authorAlexey Khoroshilov <khoroshilov@ispras.ru>2013-11-09 18:28:43 -0300
committerMauro Carvalho Chehab <m.chehab@samsung.com>2013-11-29 12:18:25 -0200
commit6633327d59067fe16128d66968cd50a10ca7a09c (patch)
parent858559a29258a30d9f4839286b4aca6ab8c5c8d6 (diff)
[media] dvb_demux: fix deadlock in dmx_section_feed_release_filter()
dmx_section_feed_release_filter() locks dvbdmx->mutex and if the feed is still filtering, it calls feed->stop_filtering(feed). stop_filtering() is implemented by dmx_section_feed_stop_filtering() that first of all try to lock the same mutex: dvbdmx->mutex. That leads to a deadlock. It does not happen often in practice because all callers of release_filter() stop filtering by themselves. So the problem can happen in case of race condition only. The patch releases dvbdmx->mutex before call to feed->stop_filtering(feed) and reacquires the mutex after that. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
1 files changed, 6 insertions, 1 deletions
diff --git a/drivers/media/dvb-core/dvb_demux.c b/drivers/media/dvb-core/dvb_demux.c
index 58de441..25f3c64 100644
--- a/drivers/media/dvb-core/dvb_demux.c
+++ b/drivers/media/dvb-core/dvb_demux.c
@@ -1032,8 +1032,13 @@ static int dmx_section_feed_release_filter(struct dmx_section_feed *feed,
return -EINVAL;
- if (feed->is_filtering)
+ if (feed->is_filtering) {
+ /* release dvbdmx->mutex as far as
+ it is acquired by stop_filtering() itself */
+ mutex_unlock(&dvbdmx->mutex);
+ mutex_lock(&dvbdmx->mutex);
+ }
f = dvbdmxfeed->filter;