V4L/DVB: gspca - main: Don't use the frame buffer flags
This patch fixes possible race conditions in queue management with SMP:
when a frame was completed, the irq function tried to use the next frame
buffer. At this time, it was possible that the application on an other
processor updated the frame pointer, making the image to point to a bad
buffer.
The patch contains two main changes:
- the image transfer uses the queue indexes which are protected against
simultaneous memory access,
- the image pointer which is used for image concatenation is only set at
interrupt level.
Some subdrivers which used the image pointer have been updated.
Reported-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jean-François Moine <moinejf@free.fr>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
diff --git a/drivers/media/video/gspca/pac7311.c b/drivers/media/video/gspca/pac7311.c
index 5568c41..1cb7e99e 100644
--- a/drivers/media/video/gspca/pac7311.c
+++ b/drivers/media/video/gspca/pac7311.c
@@ -630,12 +630,6 @@
if (sof) {
int n, lum_offset, footer_length;
- image = gspca_dev->image;
- if (image == NULL) {
- gspca_dev->last_packet_type = DISCARD_PACKET;
- return;
- }
-
/* 6 bytes after the FF D9 EOF marker a number of lumination
bytes are send corresponding to different parts of the
image, the 14th and 15th byte after the EOF seem to
@@ -651,7 +645,8 @@
} else {
gspca_frame_add(gspca_dev, INTER_PACKET, data, n);
}
- if (gspca_dev->last_packet_type != DISCARD_PACKET
+ image = gspca_dev->image;
+ if (image != NULL
&& image[gspca_dev->image_len - 2] == 0xff
&& image[gspca_dev->image_len - 1] == 0xd9)
gspca_frame_add(gspca_dev, LAST_PACKET, NULL, 0);