linux/sound/oss
Alexey Khoroshilov bc26d4d06e sound/oss: fix deadlock in sequencer_ioctl(SNDCTL_SEQ_OUTOFBAND)
A deadlock can be initiated by userspace via ioctl(SNDCTL_SEQ_OUTOFBAND)
on /dev/sequencer with TMR_ECHO midi event.

In this case the control flow is:
sound_ioctl()
-> case SND_DEV_SEQ:
   case SND_DEV_SEQ2:
     sequencer_ioctl()
     -> case SNDCTL_SEQ_OUTOFBAND:
          spin_lock_irqsave(&lock,flags);
          play_event();
          -> case EV_TIMING:
               seq_timing_event()
               -> case TMR_ECHO:
                    seq_copy_to_input()
                    -> spin_lock_irqsave(&lock,flags);

It seems that spin_lock_irqsave() around play_event() is not necessary,
because the only other call location in seq_startplay() makes the call
without acquiring spinlock.

So, the patch just removes spinlocks around play_event().
By the way, it removes unreachable code in seq_timing_event(),
since (seq_mode == SEQ_2) case is handled in the beginning.

Compile tested only.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-04-18 09:05:55 +02:00
..
dmasound
.gitignore
ad1848_mixer.h
ad1848.c
ad1848.h
aedsp16.c
audio.c
bin2hex.c
CHANGELOG
coproc.h
dev_table.c
dev_table.h
dmabuf.c
hex2hex.c
kahlua.c
Kconfig
Makefile
midi_ctrl.h
midi_synth.c
midi_synth.h
midibuf.c
mpu401.c
mpu401.h
msnd_classic.c
msnd_classic.h
msnd_pinnacle.c
msnd_pinnacle.h
msnd.c
msnd.h
opl3_hw.h
opl3.c
os.h
pas2_card.c
pas2_midi.c
pas2_mixer.c
pas2_pcm.c
pas2.h
pss.c
README.FIRST
sb_audio.c
sb_card.c
sb_card.h
sb_common.c
sb_ess.c
sb_ess.h
sb_midi.c
sb_mixer.c
sb_mixer.h
sb.h
sequencer.c
sleep.h
sound_calls.h
sound_config.h
sound_firmware.h
sound_timer.c
soundcard.c
soundvers.h
swarm_cs4297a.c
sys_timer.c
trix.c
tuning.h
uart401.c
uart6850.c
ulaw.h
v_midi.c
v_midi.h
vidc_fill.S
vidc.c
vidc.h
waveartist.c
waveartist.h

The modular sound driver patches were funded by Red Hat Software 
(www.redhat.com). The sound driver here is thus a modified version of 
Hannu's code. Please bear that in mind when considering the appropriate
forums for bug reporting. 

Alan Cox