From bd36d3bab2e3d08f80766c86487090dbceed4651 Mon Sep 17 00:00:00 2001 From: Marius Vlad Date: Wed, 13 Dec 2017 20:10:48 +0200 Subject: [PATCH] drm/drm_lease: Prevent deadlock in case drm_lease_create() fails This case can been seen when creating the lease with the same objects passed. [ 605.515097] 2 locks held by testapp/3337: [ 605.519027] #0: (&dev->mode_config.idr_mutex){......}, at: [] drm_mode_create_lease_ioctl+0x384/0x858 [ 605.530045] #1: (&dev->mode_config.idr_mutex){......}, at: [] drm_lease_destroy+0x2c/0x110 Which was causing the process to hang: [ 605.398827] [] __switch_to+0x94/0xa8 [ 605.404030] [] __schedule+0x1b0/0x698 [ 605.409322] [] schedule+0x3c/0xa8 [ 605.414260] [] schedule_preempt_disabled+0x20/0x38 [ 605.420677] [] mutex_lock_nested+0x158/0x340 [ 605.426572] [] drm_lease_destroy+0x2c/0x110 [ 605.432389] [] drm_master_put+0xc0/0xc8 [ 605.437845] [] drm_mode_create_lease_ioctl+0x47c/0x858 [ 605.444612] [] drm_ioctl+0x198/0x448 [ 605.449811] [] do_vfs_ioctl+0xa4/0x748 [ 605.455192] [] SyS_ioctl+0x8c/0xa0 [ 605.460216] [] __sys_trace_return+0x0/0x4 drm_mode_create_lease_ioctl() calls drm_lease_create() which acquires a lock on dev->mode_config.idr_mutex. In case of failure, drm_lease_create() calls drm_master_put() which in turn tries to acquire the same lock when calling drm_lease_destroy(). v2: - Reverse the order at exit in case of fail, so that unlocking takes place before dropping the reference. - Include detail information about deadlock (Daniel Vetter) Signed-off-by: Marius Vlad Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20171213181048.32719-1-marius-cristian.vlad@nxp.com --- drivers/gpu/drm/drm_lease.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_lease.c b/drivers/gpu/drm/drm_lease.c index d1eb56a1eff4..59849f02e2ad 100644 --- a/drivers/gpu/drm/drm_lease.c +++ b/drivers/gpu/drm/drm_lease.c @@ -254,10 +254,10 @@ static struct drm_master *drm_lease_create(struct drm_master *lessor, struct idr return lessee; out_lessee: - drm_master_put(&lessee); - mutex_unlock(&dev->mode_config.idr_mutex); + drm_master_put(&lessee); + return ERR_PTR(error); } -- GitLab