From: Jiri Slaby <jslaby@suse.cz>
To: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Takashi Iwai <tiwai@suse.de>,
Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 3.12 27/38] ALSA: pcm : Call kill_fasync() in stream lock
Date: Tue, 13 Dec 2016 20:52:53 +0100 [thread overview]
Message-ID: <3af0be0536e71b0ed55620aca65f9144bf2c1088.1481658746.git.jslaby@suse.cz> (raw)
In-Reply-To: <15034b96ec06ee859b67c6cd4e3be569a4ef286b.1481658746.git.jslaby@suse.cz>
In-Reply-To: <cover.1481658746.git.jslaby@suse.cz>
From: Takashi Iwai <tiwai@suse.de>
3.12-stable review patch. If anyone has any objections, please let me know.
===============
commit 3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 upstream.
Currently kill_fasync() is called outside the stream lock in
snd_pcm_period_elapsed(). This is potentially racy, since the stream
may get released even during the irq handler is running. Although
snd_pcm_release_substream() calls snd_pcm_drop(), this doesn't
guarantee that the irq handler finishes, thus the kill_fasync() call
outside the stream spin lock may be invoked after the substream is
detached, as recently reported by KASAN.
As a quick workaround, move kill_fasync() call inside the stream
lock. The fasync is rarely used interface, so this shouldn't have a
big impact from the performance POV.
Ideally, we should implement some sync mechanism for the proper finish
of stream and irq handler. But this oneliner should suffice for most
cases, so far.
Reported-by: Baozeng Ding <sploving1@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
sound/core/pcm_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c
index e1ef106c8a6f..066e91ce9de9 100644
--- a/sound/core/pcm_lib.c
+++ b/sound/core/pcm_lib.c
@@ -1857,10 +1857,10 @@ void snd_pcm_period_elapsed(struct snd_pcm_substream *substream)
if (substream->timer_running)
snd_timer_interrupt(substream->timer, 1);
_end:
+ kill_fasync(&runtime->fasync, SIGIO, POLL_IN);
snd_pcm_stream_unlock_irqrestore(substream, flags);
if (runtime->transfer_ack_end)
runtime->transfer_ack_end(substream);
- kill_fasync(&runtime->fasync, SIGIO, POLL_IN);
}
EXPORT_SYMBOL(snd_pcm_period_elapsed);
--
2.11.0
next prev parent reply other threads:[~2016-12-13 19:55 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20161213195251epcas5p33cd25dd883c71a35fd9cdec0b8e8254a@epcas5p3.samsung.com>
2016-12-13 19:52 ` [PATCH 3.12 00/38] 3.12.69-stable review Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 01/38] x86/idle: Restore trace_cpu_idle to mwait_idle() calls Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 02/38] PCI: Fix devfn for VPD access through function 0 Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 03/38] PCI: Use function 0 VPD for identical functions, regular VPD for others Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 04/38] i2c: at91: fix write transfers by clearing pending interrupt first Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 05/38] mtd: blkdevs: fix potential deadlock + lockdep warnings Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 06/38] kernel/panic.c: turn off locks debug before releasing console lock Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 07/38] tty: audit: Fix audit source Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 08/38] Revert "drivers/net: Disable UFO through virtio" Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 09/38] KVM: x86: drop error recovery in em_jmp_far and em_ret_far Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 10/38] usb: chipidea: move the lock initialization to core file Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 11/38] USB: serial: cp210x: add ID for the Zone DPMX Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 12/38] USB: serial: ftdi_sio: add support for TI CC3200 LaunchPad Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 13/38] Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 14/38] scsi: mpt3sas: Fix secure erase premature termination Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 15/38] tile: avoid using clocksource_cyc2ns with absolute cycle count Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 16/38] cfg80211: limit scan results cache size Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 17/38] apparmor: fix change_hat not finding hat after policy replacement Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 18/38] mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 19/38] drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 20/38] x86/traps: Ignore high word of regs->cs in early_fixup_exception() Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 21/38] rcu: Fix soft lockup for rcu_nocb_kthread Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 22/38] PCI: Export pcie_find_root_port Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 23/38] mwifiex: printk() overflow with 32-byte SSIDs Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 24/38] pwm: Fix device reference leak Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 25/38] ipv6: Set skb->protocol properly for local output Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 26/38] ipv4: " Jiri Slaby
2016-12-13 19:52 ` Jiri Slaby [this message]
2016-12-13 19:52 ` [PATCH 3.12 28/38] ip6_tunnel: disable caching when the traffic class is inherited Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 29/38] net: sky2: Fix shutdown crash Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 30/38] l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 31/38] net/sched: pedit: make sure that offset is valid Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 32/38] net/dccp: fix use-after-free in dccp_invalid_packet Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 33/38] packet: fix race condition in packet_set_ring Jiri Slaby
2016-12-13 19:53 ` [PATCH 3.12 34/38] net: avoid signed overflows for SO_{SND|RCV}BUFFORCE Jiri Slaby
2016-12-13 19:53 ` [PATCH 3.12 35/38] net: ping: check minimum size on ICMP header length Jiri Slaby
2016-12-13 19:53 ` [PATCH 3.12 36/38] sparc32: Fix inverted invalid_frame_pointer checks on sigreturns Jiri Slaby
2016-12-13 19:53 ` [PATCH 3.12 37/38] sparc64: Fix find_node warning if numa node cannot be found Jiri Slaby
2016-12-13 19:53 ` [PATCH 3.12 38/38] sparc64: fix compile warning section mismatch in find_node() Jiri Slaby
2016-12-14 0:51 ` [PATCH 3.12 00/38] 3.12.69-stable review Shuah Khan
2016-12-17 9:10 ` Jiri Slaby
2016-12-14 3:42 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3af0be0536e71b0ed55620aca65f9144bf2c1088.1481658746.git.jslaby@suse.cz \
--to=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).