On Fri, Apr 23, 2010 at 8:22 PM, Alan Cox alan@lxorguk.ukuu.org.uk wrote:
Various bits of the DRM deal with minor->master:
In the case of the open helper its protected by the struct mutex.
In the release path it's protected on some paths, but not this one ...
/* if the master has gone away we can't do anything with the lock */ if (file_priv->minor->master) drm_master_release(dev, filp);
and I can't see what makes this safe if the drm_release for the master and a client occur at the same time ?
lock_kernel in drm_release. We probably need to clean that up.
The setmaster/dropmaster ioctl seems similar - the various conditional checks are not protected from parallel changes occuring during their execution.
Is this a bug or is something clever afoot ?
These ioctls are also under the BKL.
So yes its nasty, and we should probably grow a minor lock to protect that.
Dave.