iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a9e6107616
linux/drivers
History
Hans Verkuil a9e6107616 media: cec: fix a deadlock situation 
The cec_devnode struct has a lock meant to serialize access
to the fields of this struct. This lock is taken during
device node (un)registration and when opening or releasing a
filehandle to the device node. When the last open filehandle
is closed the cec adapter might be disabled by calling the
adap_enable driver callback with the devnode.lock held.

However, if during that callback a message or event arrives
then the driver will call one of the cec_queue_event()
variants in cec-adap.c, and those will take the same devnode.lock
to walk the open filehandle list.

This obviously causes a deadlock.

This is quite easy to reproduce with the cec-gpio driver since that
uses the cec-pin framework which generated lots of events and uses
a kernel thread for the processing, so when adap_enable is called
the thread is still running and can generate events.

But I suspect that it might also happen with other drivers if an
interrupt arrives signaling e.g. a received message before adap_enable
had a chance to disable the interrupts.

This patch adds a new mutex to serialize access to the fhs list.
When adap_enable() is called the devnode.lock mutex is held, but
not devnode.lock_fhs. The event functions in cec-adap.c will now
use devnode.lock_fhs instead of devnode.lock, ensuring that it is
safe to call those functions from the adap_enable callback.

This specific issue only happens if the last open filehandle is closed
and the physical address is invalid. This is not something that
happens during normal operation, but it does happen when monitoring
CEC traffic (e.g. cec-ctl --monitor) with an unconfigured CEC adapter.

Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Cc: <stable@vger.kernel.org>  # for v5.13 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
2021-12-07 11:29:56 +01:00
..
accessibility
acpi Merge branch 'acpi-properties' 2021-11-26 19:45:31 +01:00
amba ARM: 9119/1: amba: Properly handle device probe without IRQ domain 2021-10-19 10:30:53 +01:00
android binder: fix test regression due to sender_euid change 2021-11-17 16:08:52 +01:00
ata ata: replace snprintf in show functions with sysfs_emit 2021-12-02 13:13:45 +09:00
atm
auxdisplay auxdisplay: cfag12864bfb: code indent should use tabs where possible 2021-10-22 00:13:16 +02:00
base arch_topology: Fix missing clear cluster_cpumask in remove_cpu_topology() 2021-11-11 13:09:33 +01:00
bcma pci-v5.16-changes 2021-11-06 14:36:12 -07:00
block block-5.16-2021-12-03 2021-12-04 08:38:25 -08:00
bluetooth TTY / Serial driver update for 5.16-rc1 2021-11-04 09:09:37 -07:00
bus - Config updates for BMIPS platform 2021-11-13 09:11:33 -08:00
cdrom for-5.16/cdrom-2021-10-29 2021-11-01 10:09:14 -07:00
char parisc architecture bug and warning fixes for kernel v5.16-rc4 2021-12-05 12:58:18 -08:00
clk Devicetree fixes for v5.16, take 1: 2021-11-14 11:11:51 -08:00
clocksource ARM: 2021-11-02 11:24:14 -07:00
comedi comedi: dt9812: fix DMA buffers on stack 2021-10-30 10:54:47 +02:00
connector
counter counter: Fix use-after-free race condition for events_queue_size write 2021-10-21 13:02:47 +02:00
cpufreq cpufreq: Fix a comment in cpufreq_policy_free 2021-12-01 20:02:11 +01:00
cpuidle ARM: SoC drivers for 5.16 2021-11-03 17:00:52 -07:00
crypto pci-v5.16-changes 2021-11-06 14:36:12 -07:00
cxl cxl for v5.16 2021-11-08 11:49:48 -08:00
dax
dca
devfreq Merge branches 'pm-opp' and 'pm-cpufreq' 2021-11-10 14:06:51 +01:00
dio
dma dmaengine updates for v5.16-rc1 2021-11-10 11:47:55 -08:00
dma-buf dma-buf: system_heap: Use 'for_each_sgtable_sg' in pages free flow 2021-12-01 15:30:10 +05:30
edac - amd64_edac: Add support for three-rank interleaving mode which is 2021-11-01 15:02:49 -07:00
eisa
extcon extcon: usbc-tusb320: Add support for TUSB320L 2021-10-27 14:13:39 +09:00
firewire SCSI misc on 20211105 2021-11-05 08:42:02 -07:00
firmware firmware: smccc: Fix check for ARCH_SOC_ID not implemented 2021-11-22 11:42:59 +01:00
fpga
fsi fsi: sbefifo: Use interruptible mutex locking 2021-10-22 09:54:33 +10:30
gnss
gpio gpio: rockchip: needs GENERIC_IRQ_CHIP to fix build errors 2021-11-16 09:41:44 +01:00
gpu - Fixing a regression where the backlight brightness control stopped working. 2021-12-03 05:59:31 +10:00
greybus
hid HID: multitouch: Fix Iiyama ProLite T1931SAW (0eef:0001 again!) 2021-11-19 16:00:21 +01:00
hsi HSI changes for the 5.16 series 2021-11-04 13:56:55 -07:00
hv Drivers: hv: balloon: Use VMBUS_RING_SIZE() wrapper for dm_ring_size 2021-11-15 12:35:56 +00:00
hwmon Merge branch 'akpm' (patches from Andrew) 2021-11-06 14:08:17 -07:00
hwspinlock
hwtracing coresight: trbe: Work around write to out of range 2021-10-27 11:46:01 -06:00
i2c i2c: rk3x: Handle a spurious start completion interrupt flag 2021-11-30 22:38:15 +01:00
i3c
idle
iio chrome platform changes for 5.16 2021-11-10 11:36:43 -08:00
infiniband RDMA/nldev: Check stat attribute before accessing it 2021-11-17 16:45:16 -04:00
input xen: add "not_essential" flag to struct xenbus_driver 2021-11-23 13:41:29 -06:00
interconnect
iommu iommu/vt-d: Fix unmap_pages support 2021-11-26 22:54:47 +01:00
ipack
irqchip irqchip/sifive-plic: Fixup EOI failed when masked 2021-11-12 16:09:51 +00:00
isdn mISDN: Fix return values of the probe function 2021-10-19 13:09:28 +01:00
leds
macintosh Merge branch 'akpm' (patches from Andrew) 2021-11-06 14:08:17 -07:00
mailbox mailbox: imx: support i.MX8ULP S4 MU 2021-10-29 23:03:09 -05:00
mcb
md for-5.16/drivers-2021-11-09 2021-11-09 11:24:08 -08:00
media media: cec: fix a deadlock situation 2021-12-07 11:29:56 +01:00
memory memory: mtk-smi: Fix a null dereference for the ostd 2021-11-25 14:46:00 +01:00
memstick memstick: r592: Fix a UAF bug when removing the driver 2021-10-19 13:04:42 +02:00
message pci-v5.16-changes 2021-11-06 14:36:12 -07:00
mfd chrome platform changes for 5.16 2021-11-10 11:36:43 -08:00
misc More ACPI updates for 5.16-rc1 2021-11-10 11:52:40 -08:00
mmc mmc: spi: Add device-tree SPI IDs 2021-11-23 12:32:28 +01:00
most most: fix control-message timeouts 2021-10-26 19:12:01 +02:00
mtd for-5.16/drivers-2021-11-09 2021-11-09 11:24:08 -08:00
mux mux: add support for delay after muxing 2021-10-21 20:02:42 +01:00
net Networking fixes for 5.16-rc4, including fixes from wireless, 2021-12-02 11:22:06 -08:00
nfc nfc: virtual_ncidev: change default device permissions 2021-11-26 11:14:31 -08:00
ntb
nubus
nvdimm libnvdimm for v5.16 2021-11-10 10:56:02 -08:00
nvme nvmet: use IOCB_NOWAIT only if the filesystem supports it 2021-11-25 15:02:40 +01:00
nvmem Merge 5.15-rc6 into char-misc-next 2021-10-18 09:29:27 +02:00
of Devicetree fixes for v5.16, take 1: 2021-11-14 11:11:51 -08:00
opp
parisc
parport
pci A set of fixes for the interrupt subsystem: 2021-11-14 10:38:27 -08:00
pcmcia Core: 2021-11-02 06:20:58 -07:00
perf ACPI updates for 5.16-rc1 2021-11-02 15:58:39 -07:00
phy Char/Misc driver update for 5.16-rc1 2021-11-04 08:21:47 -07:00
pinctrl pinctrl: qcom: sm8350: Correct UFS and SDC offsets 2021-11-16 02:19:15 +01:00
platform Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2021-11-24 09:44:13 -08:00
pnp
power power: supply: bq25890: Fix initial setting of the F_CONV_RATE field 2021-11-02 16:48:47 +01:00
powercap powercap: DTPM: Drop unused local variable from init_dtpm() 2021-12-03 17:51:59 +01:00
pps
ps3
ptp ptp: ocp: Fix a couple NULL vs IS_ERR() checks 2021-11-18 12:12:55 +00:00
pwm pwm: vt8500: Rename pwm_busy_wait() to make it obviously driver-specific 2021-11-05 11:57:13 +01:00
rapidio rapidio: avoid bogus __alloc_size warning 2021-11-06 13:30:33 -07:00
ras
regulator - Remove Drivers 2021-11-08 12:07:52 -08:00
remoteproc remoteproc: Remove vdev_to_rvdev and vdev_to_rproc from remoteproc API 2021-10-15 09:49:55 -05:00
reset ARM: SoC drivers for 5.16 2021-11-03 17:00:52 -07:00
rpmsg remoteproc updates for v5.16 2021-11-10 09:07:26 -08:00
rtc RTC for 5.16 2021-11-12 11:44:31 -08:00
s390 s390: replace snprintf in show functions with sysfs_emit 2021-11-16 12:29:19 +01:00
sbus
scsi SCSI fixes on 20211204 2021-12-04 08:28:42 -08:00
sh
siox
slimbus
soc Merge branch 'exit-cleanups-for-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2021-11-10 16:15:54 -08:00
soundwire soundwire: qcom: add debugfs entry for soundwire register dump 2021-10-20 20:54:59 +05:30
spi spi: Fixes for v5.16 2021-11-18 14:35:41 -08:00
spmi
ssb
staging media: hantro: drop unused vb2 headers 2021-12-07 11:29:55 +01:00
target scsi: target: configfs: Delete unnecessary checks for NULL 2021-11-18 23:07:02 -05:00
tc
tee optee: fix kfree NULL pointer 2021-11-16 14:41:23 +01:00
thermal Merge branch 'thermal-int340x' 2021-11-18 20:40:28 +01:00
thunderbolt thunderbolt: Changes for v5.16 merge window 2021-10-25 13:17:29 +02:00
tty TTY/Serial fixes for 5.16-rc4 2021-12-05 09:13:20 -08:00
uio Drivers: hv: vmbus: Mark vmbus ring buffer visible to host in Isolation VM 2021-10-28 11:22:23 +00:00
usb usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init() 2021-12-03 13:57:45 +01:00
vdpa vdpa_sim: avoid putting an uninitialized iova_domain 2021-11-24 19:00:29 -05:00
vfio vfio/pci: Fix OpRegion read 2021-11-30 11:41:49 -07:00
vhost vhost-vdpa: clean irqs before reseting vdpa device 2021-11-24 19:00:28 -05:00
video TTY/Serial fixes for 5.16-rc4 2021-12-05 09:13:20 -08:00
virt
virtio Revert "virtio_ring: validate used buffer length" 2021-11-24 18:47:27 -05:00
visorbus
vlynq
vme
w1
watchdog linux-watchdog 5.16-rc1 tag 2021-11-10 09:41:22 -08:00
xen xen: detect uninitialized xenbus in xenbus_init 2021-11-24 08:55:15 -06:00
zorro
Kconfig
Makefile