media: vivid: fix the racy dev->radio_tx_rds_owner
There is a race over dev->radio_tx_rds_owner between the two functions
mentioned below:
Thread-1 Thread-2
vivid_fop_release() vivid_radio_rx_read()
mutex_unlock(&dev->mutex)
mutex_lock_interruptible(&dev->mutex)
...
dev->radio_rx_rds_owner = file->private_data;
...
if (file->private_data == dev->radio_rx_rds_owner) {
dev->radio_tx_rds_last_block = 0;
dev->radio_tx_rds_owner = NULL;
}
This race can be fixed by only releasing the lock after vivid_fop_release()
finishes the checks.
Signed-off-by: Sishuai Gong <sishuai.system@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
projects / linux.git / commit