leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
264fb03497
linux/include
History
Takashi Iwai bc55cfd571 ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock 
syzbot caught a potential deadlock between the PCM
runtime->buffer_mutex and the mm->mmap_lock.  It was brought by the
recent fix to cover the racy read/write and other ioctls, and in that
commit, I overlooked a (hopefully only) corner case that may take the
revert lock, namely, the OSS mmap.  The OSS mmap operation
exceptionally allows to re-configure the parameters inside the OSS
mmap syscall, where mm->mmap_mutex is already held.  Meanwhile, the
copy_from/to_user calls at read/write operations also take the
mm->mmap_lock internally, hence it may lead to a AB/BA deadlock.

A similar problem was already seen in the past and we fixed it with a
refcount (in commit b248371628).  The former fix covered only the
call paths with OSS read/write and OSS ioctls, while we need to cover
the concurrent access via both ALSA and OSS APIs now.

This patch addresses the problem above by replacing the buffer_mutex
lock in the read/write operations with a refcount similar as we've
used for OSS.  The new field, runtime->buffer_accessing, keeps the
number of concurrent read/write operations.  Unlike the former
buffer_mutex protection, this protects only around the
copy_from/to_user() calls; the other codes are basically protected by
the PCM stream lock.  The refcount can be a negative, meaning blocked
by the ioctls.  If a negative value is seen, the read/write aborts
with -EBUSY.  In the ioctl side, OTOH, they check this refcount, too,
and set to a negative value for blocking unless it's already being
accessed.

Reported-by: syzbot+6e5c88838328e99c7e1c@syzkaller.appspotmail.com
Fixes: dca947d4d2 ("ALSA: pcm: Fix races among concurrent read/write and buffer changes")
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/000000000000381a0d05db622a81@google.com
Link: https://lore.kernel.org/r/20220330120903.4738-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-30 14:29:49 +02:00
..
acpi USB/Thunderbolt changes for 5.17-rc1 2022-01-12 11:27:57 -08:00
asm-generic bitmap patches for 5.17-rc1 2022-01-23 06:20:44 +02:00
clocksource
crypto lib/crypto: blake2s: move hmac construction into wireguard 2022-01-18 13:03:55 +01:00
drm
dt-bindings ASoC: dt-bindings: Document Microchip's PDMC 2022-03-08 13:38:58 +00:00
keys keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
kunit kunit: replace kernel.h with the necessary inclusions 2022-01-20 08:52:54 +02:00
kvm RISCV: 2022-01-16 16:15:14 +02:00
linux spi: Add API to count spi acpi resources 2022-02-01 17:38:48 +00:00
math-emu
media
memory
misc
net Networking fixes for 5.17-rc1, including fixes from netfilter, bpf. 2022-01-20 10:57:05 +02:00
pcmcia
ras mm/hwpoison: remove MF_MSG_BUDDY_2ND and MF_MSG_POISONED_HUGE 2022-01-15 16:30:31 +02:00
rdma RDMA/core: Calculate UDP source port based on flow label or lqpn/rqpn 2022-01-07 19:34:01 -04:00
scsi Merge branch 'akpm' (patches from Andrew) 2022-01-22 11:28:23 +02:00
soc Networking changes for 5.17. 2022-01-10 19:06:09 -08:00
sound ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock 2022-03-30 14:29:49 +02:00
target
trace fscache fixes 2022-01-22 10:59:32 +02:00
uapi ASoC: Updates for v5.18 2022-03-21 16:19:21 +01:00
vdso
video
xen xen: branch for v5.17-rc1 2022-01-12 16:42:00 -08:00