From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752535AbdKFJOS (ORCPT <rfc822;w@1wt.eu>);
        Mon, 6 Nov 2017 04:14:18 -0500
Received: from mail.linuxfoundation.org ([140.211.169.12]:56346 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751565AbdKFJOP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 6 Nov 2017 04:14:15 -0500
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        syzbot 
        <bot+7feb8de6b4d6bf810cf098bef942cc387e79d0ad@syzkaller.appspotmail.com>,
        Dmitry Vyukov <dvyukov@google.com>, Takashi Iwai <tiwai@suse.de>
Subject: [PATCH 4.13 02/36] ALSA: seq: Fix nested rwsem annotation for lockdep splat
Date: Mon,  6 Nov 2017 10:12:15 +0100
Message-Id: <20171106085047.102347824@linuxfoundation.org>
X-Mailer: git-send-email 2.15.0
In-Reply-To: <20171106085047.005824077@linuxfoundation.org>
References: <20171106085047.005824077@linuxfoundation.org>
User-Agent: quilt/0.65
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.13-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Takashi Iwai <tiwai@suse.de>

commit 1f20f9ff57ca23b9f5502fca85ce3977e8496cb1 upstream.

syzkaller reported the lockdep splat due to the possible deadlock of
grp->list_mutex of each sequencer client object.  Actually this is
rather a false-positive report due to the missing nested lock
annotations.  The sequencer client may deliver the event directly to
another client which takes another own lock.

For addressing this issue, this patch replaces the simple down_read()
with down_read_nested().  As a lock subclass, the already existing
"hop" can be re-used, which indicates the depth of the call.

Reference: http://lkml.kernel.org/r/089e082686ac9b482e055c832617@google.com
Reported-by: syzbot <bot+7feb8de6b4d6bf810cf098bef942cc387e79d0ad@syzkaller.appspotmail.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/core/seq/seq_clientmgr.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/sound/core/seq/seq_clientmgr.c
+++ b/sound/core/seq/seq_clientmgr.c
@@ -663,7 +663,7 @@ static int deliver_to_subscribers(struct
 	if (atomic)
 		read_lock(&grp->list_lock);
 	else
-		down_read(&grp->list_mutex);
+		down_read_nested(&grp->list_mutex, hop);
 	list_for_each_entry(subs, &grp->list_head, src_list) {
 		/* both ports ready? */
 		if (atomic_read(&subs->ref_count) != 2)

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:56346 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751565AbdKFJOP (ORCPT
        <rfc822;stable@vger.kernel.org>); Mon, 6 Nov 2017 04:14:15 -0500
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        syzbot
        <bot+7feb8de6b4d6bf810cf098bef942cc387e79d0ad@syzkaller.appspotmail.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Takashi Iwai <tiwai@suse.de>
Subject: [PATCH 4.13 02/36] ALSA: seq: Fix nested rwsem annotation for lockdep splat
Date: Mon,  6 Nov 2017 10:12:15 +0100
Message-Id: <20171106085047.102347824@linuxfoundation.org>
In-Reply-To: <20171106085047.005824077@linuxfoundation.org>
References: <20171106085047.005824077@linuxfoundation.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

4.13-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Takashi Iwai <tiwai@suse.de>

commit 1f20f9ff57ca23b9f5502fca85ce3977e8496cb1 upstream.

syzkaller reported the lockdep splat due to the possible deadlock of
grp->list_mutex of each sequencer client object.  Actually this is
rather a false-positive report due to the missing nested lock
annotations.  The sequencer client may deliver the event directly to
another client which takes another own lock.

For addressing this issue, this patch replaces the simple down_read()
with down_read_nested().  As a lock subclass, the already existing
"hop" can be re-used, which indicates the depth of the call.

Reference: http://lkml.kernel.org/r/089e082686ac9b482e055c832617@google.com
Reported-by: syzbot <bot+7feb8de6b4d6bf810cf098bef942cc387e79d0ad@syzkaller.appspotmail.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/core/seq/seq_clientmgr.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/sound/core/seq/seq_clientmgr.c
+++ b/sound/core/seq/seq_clientmgr.c
@@ -663,7 +663,7 @@ static int deliver_to_subscribers(struct
 	if (atomic)
 		read_lock(&grp->list_lock);
 	else
-		down_read(&grp->list_mutex);
+		down_read_nested(&grp->list_mutex, hop);
 	list_for_each_entry(subs, &grp->list_head, src_list) {
 		/* both ports ready? */
 		if (atomic_read(&subs->ref_count) != 2)