From 581214d3de99e3c0d7fef628dcdc455cbdc93a1d Mon Sep 17 00:00:00 2001 From: Dafna Hirschfeld Date: Sat, 15 Aug 2020 12:37:24 +0200 Subject: [PATCH] media: staging: rkisp1: params: don't release lock in isr before buffer is done In the irq handler 'rkisp1_params_isr', the lock 'config_lock' should be held as long as the current buffer is used. Otherwise the stop_streaming calback might remove it from the list and pass it to userspace while it is referenced in the irq handler. Signed-off-by: Dafna Hirschfeld Acked-by: Helen Koike Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab --- drivers/staging/media/rkisp1/rkisp1-params.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/staging/media/rkisp1/rkisp1-params.c b/drivers/staging/media/rkisp1/rkisp1-params.c index fcd1641..3ca2afc 100644 --- a/drivers/staging/media/rkisp1/rkisp1-params.c +++ b/drivers/staging/media/rkisp1/rkisp1-params.c @@ -1202,10 +1202,11 @@ void rkisp1_params_isr(struct rkisp1_device *rkisp1) if (!list_empty(¶ms->params)) cur_buf = list_first_entry(¶ms->params, struct rkisp1_buffer, queue); - spin_unlock(¶ms->config_lock); - if (!cur_buf) + if (!cur_buf) { + spin_unlock(¶ms->config_lock); return; + } new_params = (struct rkisp1_params_cfg *)(cur_buf->vaddr); @@ -1215,12 +1216,11 @@ void rkisp1_params_isr(struct rkisp1_device *rkisp1) /* update shadow register immediately */ rkisp1_param_set_bits(params, RKISP1_CIF_ISP_CTRL, RKISP1_CIF_ISP_CTRL_ISP_CFG_UPD); - spin_lock(¶ms->config_lock); list_del(&cur_buf->queue); - spin_unlock(¶ms->config_lock); cur_buf->vb.sequence = frame_sequence; vb2_buffer_done(&cur_buf->vb.vb2_buf, VB2_BUF_STATE_DONE); + spin_unlock(¶ms->config_lock); } static const struct rkisp1_cif_isp_awb_meas_config rkisp1_awb_params_default_config = { -- 2.7.4