diff options
author | Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com> | 2008-11-06 15:53:37 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-11-06 18:41:19 -0500 |
commit | a684e7d33096892093456dd56a582cfc3bfad648 (patch) | |
tree | 25f1225b14a1e4f5abca7565203e6410e0de34cc | |
parent | a70dcb969f64e2fa98c24f47854f20bf02ff0092 (diff) |
fbdev: fix fb_compat_ioctl() deadlocks
commit 3e680aae4e53ab54cdbb0c29257dae0cbb158e1c ("fb: convert
lock/unlock_kernel() into local fb mutex") introduced several deadlocks
in the fb_compat_ioctl() path, as mutex_lock() doesn't allow recursion,
unlike lock_kernel(). This broke frame buffer applications on 64-bit
systems with a 32-bit userland.
commit 120a37470c2831fea49fdebaceb5a7039f700ce6 ("framebuffer compat_ioctl
deadlock") fixed one of the deadlocks.
This patch fixes the remaining deadlocks:
- Revert commit 120a37470c2831fea49fdebaceb5a7039f700ce6,
- Extract the core logic of fb_ioctl() into a new function do_fb_ioctl(),
- Change all callsites of fb_ioctl() where info->lock is already held to
call do_fb_ioctl() instead,
- Add sparse annotations to all routines that take info->lock.
Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Cc: Mikulas Patocka <mpatocka@redhat.com>
Cc: Krzysztof Helt <krzysztof.h1@wp.pl>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | drivers/video/fbmem.c | 63 |
1 files changed, 39 insertions, 24 deletions
diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c index 6048b55f2878..1d5ae39cb271 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c | |||
@@ -1002,13 +1002,9 @@ fb_blank(struct fb_info *info, int blank) | |||
1002 | return ret; | 1002 | return ret; |
1003 | } | 1003 | } |
1004 | 1004 | ||
1005 | static long | 1005 | static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, |
1006 | fb_ioctl(struct file *file, unsigned int cmd, | 1006 | unsigned long arg) |
1007 | unsigned long arg) | ||
1008 | { | 1007 | { |
1009 | struct inode *inode = file->f_path.dentry->d_inode; | ||
1010 | int fbidx = iminor(inode); | ||
1011 | struct fb_info *info; | ||
1012 | struct fb_ops *fb; | 1008 | struct fb_ops *fb; |
1013 | struct fb_var_screeninfo var; | 1009 | struct fb_var_screeninfo var; |
1014 | struct fb_fix_screeninfo fix; | 1010 | struct fb_fix_screeninfo fix; |
@@ -1018,14 +1014,10 @@ fb_ioctl(struct file *file, unsigned int cmd, | |||
1018 | void __user *argp = (void __user *)arg; | 1014 | void __user *argp = (void __user *)arg; |
1019 | long ret = 0; | 1015 | long ret = 0; |
1020 | 1016 | ||
1021 | info = registered_fb[fbidx]; | ||
1022 | mutex_lock(&info->lock); | ||
1023 | fb = info->fbops; | 1017 | fb = info->fbops; |
1024 | 1018 | if (!fb) | |
1025 | if (!fb) { | ||
1026 | mutex_unlock(&info->lock); | ||
1027 | return -ENODEV; | 1019 | return -ENODEV; |
1028 | } | 1020 | |
1029 | switch (cmd) { | 1021 | switch (cmd) { |
1030 | case FBIOGET_VSCREENINFO: | 1022 | case FBIOGET_VSCREENINFO: |
1031 | ret = copy_to_user(argp, &info->var, | 1023 | ret = copy_to_user(argp, &info->var, |
@@ -1126,6 +1118,21 @@ fb_ioctl(struct file *file, unsigned int cmd, | |||
1126 | else | 1118 | else |
1127 | ret = fb->fb_ioctl(info, cmd, arg); | 1119 | ret = fb->fb_ioctl(info, cmd, arg); |
1128 | } | 1120 | } |
1121 | return ret; | ||
1122 | } | ||
1123 | |||
1124 | static long fb_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | ||
1125 | __acquires(&info->lock) | ||
1126 | __releases(&info->lock) | ||
1127 | { | ||
1128 | struct inode *inode = file->f_path.dentry->d_inode; | ||
1129 | int fbidx = iminor(inode); | ||
1130 | struct fb_info *info; | ||
1131 | long ret; | ||
1132 | |||
1133 | info = registered_fb[fbidx]; | ||
1134 | mutex_lock(&info->lock); | ||
1135 | ret = do_fb_ioctl(info, cmd, arg); | ||
1129 | mutex_unlock(&info->lock); | 1136 | mutex_unlock(&info->lock); |
1130 | return ret; | 1137 | return ret; |
1131 | } | 1138 | } |
@@ -1157,8 +1164,8 @@ struct fb_cmap32 { | |||
1157 | compat_caddr_t transp; | 1164 | compat_caddr_t transp; |
1158 | }; | 1165 | }; |
1159 | 1166 | ||
1160 | static int fb_getput_cmap(struct inode *inode, struct file *file, | 1167 | static int fb_getput_cmap(struct fb_info *info, unsigned int cmd, |
1161 | unsigned int cmd, unsigned long arg) | 1168 | unsigned long arg) |
1162 | { | 1169 | { |
1163 | struct fb_cmap_user __user *cmap; | 1170 | struct fb_cmap_user __user *cmap; |
1164 | struct fb_cmap32 __user *cmap32; | 1171 | struct fb_cmap32 __user *cmap32; |
@@ -1181,7 +1188,7 @@ static int fb_getput_cmap(struct inode *inode, struct file *file, | |||
1181 | put_user(compat_ptr(data), &cmap->transp)) | 1188 | put_user(compat_ptr(data), &cmap->transp)) |
1182 | return -EFAULT; | 1189 | return -EFAULT; |
1183 | 1190 | ||
1184 | err = fb_ioctl(file, cmd, (unsigned long) cmap); | 1191 | err = do_fb_ioctl(info, cmd, (unsigned long) cmap); |
1185 | 1192 | ||
1186 | if (!err) { | 1193 | if (!err) { |
1187 | if (copy_in_user(&cmap32->start, | 1194 | if (copy_in_user(&cmap32->start, |
@@ -1223,8 +1230,8 @@ static int do_fscreeninfo_to_user(struct fb_fix_screeninfo *fix, | |||
1223 | return err; | 1230 | return err; |
1224 | } | 1231 | } |
1225 | 1232 | ||
1226 | static int fb_get_fscreeninfo(struct inode *inode, struct file *file, | 1233 | static int fb_get_fscreeninfo(struct fb_info *info, unsigned int cmd, |
1227 | unsigned int cmd, unsigned long arg) | 1234 | unsigned long arg) |
1228 | { | 1235 | { |
1229 | mm_segment_t old_fs; | 1236 | mm_segment_t old_fs; |
1230 | struct fb_fix_screeninfo fix; | 1237 | struct fb_fix_screeninfo fix; |
@@ -1235,7 +1242,7 @@ static int fb_get_fscreeninfo(struct inode *inode, struct file *file, | |||
1235 | 1242 | ||
1236 | old_fs = get_fs(); | 1243 | old_fs = get_fs(); |
1237 | set_fs(KERNEL_DS); | 1244 | set_fs(KERNEL_DS); |
1238 | err = fb_ioctl(file, cmd, (unsigned long) &fix); | 1245 | err = do_fb_ioctl(info, cmd, (unsigned long) &fix); |
1239 | set_fs(old_fs); | 1246 | set_fs(old_fs); |
1240 | 1247 | ||
1241 | if (!err) | 1248 | if (!err) |
@@ -1244,8 +1251,10 @@ static int fb_get_fscreeninfo(struct inode *inode, struct file *file, | |||
1244 | return err; | 1251 | return err; |
1245 | } | 1252 | } |
1246 | 1253 | ||
1247 | static long | 1254 | static long fb_compat_ioctl(struct file *file, unsigned int cmd, |
1248 | fb_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | 1255 | unsigned long arg) |
1256 | __acquires(&info->lock) | ||
1257 | __releases(&info->lock) | ||
1249 | { | 1258 | { |
1250 | struct inode *inode = file->f_path.dentry->d_inode; | 1259 | struct inode *inode = file->f_path.dentry->d_inode; |
1251 | int fbidx = iminor(inode); | 1260 | int fbidx = iminor(inode); |
@@ -1262,16 +1271,16 @@ fb_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | |||
1262 | case FBIOPUT_CON2FBMAP: | 1271 | case FBIOPUT_CON2FBMAP: |
1263 | arg = (unsigned long) compat_ptr(arg); | 1272 | arg = (unsigned long) compat_ptr(arg); |
1264 | case FBIOBLANK: | 1273 | case FBIOBLANK: |
1265 | mutex_unlock(&info->lock); | 1274 | ret = do_fb_ioctl(info, cmd, arg); |
1266 | return fb_ioctl(file, cmd, arg); | 1275 | break; |
1267 | 1276 | ||
1268 | case FBIOGET_FSCREENINFO: | 1277 | case FBIOGET_FSCREENINFO: |
1269 | ret = fb_get_fscreeninfo(inode, file, cmd, arg); | 1278 | ret = fb_get_fscreeninfo(info, cmd, arg); |
1270 | break; | 1279 | break; |
1271 | 1280 | ||
1272 | case FBIOGETCMAP: | 1281 | case FBIOGETCMAP: |
1273 | case FBIOPUTCMAP: | 1282 | case FBIOPUTCMAP: |
1274 | ret = fb_getput_cmap(inode, file, cmd, arg); | 1283 | ret = fb_getput_cmap(info, cmd, arg); |
1275 | break; | 1284 | break; |
1276 | 1285 | ||
1277 | default: | 1286 | default: |
@@ -1286,6 +1295,8 @@ fb_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | |||
1286 | 1295 | ||
1287 | static int | 1296 | static int |
1288 | fb_mmap(struct file *file, struct vm_area_struct * vma) | 1297 | fb_mmap(struct file *file, struct vm_area_struct * vma) |
1298 | __acquires(&info->lock) | ||
1299 | __releases(&info->lock) | ||
1289 | { | 1300 | { |
1290 | int fbidx = iminor(file->f_path.dentry->d_inode); | 1301 | int fbidx = iminor(file->f_path.dentry->d_inode); |
1291 | struct fb_info *info = registered_fb[fbidx]; | 1302 | struct fb_info *info = registered_fb[fbidx]; |
@@ -1339,6 +1350,8 @@ fb_mmap(struct file *file, struct vm_area_struct * vma) | |||
1339 | 1350 | ||
1340 | static int | 1351 | static int |
1341 | fb_open(struct inode *inode, struct file *file) | 1352 | fb_open(struct inode *inode, struct file *file) |
1353 | __acquires(&info->lock) | ||
1354 | __releases(&info->lock) | ||
1342 | { | 1355 | { |
1343 | int fbidx = iminor(inode); | 1356 | int fbidx = iminor(inode); |
1344 | struct fb_info *info; | 1357 | struct fb_info *info; |
@@ -1374,6 +1387,8 @@ out: | |||
1374 | 1387 | ||
1375 | static int | 1388 | static int |
1376 | fb_release(struct inode *inode, struct file *file) | 1389 | fb_release(struct inode *inode, struct file *file) |
1390 | __acquires(&info->lock) | ||
1391 | __releases(&info->lock) | ||
1377 | { | 1392 | { |
1378 | struct fb_info * const info = file->private_data; | 1393 | struct fb_info * const info = file->private_data; |
1379 | 1394 | ||