From: Takashi Iwai <tiwai@xxxxxxx> commit dca947d4d26dbf925a64a6cfb2ddbc035e831a3d upstream. In the current PCM design, the read/write syscalls (as well as the equivalent ioctls) are allowed before the PCM stream is running, that is, at PCM PREPARED state. Meanwhile, we also allow to re-issue hw_params and hw_free ioctl calls at the PREPARED state that may change or free the buffers, too. The problem is that there is no protection against those mix-ups. This patch applies the previously introduced runtime->buffer_mutex to the read/write operations so that the concurrent hw_params or hw_free call can no longer interfere during the operation. The mutex is unlocked before scheduling, so we don't take it too long. Cc: <stable@xxxxxxxxxxxxxxx> Reviewed-by: Jaroslav Kysela <perex@xxxxxxxx> Link: https://lore.kernel.org/r/20220322170720.3529-3-tiwai@xxxxxxx Signed-off-by: Takashi Iwai <tiwai@xxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- sound/core/pcm_lib.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/sound/core/pcm_lib.c +++ b/sound/core/pcm_lib.c @@ -1871,9 +1871,11 @@ static int wait_for_avail(struct snd_pcm if (avail >= runtime->twake) break; snd_pcm_stream_unlock_irq(substream); + mutex_unlock(&runtime->buffer_mutex); tout = schedule_timeout(wait_time); + mutex_lock(&runtime->buffer_mutex); snd_pcm_stream_lock_irq(substream); set_current_state(TASK_INTERRUPTIBLE); switch (runtime->status->state) { @@ -2167,6 +2169,7 @@ snd_pcm_sframes_t __snd_pcm_lib_xfer(str nonblock = !!(substream->f_flags & O_NONBLOCK); + mutex_lock(&runtime->buffer_mutex); snd_pcm_stream_lock_irq(substream); err = pcm_accessible_state(runtime); if (err < 0) @@ -2254,6 +2257,7 @@ snd_pcm_sframes_t __snd_pcm_lib_xfer(str if (xfer > 0 && err >= 0) snd_pcm_update_state(substream, runtime); snd_pcm_stream_unlock_irq(substream); + mutex_unlock(&runtime->buffer_mutex); return xfer > 0 ? (snd_pcm_sframes_t)xfer : err; } EXPORT_SYMBOL(__snd_pcm_lib_xfer); Patches currently in stable-queue which might be from tiwai@xxxxxxx are queue-5.10/alsa-pcm-fix-races-among-concurrent-prepare-and-hw_params-hw_free-calls.patch queue-5.10/alsa-hda-realtek-add-quirk-for-clevo-np70pnj.patch queue-5.10/alsa-hda-realtek-add-quirk-for-asus-ga402.patch queue-5.10/alsa-cmipci-restore-aux-vol-on-suspend-resume.patch queue-5.10/alsa-pcm-fix-races-among-concurrent-prealloc-proc-writes.patch queue-5.10/asoc-sti-fix-deadlock-via-snd_pcm_stop_xrun-call.patch queue-5.10/alsa-usb-audio-add-mute-tlv-for-playback-volumes-on-rode-nt-usb.patch queue-5.10/alsa-oss-fix-pcm-oss-buffer-allocation-overflow.patch queue-5.10/alsa-pci-fix-reading-of-swapped-values-from-pcmreg-in-ac97-codec.patch queue-5.10/alsa-usb-audio-add-mapping-for-new-corsair-virtuoso-se.patch queue-5.10/alsa-hda-realtek-add-quirk-for-clevo-np50pnj.patch queue-5.10/alsa-pcm-fix-races-among-concurrent-hw_params-and-hw_free-calls.patch queue-5.10/alsa-pcm-add-stream-lock-during-pcm-reset-ioctl-operations.patch queue-5.10/alsa-pcm-fix-races-among-concurrent-read-write-and-buffer-changes.patch queue-5.10/alsa-hda-realtek-fix-headset-mic-problem-for-a-hp-machine-with-alc671.patch
