From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.de>,
Ovidiu Panait <ovidiu.panait@windriver.com>
Subject: [PATCH 5.4 43/52] ALSA: pcm: Fix races among concurrent read/write and buffer changes
Date: Tue, 10 May 2022 15:08:12 +0200 [thread overview]
Message-ID: <20220510130731.112125943@linuxfoundation.org> (raw)
In-Reply-To: <20220510130729.852544477@linuxfoundation.org>
From: Takashi Iwai <tiwai@suse.de>
commit dca947d4d26dbf925a64a6cfb2ddbc035e831a3d upstream.
In the current PCM design, the read/write syscalls (as well as the
equivalent ioctls) are allowed before the PCM stream is running, that
is, at PCM PREPARED state. Meanwhile, we also allow to re-issue
hw_params and hw_free ioctl calls at the PREPARED state that may
change or free the buffers, too. The problem is that there is no
protection against those mix-ups.
This patch applies the previously introduced runtime->buffer_mutex to
the read/write operations so that the concurrent hw_params or hw_free
call can no longer interfere during the operation. The mutex is
unlocked before scheduling, so we don't take it too long.
Cc: <stable@vger.kernel.org>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20220322170720.3529-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/pcm_lib.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/sound/core/pcm_lib.c
+++ b/sound/core/pcm_lib.c
@@ -1861,9 +1861,11 @@ static int wait_for_avail(struct snd_pcm
if (avail >= runtime->twake)
break;
snd_pcm_stream_unlock_irq(substream);
+ mutex_unlock(&runtime->buffer_mutex);
tout = schedule_timeout(wait_time);
+ mutex_lock(&runtime->buffer_mutex);
snd_pcm_stream_lock_irq(substream);
set_current_state(TASK_INTERRUPTIBLE);
switch (runtime->status->state) {
@@ -2157,6 +2159,7 @@ snd_pcm_sframes_t __snd_pcm_lib_xfer(str
nonblock = !!(substream->f_flags & O_NONBLOCK);
+ mutex_lock(&runtime->buffer_mutex);
snd_pcm_stream_lock_irq(substream);
err = pcm_accessible_state(runtime);
if (err < 0)
@@ -2244,6 +2247,7 @@ snd_pcm_sframes_t __snd_pcm_lib_xfer(str
if (xfer > 0 && err >= 0)
snd_pcm_update_state(substream, runtime);
snd_pcm_stream_unlock_irq(substream);
+ mutex_unlock(&runtime->buffer_mutex);
return xfer > 0 ? (snd_pcm_sframes_t)xfer : err;
}
EXPORT_SYMBOL(__snd_pcm_lib_xfer);
next prev parent reply other threads:[~2022-05-10 13:48 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-10 13:07 [PATCH 5.4 00/52] 5.4.193-rc1 review Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 01/52] MIPS: Fix CP0 counter erratum detection for R4k CPUs Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 02/52] parisc: Merge model and model name into one line in /proc/cpuinfo Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 03/52] ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 04/52] gpiolib: of: fix bounds check for gpio-reserved-ranges Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 05/52] Revert "SUNRPC: attempt AF_LOCAL connect on setup" Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 06/52] firewire: fix potential uaf in outbound_phy_packet_callback() Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 07/52] firewire: remove check of list iterator against head past the loop body Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 08/52] firewire: core: extend card->lock in fw_core_handle_bus_reset Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 09/52] ACPICA: Always create namespace nodes using acpi_ns_create_node() Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 10/52] genirq: Synchronize interrupt thread startup Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 11/52] ASoC: da7219: Fix change notifications for tone generator frequency Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 12/52] ASoC: wm8958: Fix change notifications for DSP controls Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 13/52] ASoC: meson: Fix event generation for G12A tohdmi mux Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 14/52] s390/dasd: fix data corruption for ESE devices Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 15/52] s390/dasd: prevent double format of tracks " Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 16/52] s390/dasd: Fix read for ESE with blksize < 4k Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 17/52] s390/dasd: Fix read inconsistency for ESE DASD devices Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 18/52] can: grcan: grcan_close(): fix deadlock Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 19/52] can: grcan: use ofdev->dev when allocating DMA memory Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 20/52] nfc: replace improper check device_is_registered() in netlink related functions Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 21/52] nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 22/52] NFC: netlink: fix sleep in atomic bug when firmware download timeout Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 23/52] hwmon: (adt7470) Fix warning on module removal Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 24/52] ASoC: dmaengine: Restore NULL prepare_slave_config() callback Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 25/52] RDMA/siw: Fix a condition race issue in MPA request processing Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 26/52] net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 27/52] net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 28/52] net: emaclite: Add error handling for of_address_to_resource() Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 29/52] selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational Greg Kroah-Hartman
2022-05-10 13:07 ` [PATCH 5.4 30/52] bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 31/52] smsc911x: allow using IRQ0 Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 32/52] btrfs: always log symlinks in full mode Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 33/52] net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 34/52] drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 35/52] NFSv4: Dont invalidate inode attributes on delegation return Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 36/52] kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 37/52] x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 38/52] KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 39/52] net: ipv6: ensure we call ipv6_mc_down() at most once Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 40/52] block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 41/52] mm: fix unexpected zeroed page mapping with zram swap Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 42/52] ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Greg Kroah-Hartman
2022-05-10 13:08 ` Greg Kroah-Hartman [this message]
2022-05-10 13:08 ` [PATCH 5.4 44/52] ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 45/52] ALSA: pcm: Fix races among concurrent prealloc proc writes Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 46/52] ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 47/52] tcp: make sure treq->af_specific is initialized Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 48/52] dm: fix mempool NULL pointer race when completing IO Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 49/52] dm: interlock pending dm_io and dm_wait_for_bios_completion Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 50/52] PCI: aardvark: Clear all MSIs at setup Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 51/52] PCI: aardvark: Fix reading MSI interrupt number Greg Kroah-Hartman
2022-05-10 13:08 ` [PATCH 5.4 52/52] mmc: rtsx: add 74 Clocks in power on flow Greg Kroah-Hartman
2022-05-10 17:09 ` [PATCH 5.4 00/52] 5.4.193-rc1 review Florian Fainelli
2022-05-10 22:43 ` Shuah Khan
2022-05-11 1:11 ` Guenter Roeck
2022-05-11 1:58 ` Samuel Zou
2022-05-11 5:44 ` Naresh Kamboju
2022-05-11 9:19 ` Jon Hunter
2022-05-11 9:59 ` Sudip Mukherjee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220510130731.112125943@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ovidiu.panait@windriver.com \
--cc=perex@perex.cz \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.