aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGeert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>2008-11-06 15:53:37 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2008-11-06 18:41:19 -0500
commita684e7d33096892093456dd56a582cfc3bfad648 (patch)
tree25f1225b14a1e4f5abca7565203e6410e0de34cc
parenta70dcb969f64e2fa98c24f47854f20bf02ff0092 (diff)
fbdev: fix fb_compat_ioctl() deadlocks
commit 3e680aae4e53ab54cdbb0c29257dae0cbb158e1c ("fb: convert lock/unlock_kernel() into local fb mutex") introduced several deadlocks in the fb_compat_ioctl() path, as mutex_lock() doesn't allow recursion, unlike lock_kernel(). This broke frame buffer applications on 64-bit systems with a 32-bit userland. commit 120a37470c2831fea49fdebaceb5a7039f700ce6 ("framebuffer compat_ioctl deadlock") fixed one of the deadlocks. This patch fixes the remaining deadlocks: - Revert commit 120a37470c2831fea49fdebaceb5a7039f700ce6, - Extract the core logic of fb_ioctl() into a new function do_fb_ioctl(), - Change all callsites of fb_ioctl() where info->lock is already held to call do_fb_ioctl() instead, - Add sparse annotations to all routines that take info->lock. Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com> Cc: Mikulas Patocka <mpatocka@redhat.com> Cc: Krzysztof Helt <krzysztof.h1@wp.pl> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--drivers/video/fbmem.c63
1 files changed, 39 insertions, 24 deletions
diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
index 6048b55f2878..1d5ae39cb271 100644
--- a/drivers/video/fbmem.c
+++ b/drivers/video/fbmem.c
@@ -1002,13 +1002,9 @@ fb_blank(struct fb_info *info, int blank)
1002 return ret; 1002 return ret;
1003} 1003}
1004 1004
1005static long 1005static long do_fb_ioctl(struct fb_info *info, unsigned int cmd,
1006fb_ioctl(struct file *file, unsigned int cmd, 1006 unsigned long arg)
1007 unsigned long arg)
1008{ 1007{
1009 struct inode *inode = file->f_path.dentry->d_inode;
1010 int fbidx = iminor(inode);
1011 struct fb_info *info;
1012 struct fb_ops *fb; 1008 struct fb_ops *fb;
1013 struct fb_var_screeninfo var; 1009 struct fb_var_screeninfo var;
1014 struct fb_fix_screeninfo fix; 1010 struct fb_fix_screeninfo fix;
@@ -1018,14 +1014,10 @@ fb_ioctl(struct file *file, unsigned int cmd,
1018 void __user *argp = (void __user *)arg; 1014 void __user *argp = (void __user *)arg;
1019 long ret = 0; 1015 long ret = 0;
1020 1016
1021 info = registered_fb[fbidx];
1022 mutex_lock(&info->lock);
1023 fb = info->fbops; 1017 fb = info->fbops;
1024 1018 if (!fb)
1025 if (!fb) {
1026 mutex_unlock(&info->lock);
1027 return -ENODEV; 1019 return -ENODEV;
1028 } 1020
1029 switch (cmd) { 1021 switch (cmd) {
1030 case FBIOGET_VSCREENINFO: 1022 case FBIOGET_VSCREENINFO:
1031 ret = copy_to_user(argp, &info->var, 1023 ret = copy_to_user(argp, &info->var,
@@ -1126,6 +1118,21 @@ fb_ioctl(struct file *file, unsigned int cmd,
1126 else 1118 else
1127 ret = fb->fb_ioctl(info, cmd, arg); 1119 ret = fb->fb_ioctl(info, cmd, arg);
1128 } 1120 }
1121 return ret;
1122}
1123
1124static long fb_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1125__acquires(&info->lock)
1126__releases(&info->lock)
1127{
1128 struct inode *inode = file->f_path.dentry->d_inode;
1129 int fbidx = iminor(inode);
1130 struct fb_info *info;
1131 long ret;
1132
1133 info = registered_fb[fbidx];
1134 mutex_lock(&info->lock);
1135 ret = do_fb_ioctl(info, cmd, arg);
1129 mutex_unlock(&info->lock); 1136 mutex_unlock(&info->lock);
1130 return ret; 1137 return ret;
1131} 1138}
@@ -1157,8 +1164,8 @@ struct fb_cmap32 {
1157 compat_caddr_t transp; 1164 compat_caddr_t transp;
1158}; 1165};
1159 1166
1160static int fb_getput_cmap(struct inode *inode, struct file *file, 1167static int fb_getput_cmap(struct fb_info *info, unsigned int cmd,
1161 unsigned int cmd, unsigned long arg) 1168 unsigned long arg)
1162{ 1169{
1163 struct fb_cmap_user __user *cmap; 1170 struct fb_cmap_user __user *cmap;
1164 struct fb_cmap32 __user *cmap32; 1171 struct fb_cmap32 __user *cmap32;
@@ -1181,7 +1188,7 @@ static int fb_getput_cmap(struct inode *inode, struct file *file,
1181 put_user(compat_ptr(data), &cmap->transp)) 1188 put_user(compat_ptr(data), &cmap->transp))
1182 return -EFAULT; 1189 return -EFAULT;
1183 1190
1184 err = fb_ioctl(file, cmd, (unsigned long) cmap); 1191 err = do_fb_ioctl(info, cmd, (unsigned long) cmap);
1185 1192
1186 if (!err) { 1193 if (!err) {
1187 if (copy_in_user(&cmap32->start, 1194 if (copy_in_user(&cmap32->start,
@@ -1223,8 +1230,8 @@ static int do_fscreeninfo_to_user(struct fb_fix_screeninfo *fix,
1223 return err; 1230 return err;
1224} 1231}
1225 1232
1226static int fb_get_fscreeninfo(struct inode *inode, struct file *file, 1233static int fb_get_fscreeninfo(struct fb_info *info, unsigned int cmd,
1227 unsigned int cmd, unsigned long arg) 1234 unsigned long arg)
1228{ 1235{
1229 mm_segment_t old_fs; 1236 mm_segment_t old_fs;
1230 struct fb_fix_screeninfo fix; 1237 struct fb_fix_screeninfo fix;
@@ -1235,7 +1242,7 @@ static int fb_get_fscreeninfo(struct inode *inode, struct file *file,
1235 1242
1236 old_fs = get_fs(); 1243 old_fs = get_fs();
1237 set_fs(KERNEL_DS); 1244 set_fs(KERNEL_DS);
1238 err = fb_ioctl(file, cmd, (unsigned long) &fix); 1245 err = do_fb_ioctl(info, cmd, (unsigned long) &fix);
1239 set_fs(old_fs); 1246 set_fs(old_fs);
1240 1247
1241 if (!err) 1248 if (!err)
@@ -1244,8 +1251,10 @@ static int fb_get_fscreeninfo(struct inode *inode, struct file *file,
1244 return err; 1251 return err;
1245} 1252}
1246 1253
1247static long 1254static long fb_compat_ioctl(struct file *file, unsigned int cmd,
1248fb_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1255 unsigned long arg)
1256__acquires(&info->lock)
1257__releases(&info->lock)
1249{ 1258{
1250 struct inode *inode = file->f_path.dentry->d_inode; 1259 struct inode *inode = file->f_path.dentry->d_inode;
1251 int fbidx = iminor(inode); 1260 int fbidx = iminor(inode);
@@ -1262,16 +1271,16 @@ fb_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1262 case FBIOPUT_CON2FBMAP: 1271 case FBIOPUT_CON2FBMAP:
1263 arg = (unsigned long) compat_ptr(arg); 1272 arg = (unsigned long) compat_ptr(arg);
1264 case FBIOBLANK: 1273 case FBIOBLANK:
1265 mutex_unlock(&info->lock); 1274 ret = do_fb_ioctl(info, cmd, arg);
1266 return fb_ioctl(file, cmd, arg); 1275 break;
1267 1276
1268 case FBIOGET_FSCREENINFO: 1277 case FBIOGET_FSCREENINFO:
1269 ret = fb_get_fscreeninfo(inode, file, cmd, arg); 1278 ret = fb_get_fscreeninfo(info, cmd, arg);
1270 break; 1279 break;
1271 1280
1272 case FBIOGETCMAP: 1281 case FBIOGETCMAP:
1273 case FBIOPUTCMAP: 1282 case FBIOPUTCMAP:
1274 ret = fb_getput_cmap(inode, file, cmd, arg); 1283 ret = fb_getput_cmap(info, cmd, arg);
1275 break; 1284 break;
1276 1285
1277 default: 1286 default:
@@ -1286,6 +1295,8 @@ fb_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1286 1295
1287static int 1296static int
1288fb_mmap(struct file *file, struct vm_area_struct * vma) 1297fb_mmap(struct file *file, struct vm_area_struct * vma)
1298__acquires(&info->lock)
1299__releases(&info->lock)
1289{ 1300{
1290 int fbidx = iminor(file->f_path.dentry->d_inode); 1301 int fbidx = iminor(file->f_path.dentry->d_inode);
1291 struct fb_info *info = registered_fb[fbidx]; 1302 struct fb_info *info = registered_fb[fbidx];
@@ -1339,6 +1350,8 @@ fb_mmap(struct file *file, struct vm_area_struct * vma)
1339 1350
1340static int 1351static int
1341fb_open(struct inode *inode, struct file *file) 1352fb_open(struct inode *inode, struct file *file)
1353__acquires(&info->lock)
1354__releases(&info->lock)
1342{ 1355{
1343 int fbidx = iminor(inode); 1356 int fbidx = iminor(inode);
1344 struct fb_info *info; 1357 struct fb_info *info;
@@ -1374,6 +1387,8 @@ out:
1374 1387
1375static int 1388static int
1376fb_release(struct inode *inode, struct file *file) 1389fb_release(struct inode *inode, struct file *file)
1390__acquires(&info->lock)
1391__releases(&info->lock)
1377{ 1392{
1378 struct fb_info * const info = file->private_data; 1393 struct fb_info * const info = file->private_data;
1379 1394