From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.de>,
Ovidiu Panait <ovidiu.panait@windriver.com>
Subject: [PATCH 4.19 09/15] ALSA: pcm: Fix races among concurrent read/write and buffer changes
Date: Fri, 13 May 2022 16:23:31 +0200 [thread overview]
Message-ID: <20220513142228.170275746@linuxfoundation.org> (raw)
In-Reply-To: <20220513142227.897535454@linuxfoundation.org>
From: Takashi Iwai <tiwai@suse.de>
commit dca947d4d26dbf925a64a6cfb2ddbc035e831a3d upstream.
In the current PCM design, the read/write syscalls (as well as the
equivalent ioctls) are allowed before the PCM stream is running, that
is, at PCM PREPARED state. Meanwhile, we also allow to re-issue
hw_params and hw_free ioctl calls at the PREPARED state that may
change or free the buffers, too. The problem is that there is no
protection against those mix-ups.
This patch applies the previously introduced runtime->buffer_mutex to
the read/write operations so that the concurrent hw_params or hw_free
call can no longer interfere during the operation. The mutex is
unlocked before scheduling, so we don't take it too long.
Cc: <stable@vger.kernel.org>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20220322170720.3529-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/pcm_lib.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/sound/core/pcm_lib.c
+++ b/sound/core/pcm_lib.c
@@ -1876,9 +1876,11 @@ static int wait_for_avail(struct snd_pcm
if (avail >= runtime->twake)
break;
snd_pcm_stream_unlock_irq(substream);
+ mutex_unlock(&runtime->buffer_mutex);
tout = schedule_timeout(wait_time);
+ mutex_lock(&runtime->buffer_mutex);
snd_pcm_stream_lock_irq(substream);
set_current_state(TASK_INTERRUPTIBLE);
switch (runtime->status->state) {
@@ -2172,6 +2174,7 @@ snd_pcm_sframes_t __snd_pcm_lib_xfer(str
nonblock = !!(substream->f_flags & O_NONBLOCK);
+ mutex_lock(&runtime->buffer_mutex);
snd_pcm_stream_lock_irq(substream);
err = pcm_accessible_state(runtime);
if (err < 0)
@@ -2254,6 +2257,7 @@ snd_pcm_sframes_t __snd_pcm_lib_xfer(str
if (xfer > 0 && err >= 0)
snd_pcm_update_state(substream, runtime);
snd_pcm_stream_unlock_irq(substream);
+ mutex_unlock(&runtime->buffer_mutex);
return xfer > 0 ? (snd_pcm_sframes_t)xfer : err;
}
EXPORT_SYMBOL(__snd_pcm_lib_xfer);
next prev parent reply other threads:[~2022-05-13 14:30 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-13 14:23 [PATCH 4.19 00/15] 4.19.243-rc1 review Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 01/15] MIPS: Use address-of operator on section symbols Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 02/15] block: drbd: drbd_nl: Make conversion to enum drbd_ret_code explicit Greg Kroah-Hartman
2022-05-13 14:23 ` [Drbd-dev] " Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 03/15] drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types Greg Kroah-Hartman
2022-05-13 14:23 ` Greg Kroah-Hartman
2022-05-13 14:23 ` Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 04/15] nfp: bpf: silence bitwise vs. logical OR warning Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 05/15] can: grcan: grcan_probe(): fix broken system id check for errata workaround needs Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 06/15] can: grcan: only use the NAPI poll budget for RX Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 07/15] Bluetooth: Fix the creation of hdev->name Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 08/15] ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Greg Kroah-Hartman
2022-05-13 14:23 ` Greg Kroah-Hartman [this message]
2022-05-13 14:23 ` [PATCH 4.19 10/15] ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 11/15] ALSA: pcm: Fix races among concurrent prealloc proc writes Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 12/15] ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 13/15] mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 14/15] mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() Greg Kroah-Hartman
2022-05-13 14:23 ` [PATCH 4.19 15/15] VFS: Fix memory leak caused by concurrently mounting fs with subtype Greg Kroah-Hartman
2022-05-13 16:40 ` [PATCH 4.19 00/15] 4.19.243-rc1 review Jon Hunter
2022-05-13 18:45 ` Pavel Machek
2022-05-13 20:39 ` Shuah Khan
2022-05-14 6:19 ` Samuel Zou
2022-05-14 14:28 ` Sudip Mukherjee
2022-05-14 14:53 ` Guenter Roeck
2022-05-14 15:06 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220513142228.170275746@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ovidiu.panait@windriver.com \
--cc=perex@perex.cz \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.