2013-09-17 22:29:34

by John Tapsell

[permalink] [raw]
Subject: [PATCH] fbcon: fix deadlock in fbcon_generic_blank()

Do not lock fb_info when calling sending the FB_EVENT_CONBLANK
event.

In fbmem.c, the semantics are that we acquire the lock_fb_info first,
and then console_lock. However when fbcon.c fbcon_generic_blank() is
called, the console lock could already be held. Locking fb_info can
thus cause a deadlock.

fbmem.c sends the FB_EVENT_BLANK without locking lock_fb_info first, so
this change introduces similar behaviour.

Signed-off-by: John Tapsell <[email protected]>

---
drivers/video/console/fbcon.c | 4 ----
1 file changed, 4 deletions(-)

diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
index 6b4fb5c..8546441 100644
--- a/drivers/video/console/fbcon.c
+++ b/drivers/video/console/fbcon.c
@@ -2333,13 +2333,9 @@ static void fbcon_generic_blank(struct vc_data
*vc, struct fb_info *info,
vc->vc_video_erase_char = oldc;
}

-
- if (!lock_fb_info(info))
- return;
event.info = info;
event.data = &blank;
fb_notifier_call_chain(FB_EVENT_CONBLANK, &event);
- unlock_fb_info(info);
}

static int fbcon_blank(struct vc_data *vc, int blank, int mode_switch)
--
1.8.1.2


2013-09-27 07:15:58

by Tomi Valkeinen

[permalink] [raw]
Subject: Re: [PATCH] fbcon: fix deadlock in fbcon_generic_blank()

Hi,

On 18/09/13 01:29, John Tapsell wrote:
> Do not lock fb_info when calling sending the FB_EVENT_CONBLANK
> event.
>
> In fbmem.c, the semantics are that we acquire the lock_fb_info first,
> and then console_lock. However when fbcon.c fbcon_generic_blank() is
> called, the console lock could already be held. Locking fb_info can
> thus cause a deadlock.

So has this happened for you? Or is it just theoretical?

> fbmem.c sends the FB_EVENT_BLANK without locking lock_fb_info first, so
> this change introduces similar behaviour.

I don't think this is true. FB_EVENT_BLANK is sent in fb_blank(). That
one is called when FBIOBLANK ioctl is called, and it does lock_fb_info().

I'm not familiar with the console code, but removing a lock makes me
feel rather uneasy... But looking at the code, I can also see that
console_lock could already be held, so something here definitely looks
broken.

The only place using FB_EVENT_CONBLANK seems to be backlight, and if I'm
not mistaken, it has its own lock, and doesn't depend on the fb_info
being locked.

Tomi


Attachments:
signature.asc (901.00 B)
OpenPGP digital signature