diff options
author | Stefan Richter <stefanr@s5r6.in-berlin.de> | 2008-10-26 07:02:03 -0400 |
---|---|---|
committer | Stefan Richter <stefanr@s5r6.in-berlin.de> | 2008-10-31 03:48:26 -0400 |
commit | 8449fc3ae58bf8ee5acbd2280754cde67b5db128 (patch) | |
tree | 01c632f8b1adf31f937a67f1e2d000053eea1f1a | |
parent | 638570b54346f140bc09b986d93e76025d35180f (diff) |
ieee1394: dv1394: fix possible deadlock in multithreaded clients
Fix a possible though highly unlikely deadlock:
Thread A: Thread B:
- acquire mmap_sem - dv1394_ioctl/read/write()
- dv1394_mmap() - acquire video->mtx
- acquire video->mtx - copy_to/from_user(), possible page fault:
acquire mmap_sem
The simplest fix is to use mutex_trylock() instead of mutex_lock() in
dv1394_mmap(). This changes the behavior under contention in a way
which is visible to userspace clients. However, my guess is that no
clients exist which use mmap vs. ioctl/read/write on the dv1394
character device file interface in concurrent threads.
Reported-by: Johannes Weiner <hannes@saeurebad.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
-rw-r--r-- | drivers/ieee1394/dv1394.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/drivers/ieee1394/dv1394.c b/drivers/ieee1394/dv1394.c index df70f51279d8..53329972c7db 100644 --- a/drivers/ieee1394/dv1394.c +++ b/drivers/ieee1394/dv1394.c | |||
@@ -1270,8 +1270,14 @@ static int dv1394_mmap(struct file *file, struct vm_area_struct *vma) | |||
1270 | struct video_card *video = file_to_video_card(file); | 1270 | struct video_card *video = file_to_video_card(file); |
1271 | int retval = -EINVAL; | 1271 | int retval = -EINVAL; |
1272 | 1272 | ||
1273 | /* serialize mmap */ | 1273 | /* |
1274 | mutex_lock(&video->mtx); | 1274 | * We cannot use the blocking variant mutex_lock here because .mmap |
1275 | * is called with mmap_sem held, while .ioctl, .read, .write acquire | ||
1276 | * video->mtx and subsequently call copy_to/from_user which will | ||
1277 | * grab mmap_sem in case of a page fault. | ||
1278 | */ | ||
1279 | if (!mutex_trylock(&video->mtx)) | ||
1280 | return -EAGAIN; | ||
1275 | 1281 | ||
1276 | if ( ! video_card_initialized(video) ) { | 1282 | if ( ! video_card_initialized(video) ) { |
1277 | retval = do_dv1394_init_default(video); | 1283 | retval = do_dv1394_init_default(video); |