From c505790256a9a45a90fb482dfd5f01ce0446e81a Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab Date: Tue, 2 Jan 2007 01:14:37 -0200 Subject: From: Mauro Carvalho Chehab vivi.c uses the KM_BOUNCE_READ with local interrupts enabled. This means that if a disk interrupt occurs while vivi.c is using this fixmap slot, the vivi.c driver will, upon return from that interrupt, find that the fixmap slot now points at a different physical page. The net result will probably be rare corruption of disk file contents, because viv.c will now be altering the page which the disk code was recently using. Thanks to Andrew Morton for pointing this. Signed-off-by: Mauro Carvalho Chehab --- linux/drivers/media/video/vivi.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'linux/drivers/media/video/vivi.c') diff --git a/linux/drivers/media/video/vivi.c b/linux/drivers/media/video/vivi.c index 5370538bc..e6f7d0fe1 100644 --- a/linux/drivers/media/video/vivi.c +++ b/linux/drivers/media/video/vivi.c @@ -279,10 +279,15 @@ static void gen_line(struct sg_to_addr to_addr[],int inipos,int pages,int wmax, char *p,*s,*basep; struct page *pg; u8 chr,r,g,b,color; + unsigned long flags; + spinlock_t spinlock; + + spin_lock_init(&spinlock); /* Get first addr pointed to pixel position */ oldpg=get_addr_pos(pos,pages,to_addr); pg=pfn_to_page(sg_dma_address(to_addr[oldpg].sg) >> PAGE_SHIFT); + spin_lock_irqsave(&spinlock,flags); basep = kmap_atomic(pg, KM_BOUNCE_READ)+to_addr[oldpg].sg->offset; /* We will just duplicate the second pixel at the packet */ @@ -397,6 +402,8 @@ static void gen_line(struct sg_to_addr to_addr[],int inipos,int pages,int wmax, end: kunmap_atomic(basep, KM_BOUNCE_READ); + spin_unlock_irqrestore(&spinlock,flags); + } static void vivi_fillbuff(struct vivi_dev *dev,struct vivi_buffer *buf) { -- cgit v1.2.3