Commit c542e915 authored by Takashi Iwai's avatar Takashi Iwai Committed by Greg Kroah-Hartman

ALSA: emux: Fix mutex deadlock in OSS emulation

commit 1c94e65c upstream.

The OSS emulation in synth-emux helper has a potential AB/BA deadlock
at the simultaneous closing and opening:

  close ->
    snd_seq_release() ->
      sne_seq_free_client() ->
        snd_seq_delete_all_ports(): takes client->ports_mutex ->
	  port_delete() ->
	    snd_emux_unuse(): takes emux->register_mutex

  open ->
    snd_seq_oss_open() ->
      snd_emux_open_seq_oss(): takes emux->register_mutex ->
        snd_seq_event_port_attach() ->
	  snd_seq_create_port(): takes client->ports_mutex

This patch addresses the deadlock by reducing the rance taking
emux->register_mutex in snd_emux_open_seq_oss().  The lock is needed
for the refcount handling, so move it locally.  The calls in
emux_seq.c are already with the mutex, thus they are replaced with the
version without mutex lock/unlock.
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent c19e7790
...@@ -118,12 +118,8 @@ snd_emux_open_seq_oss(struct snd_seq_oss_arg *arg, void *closure) ...@@ -118,12 +118,8 @@ snd_emux_open_seq_oss(struct snd_seq_oss_arg *arg, void *closure)
if (snd_BUG_ON(!arg || !emu)) if (snd_BUG_ON(!arg || !emu))
return -ENXIO; return -ENXIO;
mutex_lock(&emu->register_mutex); if (!snd_emux_inc_count(emu))
if (!snd_emux_inc_count(emu)) {
mutex_unlock(&emu->register_mutex);
return -EFAULT; return -EFAULT;
}
memset(&callback, 0, sizeof(callback)); memset(&callback, 0, sizeof(callback));
callback.owner = THIS_MODULE; callback.owner = THIS_MODULE;
...@@ -135,7 +131,6 @@ snd_emux_open_seq_oss(struct snd_seq_oss_arg *arg, void *closure) ...@@ -135,7 +131,6 @@ snd_emux_open_seq_oss(struct snd_seq_oss_arg *arg, void *closure)
if (p == NULL) { if (p == NULL) {
snd_printk(KERN_ERR "can't create port\n"); snd_printk(KERN_ERR "can't create port\n");
snd_emux_dec_count(emu); snd_emux_dec_count(emu);
mutex_unlock(&emu->register_mutex);
return -ENOMEM; return -ENOMEM;
} }
...@@ -148,8 +143,6 @@ snd_emux_open_seq_oss(struct snd_seq_oss_arg *arg, void *closure) ...@@ -148,8 +143,6 @@ snd_emux_open_seq_oss(struct snd_seq_oss_arg *arg, void *closure)
reset_port_mode(p, arg->seq_mode); reset_port_mode(p, arg->seq_mode);
snd_emux_reset_port(p); snd_emux_reset_port(p);
mutex_unlock(&emu->register_mutex);
return 0; return 0;
} }
...@@ -195,13 +188,11 @@ snd_emux_close_seq_oss(struct snd_seq_oss_arg *arg) ...@@ -195,13 +188,11 @@ snd_emux_close_seq_oss(struct snd_seq_oss_arg *arg)
if (snd_BUG_ON(!emu)) if (snd_BUG_ON(!emu))
return -ENXIO; return -ENXIO;
mutex_lock(&emu->register_mutex);
snd_emux_sounds_off_all(p); snd_emux_sounds_off_all(p);
snd_soundfont_close_check(emu->sflist, SF_CLIENT_NO(p->chset.port)); snd_soundfont_close_check(emu->sflist, SF_CLIENT_NO(p->chset.port));
snd_seq_event_port_detach(p->chset.client, p->chset.port); snd_seq_event_port_detach(p->chset.client, p->chset.port);
snd_emux_dec_count(emu); snd_emux_dec_count(emu);
mutex_unlock(&emu->register_mutex);
return 0; return 0;
} }
......
...@@ -267,8 +267,8 @@ snd_emux_event_input(struct snd_seq_event *ev, int direct, void *private_data, ...@@ -267,8 +267,8 @@ snd_emux_event_input(struct snd_seq_event *ev, int direct, void *private_data,
/* /*
* increment usage count * increment usage count
*/ */
int static int
snd_emux_inc_count(struct snd_emux *emu) __snd_emux_inc_count(struct snd_emux *emu)
{ {
emu->used++; emu->used++;
if (!try_module_get(emu->ops.owner)) if (!try_module_get(emu->ops.owner))
...@@ -282,12 +282,21 @@ snd_emux_inc_count(struct snd_emux *emu) ...@@ -282,12 +282,21 @@ snd_emux_inc_count(struct snd_emux *emu)
return 1; return 1;
} }
int snd_emux_inc_count(struct snd_emux *emu)
{
int ret;
mutex_lock(&emu->register_mutex);
ret = __snd_emux_inc_count(emu);
mutex_unlock(&emu->register_mutex);
return ret;
}
/* /*
* decrease usage count * decrease usage count
*/ */
void static void
snd_emux_dec_count(struct snd_emux *emu) __snd_emux_dec_count(struct snd_emux *emu)
{ {
module_put(emu->card->module); module_put(emu->card->module);
emu->used--; emu->used--;
...@@ -296,6 +305,12 @@ snd_emux_dec_count(struct snd_emux *emu) ...@@ -296,6 +305,12 @@ snd_emux_dec_count(struct snd_emux *emu)
module_put(emu->ops.owner); module_put(emu->ops.owner);
} }
void snd_emux_dec_count(struct snd_emux *emu)
{
mutex_lock(&emu->register_mutex);
__snd_emux_dec_count(emu);
mutex_unlock(&emu->register_mutex);
}
/* /*
* Routine that is called upon a first use of a particular port * Routine that is called upon a first use of a particular port
...@@ -315,7 +330,7 @@ snd_emux_use(void *private_data, struct snd_seq_port_subscribe *info) ...@@ -315,7 +330,7 @@ snd_emux_use(void *private_data, struct snd_seq_port_subscribe *info)
mutex_lock(&emu->register_mutex); mutex_lock(&emu->register_mutex);
snd_emux_init_port(p); snd_emux_init_port(p);
snd_emux_inc_count(emu); __snd_emux_inc_count(emu);
mutex_unlock(&emu->register_mutex); mutex_unlock(&emu->register_mutex);
return 0; return 0;
} }
...@@ -338,7 +353,7 @@ snd_emux_unuse(void *private_data, struct snd_seq_port_subscribe *info) ...@@ -338,7 +353,7 @@ snd_emux_unuse(void *private_data, struct snd_seq_port_subscribe *info)
mutex_lock(&emu->register_mutex); mutex_lock(&emu->register_mutex);
snd_emux_sounds_off_all(p); snd_emux_sounds_off_all(p);
snd_emux_dec_count(emu); __snd_emux_dec_count(emu);
mutex_unlock(&emu->register_mutex); mutex_unlock(&emu->register_mutex);
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment