Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2983764imu; Sun, 9 Dec 2018 14:16:41 -0800 (PST) X-Google-Smtp-Source: AFSGD/V6WCFb0999CXAhUtuXPgev1oWGACpozUC4m2uv7V6X15uETtHN9x57h1hSnYiU+luOAQRZ X-Received: by 2002:a17:902:34a:: with SMTP id 68mr10122843pld.268.1544393801076; Sun, 09 Dec 2018 14:16:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544393801; cv=none; d=google.com; s=arc-20160816; b=Ytp3CEsOr6oCZWVfze9qQf3leXJxOV6/ZmXG6Qex0ypGIWBFE4EYnXLlsCq+9pjPha Ns8uEw6uRCzWVQFM/VAn9bD0LmVOOotNLpQpR2UMZ9Q38oeGOCvvWOevlByEmqT3j2yc ioXmKHexPO1OqbeU/Ak2+VMQfld7CYRnAR36nKUji8kQlmuH/DZjUki2PR5mbvCZIPS0 pLWdoMs7iUSOyGmueaY15D0B3DL2bHe+Bd7EfiWXLDFGlbOK4RNaf+ga6zv7NfEq1sxV FO227Llhvadmo/Uvs1yh/0Go+m4CuGJfzoD0oihqkvC/DksXP3tFu3BaIKivXDuuce6W re7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition; bh=w5DE1E57dhMi87PB5N52VdEBC4TiMWtWgJHRfUvs8uA=; b=hHpoCM0V4gocX5IQ3EO7nGi65Klmsx7390Sj2gKysAi6l2QOcV7X9fOGQ8zc4/PITy JH+nIrRYmDyE/sh3Mtp9kX3P+PKb6vUHd/I3sw4qnIXiGuQrfyp8zQRlM5NnyX3tO/9k Kzj19F32f4HUDje1e4O1Xe/eE/yiF/dwgwk5VyDn21BQe2chrW2tZd+iOre7bL5JnR7G XnsBLcJhbokbFSAieJG2ZZVhWt0fZsA8U8zrBv43krLL+Voo27mSLrC46gY8WZ0NoXM2 bNEtxKWw32nxShGUEMQJamK53IOdCS9jwQdK9LTZ4OY+Ve1/Sig9BkBkSoCygkY3skaT UIXQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s123si7839865pgs.93.2018.12.09.14.16.25; Sun, 09 Dec 2018 14:16:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728463AbeLIWNz (ORCPT + 99 others); Sun, 9 Dec 2018 17:13:55 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:37984 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728183AbeLIWNy (ORCPT ); Sun, 9 Dec 2018 17:13:54 -0500 Received: from pub.yeoldevic.com ([81.174.156.145] helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1gW73L-0002ir-76; Sun, 09 Dec 2018 21:55:55 +0000 Received: from ben by deadeye with local (Exim 4.91) (envelope-from ) id 1gW72a-0003IO-Ud; Sun, 09 Dec 2018 21:55:08 +0000 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Takashi Iwai" , syzbot+619d9f40141d826b097e@syzkaller.appspotmail.com Date: Sun, 09 Dec 2018 21:50:33 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) X-Patchwork-Hint: ignore Subject: [PATCH 3.16 078/328] ALSA: virmidi: Fix too long output trigger loop In-Reply-To: X-SA-Exim-Connect-IP: 81.174.156.145 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.62-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Takashi Iwai commit 50e9ffb1996a5d11ff5040a266585bad4ceeca0a upstream. The virmidi output trigger tries to parse the all available bytes and process sequencer events as much as possible. In a normal situation, this is supposed to be relatively short, but a program may give a huge buffer and it'll take a long time in a single spin lock, which may eventually lead to a soft lockup. This patch simply adds a workaround, a cond_resched() call in the loop if applicable. A better solution would be to move the event processor into a work, but let's put a duct-tape quickly at first. Reported-and-tested-by: Dae R. Jeong Reported-by: syzbot+619d9f40141d826b097e@syzkaller.appspotmail.com Signed-off-by: Takashi Iwai Signed-off-by: Ben Hutchings --- sound/core/seq/seq_virmidi.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/sound/core/seq/seq_virmidi.c +++ b/sound/core/seq/seq_virmidi.c @@ -163,6 +163,7 @@ static void snd_virmidi_output_trigger(s int count, res; unsigned char buf[32], *pbuf; unsigned long flags; + bool check_resched = !in_atomic(); if (up) { vmidi->trigger = 1; @@ -200,6 +201,15 @@ static void snd_virmidi_output_trigger(s vmidi->event.type = SNDRV_SEQ_EVENT_NONE; } } + if (!check_resched) + continue; + /* do temporary unlock & cond_resched() for avoiding + * CPU soft lockup, which may happen via a write from + * a huge rawmidi buffer + */ + spin_unlock_irqrestore(&substream->runtime->lock, flags); + cond_resched(); + spin_lock_irqsave(&substream->runtime->lock, flags); } out: spin_unlock_irqrestore(&substream->runtime->lock, flags);