From 6633327d59067fe16128d66968cd50a10ca7a09c Mon Sep 17 00:00:00 2001 From: Alexey Khoroshilov Date: Sat, 9 Nov 2013 18:28:43 -0300 Subject: [PATCH] [media] dvb_demux: fix deadlock in dmx_section_feed_release_filter() dmx_section_feed_release_filter() locks dvbdmx->mutex and if the feed is still filtering, it calls feed->stop_filtering(feed). stop_filtering() is implemented by dmx_section_feed_stop_filtering() that first of all try to lock the same mutex: dvbdmx->mutex. That leads to a deadlock. It does not happen often in practice because all callers of release_filter() stop filtering by themselves. So the problem can happen in case of race condition only. The patch releases dvbdmx->mutex before call to feed->stop_filtering(feed) and reacquires the mutex after that. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov Signed-off-by: Michael Krufky Signed-off-by: Mauro Carvalho Chehab --- drivers/media/dvb-core/dvb_demux.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/media/dvb-core/dvb_demux.c b/drivers/media/dvb-core/dvb_demux.c index 58de441..25f3c64 100644 --- a/drivers/media/dvb-core/dvb_demux.c +++ b/drivers/media/dvb-core/dvb_demux.c @@ -1032,8 +1032,13 @@ static int dmx_section_feed_release_filter(struct dmx_section_feed *feed, return -EINVAL; } - if (feed->is_filtering) + if (feed->is_filtering) { + /* release dvbdmx->mutex as far as + it is acquired by stop_filtering() itself */ + mutex_unlock(&dvbdmx->mutex); feed->stop_filtering(feed); + mutex_lock(&dvbdmx->mutex); + } spin_lock_irq(&dvbdmx->lock); f = dvbdmxfeed->filter; -- 2.7.4