From: Takashi Iwai <tiwai@suse.de>
To: Timo Wischer <twischer@de.adit-jv.com>
Cc: <broonie@kernel.org>, <perex@perex.cz>,
<alsa-devel@alsa-project.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 09/10] ALSA: pcm: Add snd_pcm_ops for snd_pcm_link()
Date: Tue, 26 Mar 2019 15:23:51 +0100 [thread overview]
Message-ID: <s5hr2at67ew.wl-tiwai@suse.de> (raw)
In-Reply-To: <3ad5c313-ba2c-b541-8930-3f2515dfca72@de.adit-jv.com>
On Tue, 26 Mar 2019 12:25:37 +0100,
Timo Wischer wrote:
>
> On 3/26/19 09:35, Takashi Iwai wrote:
>
> On Tue, 26 Mar 2019 08:49:33 +0100,
> <twischer@de.adit-jv.com> wrote:
>
> From: Timo Wischer <twischer@de.adit-jv.com>
>
> snd_pcm_link() can be called by the user as long as the device is not
> yet started. Therefore currently a driver which wants to iterate over
> the linked substreams has to do this at the start trigger. But the start
> trigger should not block for a long time. Therefore there is no callback
> which can be used to iterate over the linked substreams without delaying
> the start trigger.
> This patch introduces a new callback function which will be called after
> the linked substream list was updated by snd_pcm_link(). This callback
> function is allowed to block for a longer time without interfering the
> synchronized start up of linked substreams.
>
> Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>
>
> Well, the idea appears interesting, but I'm afraid that the
> implementation is still racy. The place you're calling the new
> callback isn't protected, hence the stream can be triggered while
> calling it. That is, even during operating your loopback link_changed
> callback, another thread is able to start the stream.
>
> Hi Takashi,
>
> As far as I got you mean the following scenario:
>
> * snd_pcm_link() is called for a HW sound card
> + loopback_snd_timer_link_changed()
The start may happen at this point.
> + loopback_snd_timer_open()
> + spin_lock_irqsave(&dpcm->cable->lock, flags);
> * snd_pcm_start() called for aloop sound card
> + loopback_trigger()
> + spin_lock(&cable->lock) -> has to wait till loopback_snd_timer_open()
> calls spin_unlock_irqrestore()
>
> So far snd_pcm_start() has to wait for loopback_snd_timer_open().
>
> * loopback_snd_timer_open() will continue with
> + dpcm->cable->snd_timer.instance = NULL;
> + spin_unlock_irqrestore()
> * loopback_trigger() can enter the lock
> + loopback_snd_timer_start() will fail with -EINVAL due to
> (loopback_trigger == NULL)
>
> At least this will not result into memory corruption due to race or any other
> wired behavior.
I don't expect the memory corruption, but my point is that dealing
with linked streams is still tricky. It was considered for the
lightweight coupled start/stop operation, and something intensively
depending on the linked status was out of the original design...
> But my expectation is that snd_pcm_link(hw, aloop) or snd_pcm_link(aloop, hw)
> is only called by the application calling snd_pcm_start(aloop)
> because the same aloop device cannot be opened by multiple applications at the
> same time.
>
> Do you see an use case where one application would call snd_pcm_start() in
> parallel with snd_pcm_link() (somehow configuring the device)?
It's not about the actual application usages but rather against the
malicious attacks. Especially aloop is a virtual device that is
available allover the places, it may be deployed / attacked easily.
> May be we should add an additional synchronization mechanism in pcm_native.c
> to avoid call of snd_pcm_link() in parallel with snd_pcm_start().
If it really matters... Honestly speaking, I'm not fully convinced
whether we want to deal with this using the PCM link mechanism.
What's the motivation for using the linked streams at the first place?
That's one of the biggest missing piece in the whole picture.
thanks,
Takashi
WARNING: multiple messages have this Message-ID (diff)
From: Takashi Iwai <tiwai@suse.de>
To: Timo Wischer <twischer@de.adit-jv.com>
Cc: broonie@kernel.org, perex@perex.cz, alsa-devel@alsa-project.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 09/10] ALSA: pcm: Add snd_pcm_ops for snd_pcm_link()
Date: Tue, 26 Mar 2019 15:23:51 +0100 [thread overview]
Message-ID: <s5hr2at67ew.wl-tiwai@suse.de> (raw)
In-Reply-To: <3ad5c313-ba2c-b541-8930-3f2515dfca72@de.adit-jv.com>
On Tue, 26 Mar 2019 12:25:37 +0100,
Timo Wischer wrote:
>
> On 3/26/19 09:35, Takashi Iwai wrote:
>
> On Tue, 26 Mar 2019 08:49:33 +0100,
> <twischer@de.adit-jv.com> wrote:
>
> From: Timo Wischer <twischer@de.adit-jv.com>
>
> snd_pcm_link() can be called by the user as long as the device is not
> yet started. Therefore currently a driver which wants to iterate over
> the linked substreams has to do this at the start trigger. But the start
> trigger should not block for a long time. Therefore there is no callback
> which can be used to iterate over the linked substreams without delaying
> the start trigger.
> This patch introduces a new callback function which will be called after
> the linked substream list was updated by snd_pcm_link(). This callback
> function is allowed to block for a longer time without interfering the
> synchronized start up of linked substreams.
>
> Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>
>
> Well, the idea appears interesting, but I'm afraid that the
> implementation is still racy. The place you're calling the new
> callback isn't protected, hence the stream can be triggered while
> calling it. That is, even during operating your loopback link_changed
> callback, another thread is able to start the stream.
>
> Hi Takashi,
>
> As far as I got you mean the following scenario:
>
> * snd_pcm_link() is called for a HW sound card
> + loopback_snd_timer_link_changed()
The start may happen at this point.
> + loopback_snd_timer_open()
> + spin_lock_irqsave(&dpcm->cable->lock, flags);
> * snd_pcm_start() called for aloop sound card
> + loopback_trigger()
> + spin_lock(&cable->lock) -> has to wait till loopback_snd_timer_open()
> calls spin_unlock_irqrestore()
>
> So far snd_pcm_start() has to wait for loopback_snd_timer_open().
>
> * loopback_snd_timer_open() will continue with
> + dpcm->cable->snd_timer.instance = NULL;
> + spin_unlock_irqrestore()
> * loopback_trigger() can enter the lock
> + loopback_snd_timer_start() will fail with -EINVAL due to
> (loopback_trigger == NULL)
>
> At least this will not result into memory corruption due to race or any other
> wired behavior.
I don't expect the memory corruption, but my point is that dealing
with linked streams is still tricky. It was considered for the
lightweight coupled start/stop operation, and something intensively
depending on the linked status was out of the original design...
> But my expectation is that snd_pcm_link(hw, aloop) or snd_pcm_link(aloop, hw)
> is only called by the application calling snd_pcm_start(aloop)
> because the same aloop device cannot be opened by multiple applications at the
> same time.
>
> Do you see an use case where one application would call snd_pcm_start() in
> parallel with snd_pcm_link() (somehow configuring the device)?
It's not about the actual application usages but rather against the
malicious attacks. Especially aloop is a virtual device that is
available allover the places, it may be deployed / attacked easily.
> May be we should add an additional synchronization mechanism in pcm_native.c
> to avoid call of snd_pcm_link() in parallel with snd_pcm_start().
If it really matters... Honestly speaking, I'm not fully convinced
whether we want to deal with this using the PCM link mechanism.
What's the motivation for using the linked streams at the first place?
That's one of the biggest missing piece in the whole picture.
thanks,
Takashi
next prev parent reply other threads:[~2019-03-26 14:23 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-25 16:00 [PATCH 00/10] ALSA: aloop: Support selection of snd_timer twischer
2019-03-25 16:00 ` twischer
2019-03-25 16:00 ` [PATCH 01/10] ALSA: aloop: Describe units of variables twischer
2019-03-25 16:00 ` twischer
2019-03-25 16:00 ` [PATCH 02/10] ALSA: aloop: loopback_timer_start: Support return of error code twischer
2019-03-25 16:00 ` twischer
2019-03-25 16:00 ` [PATCH 03/10] ALSA: aloop: loopback_timer_stop: " twischer
2019-03-25 16:00 ` twischer
2019-03-25 16:00 ` [PATCH 04/10] ALSA: aloop: Use always spin_lock_irqsave() for cable->lock twischer
2019-03-25 16:00 ` twischer
2019-03-25 16:07 ` Takashi Iwai
2019-03-25 16:07 ` Takashi Iwai
2019-03-25 16:40 ` Timo Wischer
2019-03-25 16:58 ` Takashi Iwai
2019-03-25 16:58 ` Takashi Iwai
2019-03-26 8:12 ` Timo Wischer
2019-03-26 8:12 ` Timo Wischer
2019-03-26 7:49 ` [PATCH 05/10] ALSA: aloop: Use callback functions for timer specific implementations twischer
2019-03-26 7:49 ` twischer
2019-03-26 7:49 ` [PATCH 06/10] ALSA: aloop: Rename all jiffies timer specific functions twischer
2019-03-26 7:49 ` twischer
2019-03-26 7:49 ` [PATCH 07/10] ALSA: aloop: Move CABLE_VALID_BOTH to the top of file twischer
2019-03-26 7:49 ` twischer
2019-03-26 7:49 ` [PATCH 08/10] ALSA: aloop: Support selection of snd_timer instead of jiffies twischer
2019-03-26 7:49 ` twischer
2019-03-26 7:49 ` [PATCH 09/10] ALSA: pcm: Add snd_pcm_ops for snd_pcm_link() twischer
2019-03-26 7:49 ` twischer
2019-03-26 8:35 ` Takashi Iwai
2019-03-26 8:35 ` Takashi Iwai
2019-03-26 11:25 ` Timo Wischer
2019-03-26 14:23 ` Takashi Iwai [this message]
2019-03-26 14:23 ` Takashi Iwai
2019-03-26 15:16 ` Timo Wischer
2019-03-26 15:16 ` Timo Wischer
2019-03-26 16:00 ` Takashi Iwai
2019-03-26 16:00 ` Takashi Iwai
2019-03-27 8:34 ` Timo Wischer
2019-03-27 8:34 ` Timo Wischer
2019-03-27 9:11 ` Takashi Iwai
2019-03-27 9:11 ` Takashi Iwai
2019-03-27 9:26 ` Timo Wischer
2019-03-27 9:26 ` Timo Wischer
2019-03-27 9:38 ` Takashi Iwai
2019-03-27 9:38 ` Takashi Iwai
2019-04-04 10:18 ` Timo Wischer
2019-04-04 10:18 ` Timo Wischer
2019-04-05 15:21 ` Takashi Iwai
2019-04-05 15:21 ` Takashi Iwai
2019-03-26 7:52 ` [PATCH 10/10] ALSA: aloop: Use timer of linked card if chosen twischer
2019-03-26 7:52 ` twischer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=s5hr2at67ew.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=alsa-devel@alsa-project.org \
--cc=broonie@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=perex@perex.cz \
--cc=twischer@de.adit-jv.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.