMOVE_BUFS ioctl")
> Reported-by: Shuangpeng Bai <[email protected]>
> Closes:
> https://lore.kernel.org/linux-media/[email protected]/
> Signed-off-by: Marek Szyprowski <[email protected]>
> Signed-off-by: Hans Verkuil <[email protected]>
Patch committed.
Thanks,
Hans Verkuil
drivers/media/common/videobuf2/videobuf2-v4l2.c | 5 +++++
1 file changed, 5 insertions(+)
---
diff --git a/drivers/media/common/videobuf2/videobuf2-v4l2.c
b/drivers/media/common/videobuf2/videobuf2-v4l2.c
index d911021c1bb0..83862d57b126 100644
--- a/drivers/media/common/videobuf2/videobuf2-v4l2.c
+++ b/drivers/media/common/videobuf2/videobuf2-v4l2.c
@@ -1010,6 +1010,11 @@ int vb2_ioctl_remove_bufs(struct file *file, void *priv,
if (vb2_queue_is_busy(vdev->queue, file))
return -EBUSY;
+ if (vb2_fileio_is_active(vdev->queue)) {
+ dprintk(vdev->queue, 1, "file io in progress\n");
+ return -EBUSY;
+ }
+
return vb2_core_remove_bufs(vdev->queue, d->index, d->count);
}
EXPORT_SYMBOL_GPL(vb2_ioctl_remove_bufs);
_______________________________________________
linuxtv-commits mailing list -- [email protected]
To unsubscribe send an email to [email protected]
