From: Ingo Molnar <mingo@elte.hu>
To: Arjan van de Ven <arjan@infradead.org>
Cc: ajwade@cpe001346162bf9-cm0011ae8cd564.cpe.net.cable.rogers.com,
perex@suse.cz, Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org, mingo@redhat.com
Subject: Re: Badness in __mutex_unlock_slowpath
Date: Sun, 8 Jan 2006 09:53:32 +0100 [thread overview]
Message-ID: <20060108085332.GA12084@elte.hu> (raw)
In-Reply-To: <1136668423.2936.39.camel@laptopd505.fenrus.org>
* Arjan van de Ven <arjan@infradead.org> wrote:
> this looks like a really evil alsa bug:
>
> (pre mutex code below)
> up(&file->f_dentry->d_inode->i_sem);
> result = snd_pcm_oss_write1(substream, buf, count);
> down(&file->f_dentry->d_inode->i_sem);
> this is a .write method of a driver, which doesn't run with i_sem held
> at all. Best guess I have is that this code has up() and down()
> confused and switched...
well snd_pcm_oss_read1() is not using the mutex at all - nor any other
functions here. So the patch below removes the i_mutex use. _If_ some
synchronization is needed it would be needed in the read1 case too: it
is destructive to a sound stream when it is 'read' and when it is
'written' just as much.
the bug could cause inode corruption on the VFS level: one thread
unlocks an inode it doesnt own - this could surprise another thread
holding that mutex and could allow a third thread to lock it and thus
two threads would be in a critical section - bad.
Ingo
--
remove bogus i_mutex use from sound/core/oss/pcm_oss.c.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
----
sound/core/oss/pcm_oss.c | 2 --
1 files changed, 2 deletions(-)
Index: linux/sound/core/oss/pcm_oss.c
===================================================================
--- linux.orig/sound/core/oss/pcm_oss.c
+++ linux/sound/core/oss/pcm_oss.c
@@ -2135,9 +2135,7 @@ static ssize_t snd_pcm_oss_write(struct
substream = pcm_oss_file->streams[SNDRV_PCM_STREAM_PLAYBACK];
if (substream == NULL)
return -ENXIO;
- mutex_unlock(&file->f_dentry->d_inode->i_mutex);
result = snd_pcm_oss_write1(substream, buf, count);
- mutex_lock(&file->f_dentry->d_inode->i_mutex);
#ifdef OSS_DEBUG
printk("pcm_oss: write %li bytes (wrote %li bytes)\n", (long)count, (long)result);
#endif
next prev parent reply other threads:[~2006-01-08 8:53 UTC|newest]
Thread overview: 125+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-07 13:22 2.6.15-mm2 Andrew Morton
2006-01-07 13:23 ` 2.6.15-mm2 Andrew Morton
2006-01-07 15:05 ` 2.6.15-mm2 Reuben Farrelly
2006-01-07 21:31 ` 2.6.15-mm2 Andrew Morton
2006-01-07 22:06 ` 2.6.15-mm2 Reuben Farrelly
2006-01-07 23:15 ` 2.6.15-mm2 Reuben Farrelly
2006-01-07 23:40 ` 2.6.15-mm2 Andrew Morton
2006-01-10 10:15 ` 2.6.15-mm2 Reuben Farrelly
2006-01-10 10:30 ` 2.6.15-mm2 Andrew Morton
2006-01-10 10:58 ` 2.6.15-mm2 Reuben Farrelly
2006-01-10 10:47 ` 2.6.15-mm2 Ingo Molnar
2006-01-10 10:52 ` 2.6.15-mm2 Ingo Molnar
2006-01-10 10:58 ` 2.6.15-mm2 Ingo Molnar
2006-01-10 11:34 ` 2.6.15-mm2 Ingo Molnar
2006-01-10 12:28 ` 2.6.15-mm2 Reuben Farrelly
2006-01-10 12:42 ` 2.6.15-mm2 Andrew Morton
2006-01-10 13:16 ` 2.6.15-mm2 Ingo Molnar
2006-01-11 4:16 ` 2.6.15-mm2 Neil Brown
2006-01-11 5:15 ` 2.6.15-mm2 Reuben Farrelly
2006-01-11 5:30 ` 2.6.15-mm2 Andrew Morton
2006-01-11 5:30 ` 2.6.15-mm2 Andrew Morton
2006-01-11 10:49 ` 2.6.15-mm2 Reuben Farrelly
2006-01-11 11:05 ` 2.6.15-mm2 Andrew Morton
2006-01-11 11:13 ` 2.6.15-mm2 Jens Axboe
2006-01-11 11:40 ` 2.6.15-mm2 Reuben Farrelly
2006-01-11 11:56 ` 2.6.15-mm2 Jens Axboe
2006-01-11 14:39 ` 2.6.15-mm2 Reuben Farrelly
2006-01-11 14:52 ` 2.6.15-mm2 Jens Axboe
2006-01-11 14:55 ` 2.6.15-mm2 Jens Axboe
2006-01-11 19:23 ` 2.6.15-mm2 Reuben Farrelly
2006-01-11 19:45 ` 2.6.15-mm2 Jens Axboe
2006-01-11 19:53 ` 2.6.15-mm2 Jens Axboe
2006-01-12 3:49 ` 2.6.15-mm2 Reuben Farrelly
2006-01-12 8:00 ` 2.6.15-mm2 Tejun Heo
2006-01-12 8:22 ` 2.6.15-mm2 Jens Axboe
[not found] ` <43C61598.7050004@reub.net>
2006-01-12 11:18 ` 2.6.15-mm2 Tejun Heo
2006-01-12 12:05 ` 2.6.15-mm2 Reuben Farrelly
2006-01-12 12:31 ` 2.6.15-mm2 Ric Wheeler
2006-01-12 12:39 ` 2.6.15-mm2 Reuben Farrelly
2006-01-12 13:55 ` 2.6.15-mm2 Tejun Heo
2006-01-12 14:10 ` 2.6.15-mm2 Jens Axboe
2006-01-12 14:20 ` 2.6.15-mm2 Tejun Heo
2006-01-12 19:26 ` 2.6.15-mm2 Reuben Farrelly
2006-01-12 20:32 ` 2.6.15-mm2 Andrew Morton
2006-01-12 20:51 ` 2.6.15-mm2 Jeff Garzik
2006-01-13 4:49 ` 2.6.15-mm2 Reuben Farrelly
2006-01-11 21:44 ` 2.6.15-mm2 Neil Brown
2006-01-12 7:35 ` 2.6.15-mm2 Jens Axboe
2006-01-07 15:08 ` 2.6.15-mm2 Jesper Juhl
2006-01-09 17:47 ` 2.6.15-mm2 Jesper Juhl
2006-01-09 17:57 ` 2.6.15-mm2 Dave Jones
2006-01-09 18:01 ` 2.6.15-mm2 Jesper Juhl
2006-01-09 18:24 ` 2.6.15-mm2 Hugh Dickins
2006-01-09 18:48 ` 2.6.15-mm2 Jesper Juhl
2006-01-09 19:16 ` 2.6.15-mm2 Hugh Dickins
2006-01-09 19:21 ` 2.6.15-mm2 Hugh Dickins
2006-01-09 19:39 ` 2.6.15-mm2 Jesper Juhl
2006-01-09 20:15 ` 2.6.15-mm Hugh Dickins
2006-01-09 20:30 ` 2.6.15-mm Jesper Juhl
2006-01-09 20:41 ` 2.6.15-mm Hugh Dickins
2006-01-09 20:46 ` [PATCH] fix Jesper's sg_page_free Bad page states Hugh Dickins
2006-01-09 20:44 ` 2.6.15-mm Mike Christie
2006-01-09 21:04 ` 2.6.15-mm Hugh Dickins
2006-01-07 16:20 ` 2.6.15-mm2: why is __get_page_state() global again? Adrian Bunk
2006-01-07 18:00 ` [-mm patch] drivers/block/amiflop.c: fix compilation Adrian Bunk
2006-01-07 18:19 ` [-mm patch] drivers/acpi/: make two functions static Adrian Bunk
2006-01-07 18:21 ` [-mm patch] kernel/synchro-test.c: make 5 " Adrian Bunk
2006-01-07 19:31 ` 2.6.15-mm2 Brice Goglin
2006-01-07 21:04 ` 2.6.15-mm2 Dave Jones
2006-01-07 21:26 ` 2.6.15-mm2 Brice Goglin
2006-01-07 21:29 ` 2.6.15-mm2 David S. Miller
2006-01-07 21:41 ` 2.6.15-mm2 Arjan van de Ven
2006-01-07 21:42 ` 2.6.15-mm2 Dave Jones
2006-01-07 21:50 ` 2.6.15-mm2 Brice Goglin
2006-01-07 22:13 ` 2.6.15-mm2 Dave Jones
2006-01-07 22:26 ` 2.6.15-mm2 Brice Goglin
2006-01-11 18:41 ` 2.6.15-mm2 Brice Goglin
2006-01-11 20:29 ` 2.6.15-mm2 Dave Jones
2006-01-11 21:50 ` 2.6.15-mm2 Dave Airlie
2006-01-11 21:56 ` 2.6.15-mm2 Dave Jones
2006-01-11 23:50 ` 2.6.15-mm2 Dave Airlie
2006-01-12 10:58 ` 2.6.15-mm2 Ulrich Mueller
2006-01-12 17:11 ` 2.6.15-mm2 Dave Jones
2006-01-12 18:11 ` 2.6.15-mm2 Ulrich Mueller
2006-01-12 20:37 ` 2.6.15-mm2 Dave Airlie
2006-01-12 21:03 ` 2.6.15-mm2 Alan Hourihane
2006-01-12 22:02 ` 2.6.15-mm2 Dave Airlie
2006-01-13 8:32 ` 2.6.15-mm2 Alan Hourihane
2006-01-13 16:49 ` 2.6.15-mm2 Dave Jones
2006-01-12 19:12 ` 2.6.15-mm2 Brice Goglin
2006-01-12 19:21 ` 2.6.15-mm2 Dave Jones
2006-01-07 22:58 ` 2.6.15-mm2 Andrew Morton
2006-01-07 23:38 ` 2.6.15-mm2 Brice Goglin
2006-01-08 12:24 ` 2.6.15-mm2 Andrew Morton
2006-01-08 14:39 ` 2.6.15-mm2 Brice Goglin
2006-01-08 18:56 ` 2.6.15-mm2 Andrew Morton
2006-01-08 12:28 ` 2.6.15-mm2 Andrew Morton
2006-01-08 14:14 ` 2.6.15-mm2 Brice Goglin
2006-01-07 20:51 ` Badness in __mutex_unlock_slowpath Andrew James Wade
2006-01-07 21:13 ` Arjan van de Ven
2006-01-08 8:53 ` Ingo Molnar [this message]
2006-01-07 21:06 ` 2.6.15-mm2: alpha broken Alexey Dobriyan
2006-01-07 23:48 ` Andrew Morton
2006-01-08 0:45 ` [PATCH -mm] fixup *at syscalls additions (alpha, sparc64) Alexey Dobriyan
2006-01-08 0:54 ` [PATCH -mm] Fixup arch/alpha/mm/init.c compilation Alexey Dobriyan
2006-01-08 12:31 ` 2.6.15-mm2: alpha broken Alexey Dobriyan
2006-01-11 2:24 ` Paul Jackson
2006-01-13 14:11 ` Adrian Bunk
2006-01-13 15:52 ` Paul Jackson
2006-01-13 16:37 ` Al Viro
2006-01-13 18:10 ` Paul Jackson
2006-01-13 18:19 ` Randy.Dunlap
2006-01-13 19:05 ` Thomas Gleixner
2006-01-13 21:08 ` Adrian Bunk
2006-01-13 21:12 ` Randy.Dunlap
2006-01-13 21:32 ` Adrian Bunk
2006-01-13 21:52 ` Paul Jackson
2006-01-13 22:18 ` Andrew Morton
2006-01-13 19:26 ` Andrew Morton
2006-01-13 21:05 ` Adrian Bunk
2006-01-08 0:40 ` 2.6.15-mm2 Alexander Gran
[not found] ` <200601080139.34774@zodiac.zodiac.dnsalias.org>
[not found] ` <20060107175056.3d7a2895.akpm@osdl.org>
2006-01-10 0:30 ` 2.6.15-mm2 Alexander Gran
2006-01-10 1:22 ` 2.6.15-mm2 Andrew Morton
2006-01-10 21:20 ` 2.6.15-mm2 Serge E. Hallyn
2006-01-08 7:43 Badness in __mutex_unlock_slowpath Chuck Ebbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060108085332.GA12084@elte.hu \
--to=mingo@elte.hu \
--cc=ajwade@cpe001346162bf9-cm0011ae8cd564.cpe.net.cable.rogers.com \
--cc=akpm@osdl.org \
--cc=arjan@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=perex@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).