AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
c92bd51313
kernel_optimize_test/sound/core
History
Takashi Iwai 9017201e8d ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock 
commit bc55cfd5718c7c23e5524582e9fa70b4d10f2433 upstream.

syzbot caught a potential deadlock between the PCM
runtime->buffer_mutex and the mm->mmap_lock.  It was brought by the
recent fix to cover the racy read/write and other ioctls, and in that
commit, I overlooked a (hopefully only) corner case that may take the
revert lock, namely, the OSS mmap.  The OSS mmap operation
exceptionally allows to re-configure the parameters inside the OSS
mmap syscall, where mm->mmap_mutex is already held.  Meanwhile, the
copy_from/to_user calls at read/write operations also take the
mm->mmap_lock internally, hence it may lead to a AB/BA deadlock.

A similar problem was already seen in the past and we fixed it with a
refcount (in commit b248371628).  The former fix covered only the
call paths with OSS read/write and OSS ioctls, while we need to cover
the concurrent access via both ALSA and OSS APIs now.

This patch addresses the problem above by replacing the buffer_mutex
lock in the read/write operations with a refcount similar as we've
used for OSS.  The new field, runtime->buffer_accessing, keeps the
number of concurrent read/write operations.  Unlike the former
buffer_mutex protection, this protects only around the
copy_from/to_user() calls; the other codes are basically protected by
the PCM stream lock.  The refcount can be a negative, meaning blocked
by the ioctls.  If a negative value is seen, the read/write aborts
with -EBUSY.  In the ioctl side, OTOH, they check this refcount, too,
and set to a negative value for blocking unless it's already being
accessed.

Reported-by: syzbot+6e5c88838328e99c7e1c@syzkaller.appspotmail.com
Fixes: dca947d4d26d ("ALSA: pcm: Fix races among concurrent read/write and buffer changes")
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/000000000000381a0d05db622a81@google.com
Link: https://lore.kernel.org/r/20220330120903.4738-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-08 14:39:53 +02:00
..
oss ALSA: oss: Fix PCM OSS buffer allocation overflow 2022-03-28 09:57:08 +02:00
seq ALSA: seq: Set upper limit of processed events 2022-01-27 10:54:22 +01:00
compress_offload.c ALSA: compress_offload: remove redundant initialization 2020-09-03 09:26:27 +02:00
control_compat.c ALSA: ctl: Fix copy of updated id with element read/write 2021-12-14 11:32:38 +01:00
control.c ALSA: ctl: fix error path at adding user-defined element set 2020-11-13 11:33:55 +01:00
ctljack.c
device.c
hrtimer.c ALSA: timer: Replace tasklet with work 2020-09-09 18:32:52 +02:00
hwdep_compat.c ALSA: compat_ioctl: avoid compat_alloc_user_space 2020-09-21 10:37:07 +02:00
hwdep.c ALSA: compat_ioctl: avoid compat_alloc_user_space 2020-09-21 10:37:07 +02:00
info_oss.c
info.c ALSA: info: Drop WARN_ON() from buffer NULL sanity check 2020-07-17 10:59:38 +02:00
init.c ALSA: core: remove redundant spin_lock pair in snd_card_disconnect 2021-05-14 09:50:31 +02:00
isadma.c
jack.c ALSA: jack: Add missing rwsem around snd_ctl_remove() calls 2022-01-27 10:54:04 +01:00
Kconfig
Makefile ALSA: ISA: not for M68K 2021-11-26 10:39:10 +01:00
memalloc.c ALSA: core: memalloc: add page alignment for iram 2020-12-30 11:54:08 +01:00
memory.c
misc.c
pcm_compat.c ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl 2021-10-20 11:44:57 +02:00
pcm_dmaengine.c ALSA: fix kernel-doc markups 2020-10-26 15:26:31 +01:00
pcm_drm_eld.c
pcm_iec958.c
pcm_lib.c ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock 2022-04-08 14:39:53 +02:00
pcm_local.h ALSA: pcm: Call sync_stop at disconnection 2021-03-04 11:37:19 +01:00
pcm_memory.c ALSA: pcm: Fix races among concurrent prealloc proc writes 2022-03-28 09:57:09 +02:00
pcm_misc.c
pcm_native.c ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock 2022-04-08 14:39:53 +02:00
pcm_param_trace.h
pcm_timer.c
pcm_trace.h
pcm.c ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock 2022-04-08 14:39:53 +02:00
rawmidi_compat.c
rawmidi.c ALSA: rawmidi: Access runtime->avail always in spinlock 2021-01-06 14:56:52 +01:00
seq_device.c ALSA: seq: Fix a potential UAF by wrong private_free call order 2021-10-20 11:44:57 +02:00
sgbuf.c
sound_oss.c
sound.c
timer_compat.c
timer.c ALSA: timer: Unconditionally unlink slave instances, too 2021-11-18 14:03:40 +01:00
vmaster.c ALSA: Replace the word "slave" in vmaster API 2020-07-20 10:10:47 +02:00