From: Ingo Molnar <mingo@elte.hu>
To: Arjan van de Ven <arjan@infradead.org>
Cc: ajwade@cpe001346162bf9-cm0011ae8cd564.cpe.net.cable.rogers.com,
perex@suse.cz, Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org, mingo@redhat.com
Subject: Re: Badness in __mutex_unlock_slowpath
Date: Sun, 8 Jan 2006 09:53:32 +0100 [thread overview]
Message-ID: <20060108085332.GA12084@elte.hu> (raw)
In-Reply-To: <1136668423.2936.39.camel@laptopd505.fenrus.org>
* Arjan van de Ven <arjan@infradead.org> wrote:
> this looks like a really evil alsa bug:
>
> (pre mutex code below)
> up(&file->f_dentry->d_inode->i_sem);
> result = snd_pcm_oss_write1(substream, buf, count);
> down(&file->f_dentry->d_inode->i_sem);
> this is a .write method of a driver, which doesn't run with i_sem held
> at all. Best guess I have is that this code has up() and down()
> confused and switched...
well snd_pcm_oss_read1() is not using the mutex at all - nor any other
functions here. So the patch below removes the i_mutex use. _If_ some
synchronization is needed it would be needed in the read1 case too: it
is destructive to a sound stream when it is 'read' and when it is
'written' just as much.
the bug could cause inode corruption on the VFS level: one thread
unlocks an inode it doesnt own - this could surprise another thread
holding that mutex and could allow a third thread to lock it and thus
two threads would be in a critical section - bad.
Ingo
--
remove bogus i_mutex use from sound/core/oss/pcm_oss.c.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
----
sound/core/oss/pcm_oss.c | 2 --
1 files changed, 2 deletions(-)
Index: linux/sound/core/oss/pcm_oss.c
===================================================================
--- linux.orig/sound/core/oss/pcm_oss.c
+++ linux/sound/core/oss/pcm_oss.c
@@ -2135,9 +2135,7 @@ static ssize_t snd_pcm_oss_write(struct
substream = pcm_oss_file->streams[SNDRV_PCM_STREAM_PLAYBACK];
if (substream == NULL)
return -ENXIO;
- mutex_unlock(&file->f_dentry->d_inode->i_mutex);
result = snd_pcm_oss_write1(substream, buf, count);
- mutex_lock(&file->f_dentry->d_inode->i_mutex);
#ifdef OSS_DEBUG
printk("pcm_oss: write %li bytes (wrote %li bytes)\n", (long)count, (long)result);
#endif
next prev parent reply other threads:[~2006-01-08 8:53 UTC|newest]
Thread overview: 134+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-07 13:22 2.6.15-mm2 Andrew Morton
2006-01-07 13:23 ` 2.6.15-mm2 Andrew Morton
2006-01-07 15:05 ` 2.6.15-mm2 Reuben Farrelly
2006-01-07 21:31 ` 2.6.15-mm2 Andrew Morton
2006-01-07 22:06 ` 2.6.15-mm2 Reuben Farrelly
2006-01-07 23:15 ` 2.6.15-mm2 Reuben Farrelly
2006-01-07 23:40 ` 2.6.15-mm2 Andrew Morton
2006-01-10 10:15 ` 2.6.15-mm2 Reuben Farrelly
2006-01-10 10:30 ` 2.6.15-mm2 Andrew Morton
2006-01-10 10:58 ` 2.6.15-mm2 Reuben Farrelly
2006-01-10 10:47 ` 2.6.15-mm2 Ingo Molnar
2006-01-10 10:52 ` 2.6.15-mm2 Ingo Molnar
2006-01-10 10:58 ` 2.6.15-mm2 Ingo Molnar
2006-01-10 11:34 ` 2.6.15-mm2 Ingo Molnar
2006-01-10 12:28 ` 2.6.15-mm2 Reuben Farrelly
2006-01-10 12:42 ` 2.6.15-mm2 Andrew Morton
2006-01-10 13:16 ` 2.6.15-mm2 Ingo Molnar
2006-01-11 4:16 ` 2.6.15-mm2 Neil Brown
2006-01-11 5:15 ` 2.6.15-mm2 Reuben Farrelly
2006-01-11 5:30 ` 2.6.15-mm2 Andrew Morton
2006-01-11 5:30 ` 2.6.15-mm2 Andrew Morton
2006-01-11 10:49 ` 2.6.15-mm2 Reuben Farrelly
2006-01-11 11:05 ` 2.6.15-mm2 Andrew Morton
2006-01-11 11:13 ` 2.6.15-mm2 Jens Axboe
2006-01-11 11:40 ` 2.6.15-mm2 Reuben Farrelly
2006-01-11 11:56 ` 2.6.15-mm2 Jens Axboe
2006-01-11 14:39 ` 2.6.15-mm2 Reuben Farrelly
2006-01-11 14:52 ` 2.6.15-mm2 Jens Axboe
2006-01-11 14:55 ` 2.6.15-mm2 Jens Axboe
2006-01-11 19:23 ` 2.6.15-mm2 Reuben Farrelly
2006-01-11 19:45 ` 2.6.15-mm2 Jens Axboe
2006-01-11 19:53 ` 2.6.15-mm2 Jens Axboe
2006-01-12 3:49 ` 2.6.15-mm2 Reuben Farrelly
2006-01-12 8:00 ` 2.6.15-mm2 Tejun Heo
2006-01-12 8:22 ` 2.6.15-mm2 Jens Axboe
[not found] ` <43C61598.7050004@reub.net>
2006-01-12 11:18 ` 2.6.15-mm2 Tejun Heo
2006-01-12 12:05 ` 2.6.15-mm2 Reuben Farrelly
2006-01-12 12:31 ` 2.6.15-mm2 Ric Wheeler
2006-01-12 12:39 ` 2.6.15-mm2 Reuben Farrelly
2006-01-12 13:55 ` 2.6.15-mm2 Tejun Heo
2006-01-12 14:10 ` 2.6.15-mm2 Jens Axboe
2006-01-12 14:20 ` 2.6.15-mm2 Tejun Heo
2006-01-12 19:26 ` 2.6.15-mm2 Reuben Farrelly
2006-01-12 20:32 ` 2.6.15-mm2 Andrew Morton
2006-01-12 20:51 ` 2.6.15-mm2 Jeff Garzik
2006-01-13 4:49 ` 2.6.15-mm2 Reuben Farrelly
2006-01-11 21:44 ` 2.6.15-mm2 Neil Brown
2006-01-12 7:35 ` 2.6.15-mm2 Jens Axboe
2006-01-07 15:08 ` 2.6.15-mm2 Jesper Juhl
2006-01-09 17:47 ` 2.6.15-mm2 Jesper Juhl
2006-01-09 17:57 ` 2.6.15-mm2 Dave Jones
2006-01-09 18:01 ` 2.6.15-mm2 Jesper Juhl
2006-01-09 18:24 ` 2.6.15-mm2 Hugh Dickins
2006-01-09 18:48 ` 2.6.15-mm2 Jesper Juhl
2006-01-09 19:16 ` 2.6.15-mm2 Hugh Dickins
2006-01-09 19:21 ` 2.6.15-mm2 Hugh Dickins
2006-01-09 19:39 ` 2.6.15-mm2 Jesper Juhl
2006-01-09 20:15 ` 2.6.15-mm Hugh Dickins
2006-01-09 20:30 ` 2.6.15-mm Jesper Juhl
2006-01-09 20:41 ` 2.6.15-mm Hugh Dickins
2006-01-09 20:46 ` [PATCH] fix Jesper's sg_page_free Bad page states Hugh Dickins
2006-01-09 20:44 ` 2.6.15-mm Mike Christie
2006-01-09 21:04 ` 2.6.15-mm Hugh Dickins
2006-01-07 16:20 ` 2.6.15-mm2: why is __get_page_state() global again? Adrian Bunk
2006-01-07 18:00 ` [-mm patch] drivers/block/amiflop.c: fix compilation Adrian Bunk
[not found] ` <20060107052221.61d0b600.akpm-3NddpPZAyC0@public.gmane.org>
2006-01-07 18:19 ` [-mm patch] drivers/acpi/: make two functions static Adrian Bunk
2006-01-07 18:19 ` Adrian Bunk
2006-01-07 18:21 ` [-mm patch] kernel/synchro-test.c: make 5 " Adrian Bunk
2006-01-07 19:31 ` 2.6.15-mm2 Brice Goglin
2006-01-07 21:04 ` 2.6.15-mm2 Dave Jones
2006-01-07 21:26 ` 2.6.15-mm2 Brice Goglin
2006-01-07 21:29 ` 2.6.15-mm2 David S. Miller
2006-01-07 21:41 ` 2.6.15-mm2 Arjan van de Ven
2006-01-07 21:42 ` 2.6.15-mm2 Dave Jones
2006-01-07 21:50 ` 2.6.15-mm2 Brice Goglin
2006-01-07 22:13 ` 2.6.15-mm2 Dave Jones
2006-01-07 22:26 ` 2.6.15-mm2 Brice Goglin
2006-01-11 18:41 ` 2.6.15-mm2 Brice Goglin
2006-01-11 20:29 ` 2.6.15-mm2 Dave Jones
2006-01-11 21:50 ` 2.6.15-mm2 Dave Airlie
2006-01-11 21:56 ` 2.6.15-mm2 Dave Jones
2006-01-11 23:50 ` 2.6.15-mm2 Dave Airlie
2006-01-12 10:58 ` 2.6.15-mm2 Ulrich Mueller
2006-01-12 17:11 ` 2.6.15-mm2 Dave Jones
2006-01-12 18:11 ` 2.6.15-mm2 Ulrich Mueller
2006-01-12 20:37 ` 2.6.15-mm2 Dave Airlie
2006-01-12 21:03 ` 2.6.15-mm2 Alan Hourihane
2006-01-12 22:02 ` 2.6.15-mm2 Dave Airlie
2006-01-13 8:32 ` 2.6.15-mm2 Alan Hourihane
2006-01-13 16:49 ` 2.6.15-mm2 Dave Jones
2006-01-12 19:12 ` 2.6.15-mm2 Brice Goglin
2006-01-12 19:21 ` 2.6.15-mm2 Dave Jones
[not found] ` <43C0172E.7040607-vYW+cPY1g1pg9hUCZPvPmw@public.gmane.org>
2006-01-07 22:58 ` 2.6.15-mm2 Andrew Morton
2006-01-07 22:58 ` 2.6.15-mm2 Andrew Morton
[not found] ` <20060107145800.113d7de5.akpm-3NddpPZAyC0@public.gmane.org>
2006-01-07 23:38 ` 2.6.15-mm2 Brice Goglin
2006-01-07 23:38 ` 2.6.15-mm2 Brice Goglin
[not found] ` <43C050FA.9040400-vYW+cPY1g1pg9hUCZPvPmw@public.gmane.org>
2006-01-08 12:24 ` 2.6.15-mm2 Andrew Morton
2006-01-08 12:24 ` 2.6.15-mm2 Andrew Morton
[not found] ` <20060108042425.4d0b8a76.akpm-3NddpPZAyC0@public.gmane.org>
2006-01-08 14:39 ` 2.6.15-mm2 Brice Goglin
2006-01-08 14:39 ` 2.6.15-mm2 Brice Goglin
[not found] ` <43C12404.1010306-vYW+cPY1g1pg9hUCZPvPmw@public.gmane.org>
2006-01-08 18:56 ` 2.6.15-mm2 Andrew Morton
2006-01-08 18:56 ` 2.6.15-mm2 Andrew Morton
2006-01-08 12:28 ` 2.6.15-mm2 Andrew Morton
2006-01-08 14:14 ` 2.6.15-mm2 Brice Goglin
2006-01-08 10:31 ` 2.6.15-mm2 Erik Slagter
[not found] ` <1136716282.7377.1.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2006-01-09 5:03 ` 2.6.15-mm2 Dave Jones
2006-01-07 20:51 ` Badness in __mutex_unlock_slowpath Andrew James Wade
2006-01-07 21:13 ` Arjan van de Ven
2006-01-08 8:53 ` Ingo Molnar [this message]
2006-01-07 21:06 ` 2.6.15-mm2: alpha broken Alexey Dobriyan
2006-01-07 23:48 ` Andrew Morton
2006-01-08 0:45 ` [PATCH -mm] fixup *at syscalls additions (alpha, sparc64) Alexey Dobriyan
2006-01-08 0:54 ` [PATCH -mm] Fixup arch/alpha/mm/init.c compilation Alexey Dobriyan
2006-01-08 12:31 ` 2.6.15-mm2: alpha broken Alexey Dobriyan
2006-01-11 2:24 ` Paul Jackson
2006-01-13 14:11 ` Adrian Bunk
2006-01-13 15:52 ` Paul Jackson
2006-01-13 16:37 ` Al Viro
2006-01-13 18:10 ` Paul Jackson
2006-01-13 18:19 ` Randy.Dunlap
2006-01-13 19:05 ` Thomas Gleixner
2006-01-13 21:08 ` Adrian Bunk
2006-01-13 21:12 ` Randy.Dunlap
2006-01-13 21:32 ` Adrian Bunk
2006-01-13 21:52 ` Paul Jackson
2006-01-13 22:18 ` Andrew Morton
2006-01-13 19:26 ` Andrew Morton
2006-01-13 21:05 ` Adrian Bunk
2006-01-08 0:40 ` 2.6.15-mm2 Alexander Gran
[not found] ` <200601080139.34774@zodiac.zodiac.dnsalias.org>
[not found] ` <20060107175056.3d7a2895.akpm@osdl.org>
2006-01-10 0:30 ` 2.6.15-mm2 Alexander Gran
2006-01-10 1:22 ` 2.6.15-mm2 Andrew Morton
2006-01-10 21:20 ` 2.6.15-mm2 Serge E. Hallyn
2006-01-10 21:20 ` 2.6.15-mm2 Serge E. Hallyn
-- strict thread matches above, loose matches on Subject: below --
2006-01-08 7:43 Badness in __mutex_unlock_slowpath Chuck Ebbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060108085332.GA12084@elte.hu \
--to=mingo@elte.hu \
--cc=ajwade@cpe001346162bf9-cm0011ae8cd564.cpe.net.cable.rogers.com \
--cc=akpm@osdl.org \
--cc=arjan@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=perex@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.