From: Takashi Iwai <tiwai@suse.de>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: alsa-devel@alsa-project.org, Jie Yang <yang.jie@intel.com>,
Mark Brown <broonie@kernel.org>, Jaroslav Kysela <perex@perex.cz>,
LKML <linux-kernel@vger.kernel.org>,
Eric Dumazet <edumazet@google.com>,
Alexander Potapenko <glider@google.com>,
Kostya Serebryany <kcc@google.com>,
syzkaller <syzkaller@googlegroups.com>,
Sasha Levin <sasha.levin@oracle.com>
Subject: Re: sound: use-after-free in snd_timer_interrupt
Date: Fri, 15 Jan 2016 12:00:05 +0100 [thread overview]
Message-ID: <s5hwprbt8ei.wl-tiwai@suse.de> (raw)
In-Reply-To: <CACT4Y+a-=mrGALS+yf4GwGmJGLWXVJ0mbucPAkZ7WSGFaSR0Kw@mail.gmail.com>
On Fri, 15 Jan 2016 09:06:10 +0100,
Dmitry Vyukov wrote:
>
> On Thu, Jan 14, 2016 at 5:09 PM, Takashi Iwai <tiwai@suse.de> wrote:
> > On Wed, 13 Jan 2016 21:54:10 +0100,
> > Takashi Iwai wrote:
> >>
> >> OK, then this might be a possible race at the current snd_timer_stop()
> >> implementation. There is no sync action there, so the ISR might be
> >> still alive after snd_timer_close() call. Or might be another race.
> >> This pattern looks a bit different, as it's involved with hrtimer.
> >>
> >> I'll take a look at it tomorrow.
> >
> > I've audited the code today, but the open window doesn't look like
> > what I expected. I found only some possible cases with slave timer
> > instances.
> >
> > In anyway, below is a test fix patch. Since I couldn't reproduce the
> > issue on my local machines, it's hard to say whether this covers the
> > holes you fell. Let's see...
>
>
> Hi Takashi,
>
> I would be interested to understand why other people can't reproduce
> issues that I hit pretty reliably.
> I suspect that it can be due to .config. Please try with the following
> config values.
I guess rather other config, e.g. the kernel debug options.
I suppose you enabled KASAN and DEBUG_LIST. What else?
> I also start qemu with "-soundhw all" arg.
OK, so you're testing with VM? This makes easier to recheck.
Takashi
next prev parent reply other threads:[~2016-01-15 11:00 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-13 15:00 sound: use-after-free in snd_timer_interrupt Dmitry Vyukov
2016-01-13 16:53 ` Takashi Iwai
2016-01-13 16:53 ` Takashi Iwai
2016-01-13 18:34 ` Dmitry Vyukov
2016-01-13 18:34 ` Dmitry Vyukov
2016-01-13 19:05 ` Takashi Iwai
2016-01-13 19:30 ` Dmitry Vyukov
2016-01-13 19:30 ` Dmitry Vyukov
2016-01-13 19:41 ` Dmitry Vyukov
2016-01-13 19:41 ` Dmitry Vyukov
2016-01-13 20:30 ` Takashi Iwai
2016-01-13 20:48 ` Dmitry Vyukov
2016-01-13 20:54 ` Takashi Iwai
2016-01-14 16:09 ` Takashi Iwai
2016-01-15 8:06 ` Dmitry Vyukov
2016-01-15 11:00 ` Takashi Iwai [this message]
2016-01-15 11:03 ` Dmitry Vyukov
2016-01-15 13:51 ` Takashi Iwai
2016-01-15 14:38 ` Dmitry Vyukov
2016-01-15 15:21 ` Takashi Iwai
2016-01-15 15:28 ` Dmitry Vyukov
2016-01-15 15:39 ` Takashi Iwai
2016-01-15 15:39 ` Takashi Iwai
2016-01-15 19:13 ` Dmitry Vyukov
2016-01-15 19:18 ` Takashi Iwai
2016-01-15 19:47 ` Dmitry Vyukov
2016-01-15 21:22 ` Takashi Iwai
2016-01-15 21:44 ` Takashi Iwai
2016-01-15 21:44 ` Takashi Iwai
2016-01-18 10:53 ` Dmitry Vyukov
2016-01-18 13:06 ` Takashi Iwai
2016-01-18 13:30 ` Dmitry Vyukov
2016-01-18 13:36 ` Takashi Iwai
2016-01-13 20:45 ` Takashi Iwai
-- strict thread matches above, loose matches on Subject: below --
2016-04-02 9:08 Dmitry Vyukov
2016-04-02 9:08 ` Dmitry Vyukov
2016-04-02 16:30 ` Takashi Iwai
2016-04-02 16:30 ` Takashi Iwai
2016-04-03 6:06 ` Dmitry Vyukov
2016-04-03 6:06 ` Dmitry Vyukov
2016-04-03 6:33 ` Takashi Iwai
2016-04-03 6:33 ` Takashi Iwai
2016-04-20 7:56 ` Dmitry Vyukov
2016-04-20 8:08 ` Takashi Iwai
2016-04-20 8:08 ` Takashi Iwai
2016-04-20 10:31 ` Takashi Iwai
2016-04-20 10:31 ` Takashi Iwai
2016-04-21 8:14 ` Dmitry Vyukov
2016-04-21 8:14 ` Dmitry Vyukov
2016-04-21 8:31 ` Takashi Iwai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=s5hwprbt8ei.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=alsa-devel@alsa-project.org \
--cc=broonie@kernel.org \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=glider@google.com \
--cc=kcc@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=perex@perex.cz \
--cc=sasha.levin@oracle.com \
--cc=syzkaller@googlegroups.com \
--cc=yang.jie@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.