On Mon, 04 Nov 2019 13:25:38 +0100,
Sasha Levin wrote:
>
> On Mon, Nov 04, 2019 at 11:42:14AM +0100, Takashi Iwai wrote:
> >On Mon, 04 Nov 2019 11:30:20 +0100,
> >Sasha Levin wrote:
> >>
> >> On Sun, Nov 03, 2019 at 06:40:59PM +0100, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
> >> >
> >> >The patch below does not apply to the 4.19-stable tree.
> >> >If someone wants it applied there, or to any other stable or longterm
> >> >tree, then please email the backport, including the original git commit
> >> >id to <stable@xxxxxxxxxxxxxxx>.
> >> >
> >> >thanks,
> >> >
> >> >greg k-h
> >> >
> >> >------------------ original commit in Linus's tree ------------------
> >> >
> >> >From a39331867335d4a94b6165e306265c9e24aca073 Mon Sep 17 00:00:00 2001
> >> >From: Takashi Iwai <tiwai@xxxxxxx>
> >> >Date: Wed, 30 Oct 2019 22:42:57 +0100
> >> >Subject: [PATCH] ALSA: timer: Fix mutex deadlock at releasing card
> >> >
> >> >When a card is disconnected while in use, the system waits until all
> >> >opened files are closed then releases the card. This is done via
> >> >put_device() of the card device in each device release code.
> >> >
> >> >The recently reported mutex deadlock bug happens in this code path;
> >> >snd_timer_close() for the timer device deals with the global
> >> >register_mutex and it calls put_device() there. When this timer
> >> >device is the last one, the card gets freed and it eventually calls
> >> >snd_timer_free(), which has again the protection with the global
> >> >register_mutex -- boom.
> >> >
> >> >Basically put_device() call itself is race-free, so a relative simple
> >> >workaround is to move this put_device() call out of the mutex. For
> >> >achieving that, in this patch, snd_timer_close_locked() got a new
> >> >argument to store the card device pointer in return, and each caller
> >> >invokes put_device() with the returned object after the mutex unlock.
> >> >
> >> >Reported-and-tested-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> >> >Cc: <stable@xxxxxxxxxxxxxxx>
> >> >Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
> >>
> >> Looks like this was introduced by 41672c0c24a6 ("ALSA: timer: Simplify
> >> error path in snd_timer_open()"), which means it's not needed on 4.19 or
> >> older.
> >
> >We'd still need a similar fix, as the code path in question is about
> >closing, not opening the device. If backporting the commit
> >41672c0c24a6 makes the fix cleanly applicable, it'd be worth to
> >backport both.
> >
> >If not, I can submit a modified 4.19.y patch, too.
>
> Yeah, it works for 4.19 and 4.14, I've queued it up.
>
> The 4.9 backport requires two more commits:
>
> 9b7d869ee5a7 ("ALSA: timer: Limit max instances per timer")
> 988563929d5b ("ALSA: timer: Follow standard EXPORT_SYMBOL() declarations")
>
> Does it makes sense to take them?
Yes, they are fine. Especially the former should have been merged to
stable trees as much as possible.
thanks,
Takashi
