summaryrefslogtreecommitdiff
path: root/mm/mmap.c
diff options
context:
space:
mode:
authorDesmond Cheong Zhi Xi <desmondcheongzx@gmail.com>2021-07-02 17:18:31 +0800
committerJeff Layton <jlayton@kernel.org>2021-08-21 16:20:27 -0400
commit2f488f698fda820f8e6fa0407630154eceb145d6 (patch)
tree62a61f3ec6f3227127a1572c05fd56408081d52e /mm/mmap.c
parentf671a691e299f58835d4660d642582bf0e8f6fda (diff)
fcntl: fix potential deadlock for &fasync_struct.fa_lock
There is an existing lock hierarchy of &dev->event_lock --> &fasync_struct.fa_lock --> &f->f_owner.lock from the following call chain: input_inject_event(): spin_lock_irqsave(&dev->event_lock,...); input_handle_event(): input_pass_values(): input_to_handler(): evdev_events(): evdev_pass_values(): spin_lock(&client->buffer_lock); __pass_event(): kill_fasync(): kill_fasync_rcu(): read_lock(&fa->fa_lock); send_sigio(): read_lock_irqsave(&fown->lock,...); &dev->event_lock is HARDIRQ-safe, so interrupts have to be disabled while grabbing &fasync_struct.fa_lock, otherwise we invert the lock hierarchy. However, since kill_fasync which calls kill_fasync_rcu is an exported symbol, it may not necessarily be called with interrupts disabled. As kill_fasync_rcu may be called with interrupts disabled (for example, in the call chain above), we replace calls to read_lock/read_unlock on &fasync_struct.fa_lock in kill_fasync_rcu with read_lock_irqsave/read_unlock_irqrestore. Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com> Signed-off-by: Jeff Layton <jlayton@kernel.org>
Diffstat (limited to 'mm/mmap.c')
0 files changed, 0 insertions, 0 deletions