* [PATCH] ALSA: core: Serialize deferred fasync state checks
@ 2026-05-06 3:34 Cássio Gabriel
2026-05-06 8:08 ` Takashi Iwai
0 siblings, 1 reply; 2+ messages in thread
From: Cássio Gabriel @ 2026-05-06 3:34 UTC (permalink / raw)
To: Takashi Iwai, Jaroslav Kysela
Cc: linux-sound, linux-kernel, stable, Cássio Gabriel
snd_fasync_helper() updates fasync->on under snd_fasync_lock, and
snd_fasync_work_fn() now also evaluates fasync->on under the same
lock. snd_kill_fasync() still tests the flag before taking the lock,
leaving an unsynchronized read against FASYNC enable/disable updates.
Move the enabled-state check into the locked section.
Also clear fasync->on under snd_fasync_lock in snd_fasync_free()
before unlinking the pending entry. Together with the locked sender-side
check, this publishes teardown before flushing the deferred work and
prevents a racing sender from requeueing the entry after free has
started.
Fixes: ef34a0ae7a26 ("ALSA: core: Add async signal helpers")
Fixes: 8146cd333d23 ("ALSA: core: Fix potential data race at fasync handling")
Cc: stable@vger.kernel.org
Signed-off-by: Cássio Gabriel <cassiogabrielcontato@gmail.com>
---
sound/core/misc.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/sound/core/misc.c b/sound/core/misc.c
index 5aca09edf971..833124c8e4fa 100644
--- a/sound/core/misc.c
+++ b/sound/core/misc.c
@@ -148,9 +148,11 @@ EXPORT_SYMBOL_GPL(snd_fasync_helper);
void snd_kill_fasync(struct snd_fasync *fasync, int signal, int poll)
{
- if (!fasync || !fasync->on)
+ if (!fasync)
return;
guard(spinlock_irqsave)(&snd_fasync_lock);
+ if (!fasync->on)
+ return;
fasync->signal = signal;
fasync->poll = poll;
list_move(&fasync->list, &snd_fasync_list);
@@ -163,8 +165,10 @@ void snd_fasync_free(struct snd_fasync *fasync)
if (!fasync)
return;
- scoped_guard(spinlock_irq, &snd_fasync_lock)
+ scoped_guard(spinlock_irq, &snd_fasync_lock) {
+ fasync->on = 0;
list_del_init(&fasync->list);
+ }
flush_work(&snd_fasync_work);
kfree(fasync);
---
base-commit: 0d672ef050d4e1c3891c9944f72c85769978bbee
change-id: 20260422-alsa-core-fasync-on-lock-5cbcd51f69bb
Best regards,
--
Cássio Gabriel <cassiogabrielcontato@gmail.com>
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] ALSA: core: Serialize deferred fasync state checks
2026-05-06 3:34 [PATCH] ALSA: core: Serialize deferred fasync state checks Cássio Gabriel
@ 2026-05-06 8:08 ` Takashi Iwai
0 siblings, 0 replies; 2+ messages in thread
From: Takashi Iwai @ 2026-05-06 8:08 UTC (permalink / raw)
To: Cássio Gabriel
Cc: Takashi Iwai, Jaroslav Kysela, linux-sound, linux-kernel, stable
On Wed, 06 May 2026 05:34:47 +0200,
Cássio Gabriel wrote:
>
> snd_fasync_helper() updates fasync->on under snd_fasync_lock, and
> snd_fasync_work_fn() now also evaluates fasync->on under the same
> lock. snd_kill_fasync() still tests the flag before taking the lock,
> leaving an unsynchronized read against FASYNC enable/disable updates.
>
> Move the enabled-state check into the locked section.
>
> Also clear fasync->on under snd_fasync_lock in snd_fasync_free()
> before unlinking the pending entry. Together with the locked sender-side
> check, this publishes teardown before flushing the deferred work and
> prevents a racing sender from requeueing the entry after free has
> started.
>
> Fixes: ef34a0ae7a26 ("ALSA: core: Add async signal helpers")
> Fixes: 8146cd333d23 ("ALSA: core: Fix potential data race at fasync handling")
> Cc: stable@vger.kernel.org
> Signed-off-by: Cássio Gabriel <cassiogabrielcontato@gmail.com>
Thanks, applied now.
Takashi
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-06 8:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-06 3:34 [PATCH] ALSA: core: Serialize deferred fasync state checks Cássio Gabriel
2026-05-06 8:08 ` Takashi Iwai
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox