Skip to content

Commit

Permalink
fbdev: bugfix for multiprocess defio
Browse files Browse the repository at this point in the history 
This patch is a bugfix for how defio handles multiple processes manipulating
the same framebuffer.

Thanks to Bernard Blackham for identifying this bug.

It occurs when two applications mmap the same framebuffer and concurrently
write to the same page.  Normally, this doesn't occur since only a single
process mmaps the framebuffer.  The symptom of the bug is that the mapping
applications will hang.  The cause is that defio incorrectly tries to add the
same page twice to the pagelist.  The solution I have is to walk the pagelist
and check for a duplicate before adding.  Since I needed to walk the pagelist,
I now also keep the pagelist in sorted order.

Signed-off-by: Jaya Kumar <jayakumar.lkml@gmail.com>
Cc: Bernard Blackham <bernard@largestprime.net>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
@jayakumar2 @torvalds
jayakumar2 authored and torvalds committed Jul 12, 2008
1 parent 4fc89e3 commit f31ad92
Showing 1 changed file with 19 additions and 1 deletion.
20 changes: 19 additions & 1 deletion drivers/video/fb_defio.c
View file
Expand Up @@ -74,6 +74,7 @@ static int fb_deferred_io_mkwrite(struct vm_area_struct *vma,
{
struct fb_info *info = vma->vm_private_data;
struct fb_deferred_io *fbdefio = info->fbdefio;
struct page *cur;

/* this is a callback we get when userspace first tries to
write to the page. we schedule a workqueue. that workqueue
Expand All @@ -83,7 +84,24 @@ static int fb_deferred_io_mkwrite(struct vm_area_struct *vma,

/* protect against the workqueue changing the page list */
mutex_lock(&fbdefio->lock);
list_add(&page->lru, &fbdefio->pagelist);

/* we loop through the pagelist before adding in order
to keep the pagelist sorted */
list_for_each_entry(cur, &fbdefio->pagelist, lru) {
/* this check is to catch the case where a new
process could start writing to the same page
through a new pte. this new access can cause the
mkwrite even when the original ps's pte is marked
writable */
if (unlikely(cur == page))
goto page_already_added;
else if (cur->index > page->index)
break;
}

list_add_tail(&page->lru, &cur->lru);

page_already_added:
mutex_unlock(&fbdefio->lock);

/* come back after delay to process the deferred IO */
Expand Down

0 comments on commit f31ad92

Please sign in to comment.