[alsa-devel] [PATCH] ALSA: hda: Fix race between creating and refreshing sysfs entries
hda_widget_sysfs_reinit() can free underlying codec->widgets structure on which widget_tree_create() operates. Add locking to prevent such issues from happening.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=110382 Signed-off-by: Amadeusz Sławiński amadeuszx.slawinski@linux.intel.com --- include/sound/hdaudio.h | 1 + sound/hda/hdac_sysfs.c | 22 +++++++++++++++++++--- sound/pci/hda/hda_codec.c | 2 ++ 3 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/include/sound/hdaudio.h b/include/sound/hdaudio.h index 45f944d57982..85835d0c33cc 100644 --- a/include/sound/hdaudio.h +++ b/include/sound/hdaudio.h @@ -81,6 +81,7 @@ struct hdac_device { atomic_t in_pm; /* suspend/resume being performed */
/* sysfs */ + struct mutex widget_lock; struct hdac_widget_tree *widgets;
/* regmap */ diff --git a/sound/hda/hdac_sysfs.c b/sound/hda/hdac_sysfs.c index fb2aa344981e..5352e5db814c 100644 --- a/sound/hda/hdac_sysfs.c +++ b/sound/hda/hdac_sysfs.c @@ -399,21 +399,28 @@ int hda_widget_sysfs_init(struct hdac_device *codec) { int err;
- if (codec->widgets) + mutex_lock(&codec->widget_lock); + if (codec->widgets) { + mutex_unlock(&codec->widget_lock); return 0; /* already created */ + }
err = widget_tree_create(codec); if (err < 0) { widget_tree_free(codec); + mutex_unlock(&codec->widget_lock); return err; }
+ mutex_unlock(&codec->widget_lock); return 0; }
void hda_widget_sysfs_exit(struct hdac_device *codec) { + mutex_lock(&codec->widget_lock); widget_tree_free(codec); + mutex_unlock(&codec->widget_lock); }
int hda_widget_sysfs_reinit(struct hdac_device *codec, @@ -424,16 +431,23 @@ int hda_widget_sysfs_reinit(struct hdac_device *codec, hda_nid_t nid; int i;
- if (!codec->widgets) + mutex_lock(&codec->widget_lock); + + if (!codec->widgets) { + mutex_unlock(&codec->widget_lock); return hda_widget_sysfs_init(codec); + }
tree = kmemdup(codec->widgets, sizeof(*tree), GFP_KERNEL); - if (!tree) + if (!tree) { + mutex_unlock(&codec->widget_lock); return -ENOMEM; + }
tree->nodes = kcalloc(num_nodes + 1, sizeof(*tree->nodes), GFP_KERNEL); if (!tree->nodes) { kfree(tree); + mutex_unlock(&codec->widget_lock); return -ENOMEM; }
@@ -460,5 +474,7 @@ int hda_widget_sysfs_reinit(struct hdac_device *codec, codec->widgets = tree;
kobject_uevent(tree->root, KOBJ_CHANGE); + + mutex_unlock(&codec->widget_lock); return 0; } diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c index 701a69d856f5..a5746df5c94b 100644 --- a/sound/pci/hda/hda_codec.c +++ b/sound/pci/hda/hda_codec.c @@ -870,6 +870,8 @@ static int snd_hda_codec_device_init(struct hda_bus *bus, struct snd_card *card, if (!codec) return -ENOMEM;
+ mutex_init(&codec->widget_lock); + sprintf(name, "hdaudioC%dD%d", card->number, codec_addr); err = snd_hdac_device_init(&codec->core, &bus->core, name, codec_addr); if (err < 0) {
On Fri, 10 May 2019 14:21:41 +0200, Amadeusz Sławiński wrote:
hda_widget_sysfs_reinit() can free underlying codec->widgets structure on which widget_tree_create() operates. Add locking to prevent such issues from happening.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=110382 Signed-off-by: Amadeusz Sławiński amadeuszx.slawinski@linux.intel.com
Thanks, the idea looks good. But it'd be simpler to do mutex lock/unlock in the caller side, a patch like below.
Takashi
--- a/include/sound/hdaudio.h +++ b/include/sound/hdaudio.h @@ -81,6 +81,7 @@ struct hdac_device { atomic_t in_pm; /* suspend/resume being performed */
/* sysfs */ + struct mutex widget_lock; struct hdac_widget_tree *widgets;
/* regmap */ --- a/sound/hda/hdac_device.c +++ b/sound/hda/hdac_device.c @@ -55,6 +55,7 @@ int snd_hdac_device_init(struct hdac_device *codec, struct hdac_bus *bus, codec->bus = bus; codec->addr = addr; codec->type = HDA_DEV_CORE; + mutex_init(&codec->widget_lock); pm_runtime_set_active(&codec->dev); pm_runtime_get_noresume(&codec->dev); atomic_set(&codec->in_pm, 0); @@ -141,7 +142,9 @@ int snd_hdac_device_register(struct hdac_device *codec) err = device_add(&codec->dev); if (err < 0) return err; + mutex_lock(&codec->widget_lock); err = hda_widget_sysfs_init(codec); + mutex_unlock(&codec->widget_lock); if (err < 0) { device_del(&codec->dev); return err; @@ -158,7 +161,9 @@ EXPORT_SYMBOL_GPL(snd_hdac_device_register); void snd_hdac_device_unregister(struct hdac_device *codec) { if (device_is_registered(&codec->dev)) { + mutex_lock(&codec->widget_lock); hda_widget_sysfs_exit(codec); + mutex_unlock(&codec->widget_lock); device_del(&codec->dev); snd_hdac_bus_remove_device(codec->bus, codec); } @@ -404,7 +409,9 @@ int snd_hdac_refresh_widgets(struct hdac_device *codec, bool sysfs) }
if (sysfs) { + mutex_lock(&codec->widget_lock); err = hda_widget_sysfs_reinit(codec, start_nid, nums); + mutex_unlock(&codec->widget_lock); if (err < 0) return err; }
participants (2)
-
Amadeusz Sławiński
-
Takashi Iwai