aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorStefan Richter <stefanr@s5r6.in-berlin.de>2008-10-26 07:02:03 -0400
committerStefan Richter <stefanr@s5r6.in-berlin.de>2008-10-31 03:48:26 -0400
commit8449fc3ae58bf8ee5acbd2280754cde67b5db128 (patch)
tree01c632f8b1adf31f937a67f1e2d000053eea1f1a /drivers
parent638570b54346f140bc09b986d93e76025d35180f (diff)
ieee1394: dv1394: fix possible deadlock in multithreaded clients
Fix a possible though highly unlikely deadlock: Thread A: Thread B: - acquire mmap_sem - dv1394_ioctl/read/write() - dv1394_mmap() - acquire video->mtx - acquire video->mtx - copy_to/from_user(), possible page fault: acquire mmap_sem The simplest fix is to use mutex_trylock() instead of mutex_lock() in dv1394_mmap(). This changes the behavior under contention in a way which is visible to userspace clients. However, my guess is that no clients exist which use mmap vs. ioctl/read/write on the dv1394 character device file interface in concurrent threads. Reported-by: Johannes Weiner <hannes@saeurebad.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/ieee1394/dv1394.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/drivers/ieee1394/dv1394.c b/drivers/ieee1394/dv1394.c
index df70f51279d8..53329972c7db 100644
--- a/drivers/ieee1394/dv1394.c
+++ b/drivers/ieee1394/dv1394.c
@@ -1270,8 +1270,14 @@ static int dv1394_mmap(struct file *file, struct vm_area_struct *vma)
1270 struct video_card *video = file_to_video_card(file); 1270 struct video_card *video = file_to_video_card(file);
1271 int retval = -EINVAL; 1271 int retval = -EINVAL;
1272 1272
1273 /* serialize mmap */ 1273 /*
1274 mutex_lock(&video->mtx); 1274 * We cannot use the blocking variant mutex_lock here because .mmap
1275 * is called with mmap_sem held, while .ioctl, .read, .write acquire
1276 * video->mtx and subsequently call copy_to/from_user which will
1277 * grab mmap_sem in case of a page fault.
1278 */
1279 if (!mutex_trylock(&video->mtx))
1280 return -EAGAIN;
1275 1281
1276 if ( ! video_card_initialized(video) ) { 1282 if ( ! video_card_initialized(video) ) {
1277 retval = do_dv1394_init_default(video); 1283 retval = do_dv1394_init_default(video);