| Message ID | 1381179861-16408-1-git-send-email-khoroshilov@ispras.ru (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
diff --git a/drivers/media/dvb-core/dvb_demux.c b/drivers/media/dvb-core/dvb_demux.c index 3485655..6de3bd0 100644 --- a/drivers/media/dvb-core/dvb_demux.c +++ b/drivers/media/dvb-core/dvb_demux.c @@ -1027,8 +1027,13 @@ static int dmx_section_feed_release_filter(struct dmx_section_feed *feed, return -EINVAL; } - if (feed->is_filtering) + if (feed->is_filtering) { + /* release dvbdmx->mutex as far as + it is acquired by stop_filtering() itself */ + mutex_unlock(&dvbdmx->mutex); feed->stop_filtering(feed); + mutex_lock(&dvbdmx->mutex); + } spin_lock_irq(&dvbdmx->lock); f = dvbdmxfeed->filter;
dmx_section_feed_release_filter() locks dvbdmx->mutex and if the feed is still filtering, it calls feed->stop_filtering(feed). stop_filtering() is implemented by dmx_section_feed_stop_filtering() that first of all try to lock the same mutex: dvbdmx->mutex. That leads to a deadlock. It does not happen often in practice because all callers of release_filter() stop filtering by themselves. So the problem can happen in case of race condition only. The patch releases dvbdmx->mutex before call to feed->stop_filtering(feed) and reacquires the mutex after that. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> --- drivers/media/dvb-core/dvb_demux.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)