OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/sound/oss
History
Alexey Khoroshilov 30b0fd903d sound/oss: fix deadlock in sequencer_ioctl(SNDCTL_SEQ_OUTOFBAND) 
commit bc26d4d06e upstream.

A deadlock can be initiated by userspace via ioctl(SNDCTL_SEQ_OUTOFBAND)
on /dev/sequencer with TMR_ECHO midi event.

In this case the control flow is:
sound_ioctl()
-> case SND_DEV_SEQ:
   case SND_DEV_SEQ2:
     sequencer_ioctl()
     -> case SNDCTL_SEQ_OUTOFBAND:
          spin_lock_irqsave(&lock,flags);
          play_event();
          -> case EV_TIMING:
               seq_timing_event()
               -> case TMR_ECHO:
                    seq_copy_to_input()
                    -> spin_lock_irqsave(&lock,flags);

It seems that spin_lock_irqsave() around play_event() is not necessary,
because the only other call location in seq_startplay() makes the call
without acquiring spinlock.

So, the patch just removes spinlocks around play_event().
By the way, it removes unreachable code in seq_timing_event(),
since (seq_mode == SEQ_2) case is handled in the beginning.

Compile tested only.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2015-05-17 09:53:51 -07:00
..
dmasound sound: oss: dmasound: kill SLEEP() macro to avoid race 2014-01-14 16:12:07 +01:00
.gitignore oss: remove maui_boot.h from .gitignore and dontdiff 2012-09-01 08:36:09 -07:00
CHANGELOG Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
Kconfig sound: Fix make allmodconfig on MIPS correctly 2013-05-13 15:54:19 +02:00
Makefile SOUND: OSS: Remove Au1550 driver. 2011-05-20 11:33:39 +02:00
README.FIRST Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ad1848.c sound: oss: remove __dev* attributes 2012-12-07 07:30:49 +01:00
ad1848.h [PATCH] The scheduled removal of some OSS drivers 2006-10-04 07:55:32 -07:00
ad1848_mixer.h fix file specification in comments 2006-10-03 23:01:26 +02:00
aedsp16.c sound: aedsp16: Buffer overflow 2009-07-29 14:37:12 +02:00
audio.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
bin2hex.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
coproc.h sound/oss/coproc.h: Checkpatch cleanup 2010-03-02 11:22:19 +01:00
dev_table.c sound/oss/dev_table.c: Use vzalloc 2010-11-11 01:54:32 +01:00
dev_table.h sound/oss: remove offset from load_patch callbacks 2011-03-23 22:47:46 +01:00
dmabuf.c sound: oss: remove last sleep_on users 2014-01-14 16:12:07 +01:00
hex2hex.c oss: Mark loadhex static in hex2hex.c 2009-11-15 15:01:42 -08:00
kahlua.c sound: OSS: Remove superfluous pci_set_dvdata(pci, NULL) 2013-05-29 12:40:04 +02:00
midi_ctrl.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
midi_synth.c sound/oss: remove offset from load_patch callbacks 2011-03-23 22:47:46 +01:00
midi_synth.h sound/oss: remove offset from load_patch callbacks 2011-03-23 22:47:46 +01:00
midibuf.c sound: oss: midibuf: fix sleep_on races 2014-01-14 16:11:44 +01:00
mpu401.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
mpu401.h IRQ: Maintain regs pointer globally rather than passing to IRQ handlers 2006-10-05 15:10:12 +01:00
msnd.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
msnd.h [PATCH] introduce fmode_t, do annotations 2008-10-21 07:47:06 -04:00
msnd_classic.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
msnd_classic.h sound: sound/oss/: remove CVS keywords 2008-05-27 15:56:20 +02:00
msnd_pinnacle.c sound: oss: msnd_pinnacle: avoid interruptible_sleep_on_timeout 2014-01-14 16:01:20 +01:00
msnd_pinnacle.h sound: sound/oss/: remove CVS keywords 2008-05-27 15:56:20 +02:00
opl3.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
opl3_hw.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
os.h Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
pas2.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
pas2_card.c sound: oss/pas2: Fix possible access out of array 2013-01-04 10:38:27 +01:00
pas2_midi.c fix file specification in comments 2006-10-03 23:01:26 +02:00
pas2_mixer.c fix file specification in comments 2006-10-03 23:01:26 +02:00
pas2_pcm.c sound: oss/pas2: Remove CLOCK_TICK_RATE dependency from PAS16 driver 2011-08-04 15:23:32 +02:00
pss.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
sb.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sb_audio.c sound: oss/sb_audio: cap value in sb201_audio_set_speed() 2012-11-18 10:24:49 +01:00
sb_card.c Fix common misspellings 2011-03-31 11:26:23 -03:00
sb_card.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sb_common.c sound: oss: sb_common: Used kmemdup instead of kmalloc and memcpy 2013-04-02 11:23:00 +02:00
sb_ess.c sound: Remove unnecessary semicolons 2013-10-14 11:00:05 +02:00
sb_ess.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sb_midi.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
sb_mixer.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
sb_mixer.h fix file specification in comments 2006-10-03 23:01:26 +02:00
sequencer.c sound/oss: fix deadlock in sequencer_ioctl(SNDCTL_SEQ_OUTOFBAND) 2015-05-17 09:53:51 -07:00
sleep.h sound: oss: remove last sleep_on users 2014-01-14 16:12:07 +01:00
sound_calls.h [PATCH] kill sound/oss/*_syms.c 2006-10-04 07:55:32 -07:00
sound_config.h sound: oss: off by one bug 2010-01-08 09:17:51 +01:00
sound_firmware.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sound_timer.c sound: oss: use strlcpy() in sound_timer_init() 2011-09-29 08:12:33 +02:00
soundcard.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
soundvers.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
swarm_cs4297a.c sound: oss: remove last sleep_on users 2014-01-14 16:12:07 +01:00
sys_timer.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
trix.c ALSA: module_param: make bool parameters really bool 2011-12-19 10:34:41 +01:00
tuning.h [PATCH] The scheduled removal of some OSS drivers 2006-10-04 07:55:32 -07:00
uart401.c sound: oss: uart401: Used kmemdup instead of kmalloc and memcpy 2013-04-02 11:22:52 +02:00
uart6850.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
ulaw.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
v_midi.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
v_midi.h sound/oss/v_midi.h: Checkpatch cleanup 2010-03-02 11:22:08 +01:00
vidc.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
vidc.h IRQ: Maintain regs pointer globally rather than passing to IRQ handlers 2006-10-05 15:10:12 +01:00
vidc_fill.S [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
vwsnd.c sound: oss: vwsnd: avoid interruptible_sleep_on 2014-01-14 16:01:27 +01:00
waveartist.c ARM: footbridge: nw_gpio_lock is raw_spin_lock 2012-10-07 10:33:12 +02:00
waveartist.h fix file specification in comments 2006-10-03 23:01:26 +02:00

README.FIRST 

The modular sound driver patches were funded by Red Hat Software 
(www.redhat.com). The sound driver here is thus a modified version of 
Hannu's code. Please bear that in mind when considering the appropriate
forums for bug reporting. 

Alan Cox