From: Dan Carpenter <dan.carpenter@oracle.com>
To: tiwai@suse.de
Cc: alsa-devel@alsa-project.org
Subject: [bug report] ALSA: rawmidi: Avoid racy info ioctl via ctl device
Date: Mon, 1 Feb 2021 15:55:16 +0300 [thread overview]
Message-ID: <YBf6NOKafgp8XfDZ@mwanda> (raw)
Hello Takashi Iwai,
The patch c1cfd9025cc3: "ALSA: rawmidi: Avoid racy info ioctl via ctl
device" from Dec 14, 2017, leads to the following static checker
warning:
sound/core/rawmidi.c:651 snd_rawmidi_info_select()
warn: called with lock held. '®ister_mutex'
sound/core/seq/seq_midi.c
297 mutex_lock(®ister_mutex);
^^^^^^^^^^^^^^^
Holding this lock.
298 client = synths[card->number];
299 if (client == NULL) {
300 newclient = 1;
301 client = kzalloc(sizeof(*client), GFP_KERNEL);
302 if (client == NULL) {
303 mutex_unlock(®ister_mutex);
304 kfree(info);
305 return -ENOMEM;
306 }
307 client->seq_client =
308 snd_seq_create_kernel_client(
309 card, 0, "%s", card->shortname[0] ?
310 (const char *)card->shortname : "External MIDI");
311 if (client->seq_client < 0) {
312 kfree(client);
313 mutex_unlock(®ister_mutex);
314 kfree(info);
315 return -ENOMEM;
316 }
317 }
318
319 msynth = kcalloc(ports, sizeof(struct seq_midisynth), GFP_KERNEL);
320 port = kmalloc(sizeof(*port), GFP_KERNEL);
321 if (msynth == NULL || port == NULL)
322 goto __nomem;
323
324 for (p = 0; p < ports; p++) {
325 ms = &msynth[p];
326
327 if (snd_seq_midisynth_new(ms, card, device, p) < 0)
328 goto __nomem;
329
330 /* declare port */
331 memset(port, 0, sizeof(*port));
332 port->addr.client = client->seq_client;
333 port->addr.port = device * (256 / SNDRV_RAWMIDI_DEVICES) + p;
334 port->flags = SNDRV_SEQ_PORT_FLG_GIVEN_PORT;
335 memset(info, 0, sizeof(*info));
336 info->device = device;
337 if (p < output_count)
338 info->stream = SNDRV_RAWMIDI_STREAM_OUTPUT;
339 else
340 info->stream = SNDRV_RAWMIDI_STREAM_INPUT;
341 info->subdevice = p;
342 if (snd_rawmidi_info_select(card, info) >= 0)
^^^^^^^^^^^^^^^^^^^^^^^
We can't call this function when we're holding the lock or it leads to
a deadlock. Before the patch, we used to rely on the callers to take
the lock before calling snd_rawmidi_info_select() but the patch moved
the lock inside the function.
343 strcpy(port->name, info->subname);
344 if (! port->name[0]) {
345 if (info->name[0]) {
346 if (ports > 1)
347 snprintf(port->name, sizeof(port->name), "%s-%u", info->name, p);
348 else
349 snprintf(port->name, sizeof(port->name), "%s", info->name);
regards,
dan carpenter
next reply other threads:[~2021-02-01 12:56 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-01 12:55 Dan Carpenter [this message]
2021-02-01 13:22 ` [bug report] ALSA: rawmidi: Avoid racy info ioctl via ctl device Takashi Iwai
2021-02-02 6:11 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YBf6NOKafgp8XfDZ@mwanda \
--to=dan.carpenter@oracle.com \
--cc=alsa-devel@alsa-project.org \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.