• Arjan van de Ven's avatar
    ALSA: pcm - fix race condition in wait_for_avail() · 763437a9
    Arjan van de Ven authored
    wait_for_avail() in pcm_lib.c has a race in it (observed in practice by an
    Intel validation group).
    
    The function is supposed to return once space in the buffer has become
    available, or if some timeout happens.  The entity that creates space (irq
    handler of sound driver and some such) will do a wake up on a waitqueue
    that this function registers for.
    
    However there are two races in the existing code
    
    1) If space became available between the caller noticing there was no
       space and this function actually sleeping, the wakeup is missed and the
       timeout condition will happen instead
    
    2) If a wakeup happened but not sufficient space became available, the
       code will loop again and wait for more space.  However, if the second
       wake comes in prior to hitting the schedule_timeout_interruptible(), it
       will be missed, and potentially you'll wait out until the timeout
       happens.
    
    The fix consists of using more careful setting of the current state (so
    that if a wakeup happens in the main loop window, the schedule_timeout()
    falls through) and by checking for available space prior to going into the
    schedule_timeout() loop, but after being on the waitqueue and having the
    state set to interruptible.
    
    [tiwai: the following changes have been added to Arjan's original patch:
     - merged akpm's fix for waitqueue adding order into a single patch
     - reduction of duplicated code of avail check
    ]
    Signed-off-by: default avatarArjan van de Ven <arjan@linux.intel.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Cc: <stable@kernel.org>
    Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
    763437a9
pcm_lib.c 60.4 KB