• Andrea Righi's avatar
    fbmem: don't call copy_from/to_user() with mutex held · 1f5e31d7
    Andrea Righi authored
    Avoid calling copy_from/to_user() with fb_info->lock mutex held in fbmem
    ioctl().
    
    fb_mmap() is called under mm->mmap_sem (A) held, that also acquires
    fb_info->lock (B); fb_ioctl() takes fb_info->lock (B) and does
    copy_from/to_user() that might acquire mm->mmap_sem (A), causing a
    deadlock.
    
    NOTE: it doesn't push down the fb_info->lock in each own driver's
    fb_ioctl(), so there are still potential deadlocks elsewhere.
    Signed-off-by: default avatarAndrea Righi <righi.andrea@gmail.com>
    Cc: Dave Jones <davej@redhat.com>
    Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
    Cc: Johannes Weiner <hannes@saeurebad.de>
    Cc: Krzysztof Helt <krzysztof.h1@wp.pl>
    Cc: Harvey Harrison <harvey.harrison@gmail.com>
    Cc: Stefan Richter <stefanr@s5r6.in-berlin.de>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    1f5e31d7
fbmem.c 41 KB