| From a6eed36e8020bebef26d01723062ab98753fd801 Mon Sep 17 00:00:00 2001 |
| From: paulhsia <paulhsia@chromium.org> |
| Date: Wed, 13 Nov 2019 01:17:14 +0800 |
| Subject: [PATCH] ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() |
| |
| commit f5cdc9d4003a2f66ea57b3edd3e04acc2b1a4439 upstream. |
| |
| If the nullity check for `substream->runtime` is outside of the lock |
| region, it is possible to have a null runtime in the critical section |
| if snd_pcm_detach_substream is called right before the lock. |
| |
| Signed-off-by: paulhsia <paulhsia@chromium.org> |
| Link: https://lore.kernel.org/r/20191112171715.128727-2-paulhsia@chromium.org |
| Signed-off-by: Takashi Iwai <tiwai@suse.de> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c |
| index d80041ea4e01..2236b5e0c1f2 100644 |
| --- a/sound/core/pcm_lib.c |
| +++ b/sound/core/pcm_lib.c |
| @@ -1782,11 +1782,14 @@ void snd_pcm_period_elapsed(struct snd_pcm_substream *substream) |
| struct snd_pcm_runtime *runtime; |
| unsigned long flags; |
| |
| - if (PCM_RUNTIME_CHECK(substream)) |
| + if (snd_BUG_ON(!substream)) |
| return; |
| - runtime = substream->runtime; |
| |
| snd_pcm_stream_lock_irqsave(substream, flags); |
| + if (PCM_RUNTIME_CHECK(substream)) |
| + goto _unlock; |
| + runtime = substream->runtime; |
| + |
| if (!snd_pcm_running(substream) || |
| snd_pcm_update_hw_ptr0(substream, 1) < 0) |
| goto _end; |
| @@ -1797,6 +1800,7 @@ void snd_pcm_period_elapsed(struct snd_pcm_substream *substream) |
| #endif |
| _end: |
| kill_fasync(&runtime->fasync, SIGIO, POLL_IN); |
| + _unlock: |
| snd_pcm_stream_unlock_irqrestore(substream, flags); |
| } |
| EXPORT_SYMBOL(snd_pcm_period_elapsed); |
| -- |
| 2.7.4 |
| |