From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Takashi Iwai <tiwai@suse.de>
Subject: [PATCH 4.4 68/97] ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
Date: Sun, 22 Apr 2018 15:53:46 +0200 [thread overview]
Message-ID: <20180422135308.991252429@linuxfoundation.org> (raw)
In-Reply-To: <20180422135304.577223025@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 40cab6e88cb0b6c56d3f30b7491a20e803f948f6 upstream.
OSS PCM stream management isn't modal but it allows ioctls issued at
any time for changing the parameters. In the previous hardening
patch ("ALSA: pcm: Avoid potential races between OSS ioctls and
read/write"), we covered these races and prevent the corruption by
protecting the concurrent accesses via params_lock mutex. However,
this means that some ioctls that try to change the stream parameter
(e.g. channels or format) would be blocked until the read/write
finishes, and it may take really long.
Basically changing the parameter while reading/writing is an invalid
operation, hence it's even more user-friendly from the API POV if it
returns -EBUSY in such a situation.
This patch adds such checks in the relevant ioctls with the addition
of read/write access refcount.
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/sound/pcm_oss.h | 1 +
sound/core/oss/pcm_oss.c | 36 +++++++++++++++++++++++++++---------
2 files changed, 28 insertions(+), 9 deletions(-)
--- a/include/sound/pcm_oss.h
+++ b/include/sound/pcm_oss.h
@@ -57,6 +57,7 @@ struct snd_pcm_oss_runtime {
char *buffer; /* vmallocated period */
size_t buffer_used; /* used length from period buffer */
struct mutex params_lock;
+ atomic_t rw_ref; /* concurrent read/write accesses */
#ifdef CONFIG_SND_PCM_OSS_PLUGINS
struct snd_pcm_plugin *plugin_first;
struct snd_pcm_plugin *plugin_last;
--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -1404,6 +1404,7 @@ static ssize_t snd_pcm_oss_write1(struct
if (atomic_read(&substream->mmap_count))
return -ENXIO;
+ atomic_inc(&runtime->oss.rw_ref);
while (bytes > 0) {
if (mutex_lock_interruptible(&runtime->oss.params_lock)) {
tmp = -ERESTARTSYS;
@@ -1467,6 +1468,7 @@ static ssize_t snd_pcm_oss_write1(struct
}
tmp = 0;
}
+ atomic_dec(&runtime->oss.rw_ref);
return xfer > 0 ? (snd_pcm_sframes_t)xfer : tmp;
}
@@ -1512,6 +1514,7 @@ static ssize_t snd_pcm_oss_read1(struct
if (atomic_read(&substream->mmap_count))
return -ENXIO;
+ atomic_inc(&runtime->oss.rw_ref);
while (bytes > 0) {
if (mutex_lock_interruptible(&runtime->oss.params_lock)) {
tmp = -ERESTARTSYS;
@@ -1560,6 +1563,7 @@ static ssize_t snd_pcm_oss_read1(struct
}
tmp = 0;
}
+ atomic_dec(&runtime->oss.rw_ref);
return xfer > 0 ? (snd_pcm_sframes_t)xfer : tmp;
}
@@ -1666,8 +1670,11 @@ static int snd_pcm_oss_sync(struct snd_p
goto __direct;
if ((err = snd_pcm_oss_make_ready(substream)) < 0)
return err;
- if (mutex_lock_interruptible(&runtime->oss.params_lock))
+ atomic_inc(&runtime->oss.rw_ref);
+ if (mutex_lock_interruptible(&runtime->oss.params_lock)) {
+ atomic_dec(&runtime->oss.rw_ref);
return -ERESTARTSYS;
+ }
format = snd_pcm_oss_format_from(runtime->oss.format);
width = snd_pcm_format_physical_width(format);
if (runtime->oss.buffer_used > 0) {
@@ -1679,10 +1686,8 @@ static int snd_pcm_oss_sync(struct snd_p
runtime->oss.buffer + runtime->oss.buffer_used,
size);
err = snd_pcm_oss_sync1(substream, runtime->oss.period_bytes);
- if (err < 0) {
- mutex_unlock(&runtime->oss.params_lock);
- return err;
- }
+ if (err < 0)
+ goto unlock;
} else if (runtime->oss.period_ptr > 0) {
#ifdef OSS_DEBUG
pcm_dbg(substream->pcm, "sync: period_ptr\n");
@@ -1692,10 +1697,8 @@ static int snd_pcm_oss_sync(struct snd_p
runtime->oss.buffer,
size * 8 / width);
err = snd_pcm_oss_sync1(substream, size);
- if (err < 0) {
- mutex_unlock(&runtime->oss.params_lock);
- return err;
- }
+ if (err < 0)
+ goto unlock;
}
/*
* The ALSA's period might be a bit large than OSS one.
@@ -1726,7 +1729,11 @@ static int snd_pcm_oss_sync(struct snd_p
snd_pcm_lib_writev(substream, buffers, size);
}
}
+unlock:
mutex_unlock(&runtime->oss.params_lock);
+ atomic_dec(&runtime->oss.rw_ref);
+ if (err < 0)
+ return err;
/*
* finish sync: drain the buffer
*/
@@ -1774,6 +1781,8 @@ static int snd_pcm_oss_set_rate(struct s
rate = 192000;
if (mutex_lock_interruptible(&runtime->oss.params_lock))
return -ERESTARTSYS;
+ if (atomic_read(&runtime->oss.rw_ref))
+ return -EBUSY;
if (runtime->oss.rate != rate) {
runtime->oss.params = 1;
runtime->oss.rate = rate;
@@ -1808,6 +1817,8 @@ static int snd_pcm_oss_set_channels(stru
runtime = substream->runtime;
if (mutex_lock_interruptible(&runtime->oss.params_lock))
return -ERESTARTSYS;
+ if (atomic_read(&runtime->oss.rw_ref))
+ return -EBUSY;
if (runtime->oss.channels != channels) {
runtime->oss.params = 1;
runtime->oss.channels = channels;
@@ -1898,6 +1909,8 @@ static int snd_pcm_oss_set_format(struct
if (substream == NULL)
continue;
runtime = substream->runtime;
+ if (atomic_read(&runtime->oss.rw_ref))
+ return -EBUSY;
if (mutex_lock_interruptible(&runtime->oss.params_lock))
return -ERESTARTSYS;
if (runtime->oss.format != format) {
@@ -1952,6 +1965,8 @@ static int snd_pcm_oss_set_subdivide(str
if (substream == NULL)
continue;
runtime = substream->runtime;
+ if (atomic_read(&runtime->oss.rw_ref))
+ return -EBUSY;
if (mutex_lock_interruptible(&runtime->oss.params_lock))
return -ERESTARTSYS;
err = snd_pcm_oss_set_subdivide1(substream, subdivide);
@@ -1990,6 +2005,8 @@ static int snd_pcm_oss_set_fragment(stru
if (substream == NULL)
continue;
runtime = substream->runtime;
+ if (atomic_read(&runtime->oss.rw_ref))
+ return -EBUSY;
if (mutex_lock_interruptible(&runtime->oss.params_lock))
return -ERESTARTSYS;
err = snd_pcm_oss_set_fragment1(substream, val);
@@ -2384,6 +2401,7 @@ static void snd_pcm_oss_init_substream(s
runtime->oss.maxfrags = 0;
runtime->oss.subdivision = 0;
substream->pcm_release = snd_pcm_oss_release_substream;
+ atomic_set(&runtime->oss.rw_ref, 0);
}
static int snd_pcm_oss_release_file(struct snd_pcm_oss_file *pcm_oss_file)
next prev parent reply other threads:[~2018-04-22 14:18 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-22 13:52 [PATCH 4.4 00/97] 4.4.129-stable review Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 01/97] media: v4l2-compat-ioctl32: dont oops on overlay Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 02/97] parisc: Fix out of array access in match_pci_device() Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 03/97] perf intel-pt: Fix overlap detection to identify consecutive buffers correctly Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 04/97] perf intel-pt: Fix sync_switch Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 05/97] perf intel-pt: Fix error recovery from missing TIP packet Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 06/97] perf intel-pt: Fix timestamp following overflow Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 08/97] Revert "perf tests: Decompress kernel module before objdump" Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 09/97] block/loop: fix deadlock after loop_set_status Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 10/97] s390/qdio: dont retry EQBS after CCQ 96 Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 11/97] s390/qdio: dont merge ERROR output buffers Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 12/97] s390/ipl: ensure loadparm valid flag is set Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 13/97] getname_kernel() needs to make sure that ->name != ->iname in long case Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 14/97] rtl8187: Fix NULL pointer dereference in priv->conf_mutex Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 15/97] hwmon: (ina2xx) Fix access to uninitialized mutex Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 16/97] cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 17/97] slip: Check if rstate is initialized before uncompressing Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 18/97] lan78xx: Correctly indicate invalid OTP Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 19/97] x86/hweight: Get rid of the special calling convention Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 21/97] tty: make n_tty_read() always abort if hangup is in progress Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 22/97] ubifs: Check ubifs_wbuf_sync() return code Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 23/97] ubi: fastmap: Dont flush fastmap work on detach Greg Kroah-Hartman
2018-05-16 16:53 ` Ben Hutchings
2018-05-16 17:37 ` Richard Weinberger
2018-04-22 13:53 ` [PATCH 4.4 24/97] ubi: Fix error for write access Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 25/97] ubi: Reject MLC NAND Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 26/97] fs/reiserfs/journal.c: add missing resierfs_warning() arg Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 27/97] resource: fix integer overflow at reallocation Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 28/97] ipc/shm: fix use-after-free of shm file via remap_file_pages() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 29/97] mm, slab: reschedule cache_reap() on the same CPU Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 30/97] usb: musb: gadget: misplaced out of bounds check Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 31/97] ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 32/97] ARM: dts: at91: sama5d4: fix pinctrl compatible string Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 33/97] xen-netfront: Fix hang on device removal Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 34/97] regmap: Fix reversed bounds check in regmap_raw_write() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 35/97] ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 36/97] ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 38/97] usb: dwc3: pci: Properly cleanup resource Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 39/97] HID: i2c-hid: fix size check and type usage Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 40/97] powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 41/97] powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 42/97] powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 43/97] HID: Fix hid_report_len usage Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 44/97] HID: core: Fix size as type u32 Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 45/97] ASoC: ssm2602: Replace reg_default_raw with reg_default Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 46/97] thunderbolt: Resume control channel after hibernation image is created Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 47/97] random: use a tighter cap in credit_entropy_bits_safe() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 48/97] jbd2: if the journal is aborted then dont allow update of the log tail Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 49/97] ext4: dont update checksum of new initialized bitmaps Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 50/97] ext4: add validity checks for bitmap block numbers Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 51/97] ext4: fail ext4_iget for root directory if unallocated Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 52/97] RDMA/ucma: Dont allow setting RDMA_OPTION_IB_PATH without an RDMA device Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 53/97] ALSA: pcm: Fix UAF at PCM release via PCM timer access Greg Kroah-Hartman
2018-05-16 20:51 ` Ben Hutchings
2018-05-16 22:09 ` Takashi Iwai
2018-05-17 8:54 ` Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 54/97] IB/srp: Fix srp_abort() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 55/97] IB/srp: Fix completion vector assignment algorithm Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 56/97] dmaengine: at_xdmac: fix rare residue corruption Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 57/97] um: Use POSIX ucontext_t instead of struct ucontext Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 58/97] iommu/vt-d: Fix a potential memory leak Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 59/97] mmc: jz4740: Fix race condition in IRQ mask update Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 60/97] clk: mvebu: armada-38x: add support for 1866MHz variants Greg Kroah-Hartman
2018-05-16 23:32 ` Ben Hutchings
2018-05-16 23:34 ` Ben Hutchings
2018-04-22 13:53 ` [PATCH 4.4 61/97] clk: mvebu: armada-38x: add support for missing clocks Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 62/97] clk: bcm2835: De-assert/assert PLL reset signal when appropriate Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 63/97] thermal: imx: Fix race condition in imx_thermal_probe() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 64/97] watchdog: f71808e_wdt: Fix WD_EN register read Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 65/97] ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 66/97] ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 67/97] ALSA: pcm: Avoid potential races between OSS ioctls and read/write Greg Kroah-Hartman
2018-04-22 13:53 ` Greg Kroah-Hartman [this message]
2018-04-22 13:53 ` [PATCH 4.4 69/97] ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 70/97] ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 71/97] vfio-pci: Virtualize PCIe & AF FLR Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 72/97] vfio/pci: Virtualize Maximum Payload Size Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 73/97] vfio/pci: Virtualize Maximum Read Request Size Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 74/97] ext4: dont allow r/w mounts if metadata blocks overlap the superblock Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 76/97] ext4: fix crashes in dioread_nolock mode Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 77/97] ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 79/97] ALSA: rawmidi: Fix missing input substream checks in compat ioctls Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 80/97] ALSA: hda - New VIA controller suppor no-snoop path Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 81/97] HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 82/97] MIPS: uaccess: Add micromips clobbers to bzero invocation Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 83/97] MIPS: memset.S: EVA & fault support for small_memset Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 84/97] MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 85/97] MIPS: memset.S: Fix clobber of v1 in last_fixup Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 86/97] powerpc/eeh: Fix enabling bridge MMIO windows Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 87/97] powerpc/lib: Fix off-by-one in alternate feature patching Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 88/97] jffs2_kill_sb(): deal with failed allocations Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 89/97] hypfs_kill_super(): " Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 90/97] rpc_pipefs: fix double-dput() Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 91/97] Dont leak MNT_INTERNAL away from internal mounts Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 92/97] autofs: mount point create should honour passed in mode Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 93/97] mm: allow GFP_{FS,IO} for page_cache_read page cache allocation Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 94/97] mm/filemap.c: fix NULL pointer in page_cache_tree_insert() Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 96/97] fanotify: fix logic of events on child Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 97/97] writeback: safer lock nesting Greg Kroah-Hartman
2018-04-22 20:44 ` [PATCH 4.4 00/97] 4.4.129-stable review Nathan Chancellor
2018-04-23 6:57 ` Greg Kroah-Hartman
2018-04-23 7:38 ` Naresh Kamboju
2018-04-23 16:53 ` Guenter Roeck
2018-04-23 21:38 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180422135308.991252429@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).