[alsa-devel] [PATCH 0/3] Make pcm_ioplug check lock status before locking (fixes pcm_jack lockups)

Ben Russell thematrixeatsyou at gmail.com
Tue Sep 24 09:45:25 CEST 2019 

On Sun, 22 Sep 2019 22:25:48 +0200
Takashi Iwai <tiwai at suse.de> wrote:

> On Sun, 22 Sep 2019 05:28:50 +0200,
> Ben Russell wrote:
> > 
> > This is my first time contributing a patch to a mailing list. If I've made a mess, please let me know so I can learn how to avoid it in future.
> > 
> > The purpose of this patchset is to fix a specific common lockup in the pcm_jack plugin (from alsa-plugins). I'm not sure if this is the right approach to take, but at the very least it should make the pcm_ioplug code a bit more resilient.
> > 
> > The problem is this: When using the pcm_jack plugin, if a program attempts to play audio using the SND_PCM_FORMAT_FLOAT format, said program locks up.
> > 
> > This should be enough to reproduce the bug:
> > 
> >     pcm.rawjack {
> >         type jack
> >         playback_ports {
> >             0 system:playback_1
> >             1 system:playback_2
> >         }
> >         capture_ports {
> >             0 system:capture_1
> >             1 system:capture_2
> >         }
> >     }
> >     
> >     pcm.!default {
> >         type plug
> >         slave.pcm "rawjack"
> >     }
> > 
> > What's happening is that several snd_pcm_ioplug_* functions assume that the pcm mutex is locked already. It then proceeds to unlock the mutex, call a function, and then relock the mutex. When the mutex isn't locked already, the initial unlock results in a silently ignored pthread error, and the lock results in the program eventually deadlocking as it doesn't expect the mutex to be held at that point.
> > 
> > Patch 2 modifies pcm_ioplug to check if the mutex is held before doing the unlock-act-lock sequence, and if the mutex is not held then it skips the unlock and lock stages. This depends on Patch 1, which adds a snd_pcm_is_locked function to give the state of the mutex.
> > 
> > Patch 3 is completely optional. It adds assertions which make sure that all uses of snd_pcm_lock/snd_pcm_unlock are correct. On one hand this will likely result in crashes in some of the less refined parts of the code. On the other hand, when that happens, you'll know which parts need a bit more love. I know it was useful for finding this issue in the first place.
> > 
> > These patches fix the problems I am having, but if you have a more suitable approach to fixing this problem then please let me know.
> 
> Thanks for the analysis and patches.  It's indeed a serious problem we
> need to address.
> 
> The current semantics of locking in alsa-lib code assumes that the
> lock/unlock never fails.  So the "right-and-quick" fix would be just
> to take the patch 3 to assert() upon pthread_mutex_lock/unlock
> errors.  Then we need to paper over the actual invalid locks.
> 
> I do wonder, though, exactly which code path triggers the pthread
> mutex error?  You should be able to catch it via gdb after the patch.
> 
> 
> thanks,
> 
> Takashi

Sure thing. With patch #3 against commit 1d7a131f, this trips up on an assert:

$ gdb --args mpv --ao=alsa --audio-format=float RESPECOGNIZE.mp3

The relevant backtrace:

#4  0x00007ffff4b06cf3 in snd_pcm_unlock (pcm=0x5555558625c0) at pcm_local.h:1187
#5  0x00007ffff4b075b3 in snd_pcm_unlock (pcm=0x5555558625c0) at pcm_local.h:1187
	if (pcm->lock_enabled && pcm->need_lock) {
		unlock_err = pthread_mutex_unlock(&pcm->lock);
		assert(unlock_err == 0); <-- this line
	}
#6  snd_pcm_ioplug_prepare (pcm=0x5555558625c0) at pcm_ioplug.c:167
	snd_pcm_ioplug_reset(pcm);
	if (io->data->callback->prepare) {
		snd_pcm_unlock(pcm); /* to avoid deadlock */ <-- this line
		err = io->data->callback->prepare(io->data);
		snd_pcm_lock(pcm);
	}
#7  0x00007ffff4abcba0 in snd_pcm_prepare (pcm=0x5555558627c0) at pcm.c:1214
	snd_pcm_lock(pcm);
	if (pcm->fast_ops->prepare)
		err = pcm->fast_ops->prepare(pcm->fast_op_arg); <-- this line
	else
		err = -ENOSYS;
#8  0x00005555555a2efa in ?? ()

Using --audio-format=s16 does not deadlock, as it goes via pcm_plugin before it can go via pcm_ioplug (it's most likely for sample format conversion):

#0  0x00007ffff4b07522 in snd_pcm_unlock (pcm=<optimized out>) at pcm_ioplug.c:166
#1  snd_pcm_ioplug_prepare (pcm=0x555555862640) at pcm_ioplug.c:167
#2  0x00007ffff4abcba0 in snd_pcm_prepare (pcm=0x555555862640) at pcm.c:1214
#3  0x00007ffff4ad2ed7 in snd_pcm_plugin_prepare (pcm=0x555555862e50) at pcm_plugin.c:159
	snd_pcm_plugin_t *plugin = pcm->private_data;
	int err;
	err = snd_pcm_prepare(plugin->gen.slave); <-- this line
	if (err < 0)
		return err;
#4  0x00007ffff4abcba0 in snd_pcm_prepare (pcm=0x555555862840) at pcm.c:1214
#5  0x00005555555a2efa in ?? ()

Regards,
Ben R

More information about the Alsa-devel mailing list