Patch "media: s5p-mfc: Fix potential deadlock on condlock" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    media: s5p-mfc: Fix potential deadlock on condlock

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     media-s5p-mfc-fix-potential-deadlock-on-condlock.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 4b2d6a53539fc0b86694b474542230056cd74c5e
Author: Chengfeng Ye <dg573847474@xxxxxxxxx>
Date:   Tue Sep 26 10:53:30 2023 +0000

    media: s5p-mfc: Fix potential deadlock on condlock
    
    [ Upstream commit 04d19e65137e3cd4a5004e624c85c762933d115c ]
    
    As &dev->condlock is acquired under irq context along the following
    call chain from s5p_mfc_irq(), other acquisition of the same lock
    inside process context or softirq context should disable irq avoid double
    lock. enc_post_frame_start() seems to be one such function that execute
    under process context or softirq context.
    
    <deadlock #1>
    
    enc_post_frame_start()
    --> clear_work_bit()
    --> spin_loc(&dev->condlock)
    <interrupt>
       --> s5p_mfc_irq()
       --> s5p_mfc_handle_frame()
       --> clear_work_bit()
       --> spin_lock(&dev->condlock)
    
    This flaw was found by an experimental static analysis tool I am
    developing for irq-related deadlock.
    
    To prevent the potential deadlock, the patch change clear_work_bit()
    inside enc_post_frame_start() to clear_work_bit_irqsave().
    
    Signed-off-by: Chengfeng Ye <dg573847474@xxxxxxxxx>
    Acked-by: Marek Szyprowski <m.szyprowski@xxxxxxxxxxx>
    Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_enc.c b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_enc.c
index f62703cebb77c..4b4c129c09e70 100644
--- a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_enc.c
+++ b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_enc.c
@@ -1297,7 +1297,7 @@ static int enc_post_frame_start(struct s5p_mfc_ctx *ctx)
 	if (ctx->state == MFCINST_FINISHING && ctx->ref_queue_cnt == 0)
 		src_ready = false;
 	if (!src_ready || ctx->dst_queue_cnt == 0)
-		clear_work_bit(ctx);
+		clear_work_bit_irqsave(ctx);
 
 	return 0;
 }




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux