2019-07-29 04:01:02

by Jia-Ju Bai

Subject: [BUG] ALSA: core: seq: a possible double-lock bug in snd_seq_midisynth_remove()

In snd_seq_midisynth_remove(), there is a possible double-lock bug:
snd_seq_midisynth_remove()
    mutex_lock(&register_mutex); -- line 421
    snd_seq_delete_kernel_client() --- line 436
        seq_free_client() -- line 2244
            mutex_lock(&register_mutex); -- line 294

This bug is found by a static analysis tool STCheck written by us.

I do not know how to correctly fix this bug, so I only report it.
A possible fix is to release the mutex lock before calling
seq_free_client() in snd_seq_delete_kernel_client() and then acquiring
the lock again after calling seq_free_client().


Best wishes,
Jia-Ju Bai

2019-07-29 05:50:38

by Takashi Iwai

Subject: Re: [BUG] ALSA: core: seq: a possible double-lock bug in snd_seq_midisynth_remove()

On Mon, 29 Jul 2019 05:54:07 +0200,
Jia-Ju Bai wrote:
>
> In snd_seq_midisynth_remove(), there is a possible double-lock bug:
> snd_seq_midisynth_remove()
>     mutex_lock(&register_mutex); -- line 421
>     snd_seq_delete_kernel_client() --- line 436
>         seq_free_client() -- line 2244
>             mutex_lock(&register_mutex); -- line 294
>
> This bug is found by a static analysis tool STCheck written by us.

No, it's a false-positive report. Both register_mutex's are
static, hence they are local to each file. That is, you're looking at
two different mutexes.


Takashi