[alsa-devel] [PATCH] ALSA: Fix double locking of card list in snd_card_register()
The introduction of snd_card_set_id() added a lock on the card list to the old choose_default_id() function when using it to implement the new API call. This lock is needed to allow us to walk the list and check to see if our new name is a duplicate. Unfortunately this causes a lockup when called from snd_card_register() (in cases where no ID is supplied for the card) since the card list is already locked there.
Fix this fairly hideously by factoring out the implementation and using a flag to indicate if the lock should be held. A better fix would probably be to refactor snd_card_register() to move the _set_id() outside the locking region but I can't immediately see anything I can convince myself is safe.
Signed-off-by: Mark Brown broonie@opensource.wolfsonmicro.com ---
This patch isn't terribly nice but I figured it was a more useful report than just the deadlock.
sound/core/init.c | 31 +++++++++++++++++++------------ 1 files changed, 19 insertions(+), 12 deletions(-)
diff --git a/sound/core/init.c b/sound/core/init.c index 6557dd8..a578d05 100644 --- a/sound/core/init.c +++ b/sound/core/init.c @@ -476,15 +476,8 @@ int snd_card_free(struct snd_card *card)
EXPORT_SYMBOL(snd_card_free);
-/** - * snd_card_set_id - set card identification name - * @card: soundcard structure - * @nid: new identification string - * - * This function sets the card identification and checks for name - * collisions. - */ -void snd_card_set_id(struct snd_card *card, const char *nid) +static void snd_card_set_id_internal(struct snd_card *card, const char *nid, + int do_locking) { int i, len, idx_flag = 0, loops = SNDRV_CARDS; const char *spos, *src; @@ -529,14 +522,16 @@ void snd_card_set_id(struct snd_card *card, const char *nid) } if (!snd_info_check_reserved_words(id)) goto __change; - mutex_lock(&snd_card_mutex); + if (do_locking) + mutex_lock(&snd_card_mutex); for (i = 0; i < snd_ecards_limit; i++) { if (snd_cards[i] && !strcmp(snd_cards[i]->id, id)) { mutex_unlock(&snd_card_mutex); goto __change; } } - mutex_unlock(&snd_card_mutex); + if (do_locking) + mutex_unlock(&snd_card_mutex); break;
__change: @@ -561,6 +556,18 @@ void snd_card_set_id(struct snd_card *card, const char *nid) } }
+/** + * snd_card_set_id - set card identification name + * @card: soundcard structure + * @nid: new identification string + * + * This function sets the card identification and checks for name + * collisions. + */ +void snd_card_set_id(struct snd_card *card, const char *nid) +{ + snd_card_set_id_internal(card, nid, 1); +} EXPORT_SYMBOL(snd_card_set_id);
#ifndef CONFIG_SYSFS_DEPRECATED @@ -657,7 +664,7 @@ int snd_card_register(struct snd_card *card) return 0; } if (card->id[0] == '\0') - snd_card_set_id(card, NULL); + snd_card_set_id_internal(card, NULL, 0); snd_cards[card->number] = card; mutex_unlock(&snd_card_mutex); init_info_for_card(card);
At Wed, 3 Jun 2009 20:43:29 +0100, Mark Brown wrote:
The introduction of snd_card_set_id() added a lock on the card list to the old choose_default_id() function when using it to implement the new API call. This lock is needed to allow us to walk the list and check to see if our new name is a duplicate. Unfortunately this causes a lockup when called from snd_card_register() (in cases where no ID is supplied for the card) since the card list is already locked there.
Oh, thanks for catching this. Obviously I haven't tested the latest code enough...
Fix this fairly hideously by factoring out the implementation and using a flag to indicate if the lock should be held. A better fix would probably be to refactor snd_card_register() to move the _set_id() outside the locking region but I can't immediately see anything I can convince myself is safe.
Agreed, there can be a cleaner solution but your fix is definitely safe. So I applied it as a quick fix.
Takashi
Signed-off-by: Mark Brown broonie@opensource.wolfsonmicro.com
This patch isn't terribly nice but I figured it was a more useful report than just the deadlock.
sound/core/init.c | 31 +++++++++++++++++++------------ 1 files changed, 19 insertions(+), 12 deletions(-)
diff --git a/sound/core/init.c b/sound/core/init.c index 6557dd8..a578d05 100644 --- a/sound/core/init.c +++ b/sound/core/init.c @@ -476,15 +476,8 @@ int snd_card_free(struct snd_card *card)
EXPORT_SYMBOL(snd_card_free);
-/**
- snd_card_set_id - set card identification name
- @card: soundcard structure
- @nid: new identification string
- This function sets the card identification and checks for name
- collisions.
- */
-void snd_card_set_id(struct snd_card *card, const char *nid) +static void snd_card_set_id_internal(struct snd_card *card, const char *nid,
int do_locking){ int i, len, idx_flag = 0, loops = SNDRV_CARDS; const char *spos, *src; @@ -529,14 +522,16 @@ void snd_card_set_id(struct snd_card *card, const char *nid) } if (!snd_info_check_reserved_words(id)) goto __change;
mutex_lock(&snd_card_mutex);
if (do_locking)mutex_lock(&snd_card_mutex);
mutex_unlock(&snd_card_mutex);
if (do_locking)mutex_unlock(&snd_card_mutex);break;
__change:@@ -561,6 +556,18 @@ void snd_card_set_id(struct snd_card *card, const char *nid) } }
+/**
- snd_card_set_id - set card identification name
- @card: soundcard structure
- @nid: new identification string
- This function sets the card identification and checks for name
- collisions.
- */
+void snd_card_set_id(struct snd_card *card, const char *nid) +{
- snd_card_set_id_internal(card, nid, 1);
+} EXPORT_SYMBOL(snd_card_set_id);
#ifndef CONFIG_SYSFS_DEPRECATED @@ -657,7 +664,7 @@ int snd_card_register(struct snd_card *card) return 0; } if (card->id[0] == '\0')
snd_card_set_id(card, NULL);
snd_card_set_id_internal(card, NULL, 0);-- 1.6.3.1
On Wed, 3 Jun 2009, Takashi Iwai wrote:
At Wed, 3 Jun 2009 20:43:29 +0100, Mark Brown wrote:
The introduction of snd_card_set_id() added a lock on the card list to the old choose_default_id() function when using it to implement the new API call. This lock is needed to allow us to walk the list and check to see if our new name is a duplicate. Unfortunately this causes a lockup when called from snd_card_register() (in cases where no ID is supplied for the card) since the card list is already locked there.
Oh, thanks for catching this. Obviously I haven't tested the latest code enough...
Yes, thanks.
Fix this fairly hideously by factoring out the implementation and using a flag to indicate if the lock should be held. A better fix would probably be to refactor snd_card_register() to move the _set_id() outside the locking region but I can't immediately see anything I can convince myself is safe.
Agreed, there can be a cleaner solution but your fix is definitely safe. So I applied it as a quick fix.
The patch has a unlock problem in 'if (snd_cards[i] && !strcmp(snd_cards[i]->id, id)) {' block.
Anyway, here is next cleanup which will remove locking outside the internal id function and fixes also next possible race in unique id allocation:
http://git.alsa-project.org/?p=alsa-kernel.git;a=commitdiff;h=13d55b5cb27a3c...
Jaroslav
----- Jaroslav Kysela perex@perex.cz Linux Kernel Sound Maintainer ALSA Project, Red Hat, Inc.
On Thu, 4 Jun 2009, Jaroslav Kysela wrote:
On Wed, 3 Jun 2009, Takashi Iwai wrote:
At Wed, 3 Jun 2009 20:43:29 +0100, Mark Brown wrote:
The introduction of snd_card_set_id() added a lock on the card list to the old choose_default_id() function when using it to implement the new API call. This lock is needed to allow us to walk the list and check to see if our new name is a duplicate. Unfortunately this causes a lockup when called from snd_card_register() (in cases where no ID is supplied for the card) since the card list is already locked there.
Oh, thanks for catching this. Obviously I haven't tested the latest code enough...
Yes, thanks.
Fix this fairly hideously by factoring out the implementation and using a flag to indicate if the lock should be held. A better fix would probably be to refactor snd_card_register() to move the _set_id() outside the locking region but I can't immediately see anything I can convince myself is safe.
Agreed, there can be a cleaner solution but your fix is definitely safe. So I applied it as a quick fix.
The patch has a unlock problem in 'if (snd_cards[i] && !strcmp(snd_cards[i]->id, id)) {' block.
Anyway, here is next cleanup which will remove locking outside the internal id function and fixes also next possible race in unique id allocation:
http://git.alsa-project.org/?p=alsa-kernel.git;a=commitdiff;h=13d55b5cb27a3c...
Oops. There was wrong "if (card->id[0] != '\0')" check so the call in snd_card_register() will not work as expected. This commit is final:
http://git.alsa-project.org/?p=alsa-kernel.git;a=commitdiff;h=c5313f60c4a50d...
Jaroslav
----- Jaroslav Kysela perex@perex.cz Linux Kernel Sound Maintainer ALSA Project, Red Hat, Inc.
participants (3)
-
Jaroslav Kysela -
Mark Brown -
Takashi Iwai