Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4327892img;
        Tue, 26 Mar 2019 07:24:56 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxDg6l6Y/4FwmcIkpYkTkYBa6HoDyH+liu0MvzH5LziQvtTkupYFRucAt4Qk8Vnj6hcP+SZ
X-Received: by 2002:a17:902:988e:: with SMTP id s14mr19056960plp.167.1553610296865;
        Tue, 26 Mar 2019 07:24:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553610296; cv=none;
        d=google.com; s=arc-20160816;
        b=Jo6ttpQb9U5oLoW1kENMsuWhQ3dEPnbuBi4uwWijVCe9R6atu2sGX20ezuBNAUvVn2
         jl+tJCDFXVQSZ8vKcESHF69as2n8gm2PUEmZjdzbpPCAq437qcTvpXKfPu18G1BdBYbz
         wmVeUZpPrUQaeyRpYBJJrL8eG+uXfgl1s/E8Zggh14mRcs8Bhfw3Sr4Z9wJIaiBhooPE
         ZHTaK55LUWlwoCCRtWMA7ngarHBRx/JSc3+jCFzBut4jAc9j2YzAfriJ5kDP9c6zkosp
         DGxPIXWa/OEeUtYFQUq03MxTE9DTfmaOenR2nU/1IyVTYF29TRHcR0gvWnaFyGMDzq/R
         3y1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:subject:cc:to:from:message-id:date;
        bh=z9GyU+4f1y0F5tS/Ti+eYrB89+vl9ltkexeWdv72Nqk=;
        b=z6TBDcC12xtBZLZVI12S9Lt3IZaONeiOhfUmx/PCUGN6aY7qxYHvp9oxvw4p7w5VjH
         T51n+PF4L5KAC/RVehq3Ir5DVlicIChdZYk3NXs94OHwNWhia+BEway3/Q9Xn5vSMAeV
         pe3PjJiJmJFaGQvbOs7RduiI3xoIBfjNk1Acd7gj25w04x9HwLVsaVxBL/AyPHIjAqr8
         tZYV5/F/Ys5j4qw6c00141ONnBbSyrUmdbTeJXnD5ZdWEExAklcVuo10x/wGo56Xbp+t
         jZwRgsoQzwiOJ0pyf0atg3FLuwMiXmJ8SWaRg/OBPQJzC2S2T60WVdxKfICwekiPH3Lt
         qlYQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s35si16026534pgl.101.2019.03.26.07.24.41;
        Tue, 26 Mar 2019 07:24:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731595AbfCZOXy (ORCPT <rfc822;plaguedbypenguins@gmail.com>
        + 99 others); Tue, 26 Mar 2019 10:23:54 -0400
Received: from mx2.suse.de ([195.135.220.15]:42090 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726266AbfCZOXy (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 26 Mar 2019 10:23:54 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 5B23BAFF5;
        Tue, 26 Mar 2019 14:23:52 +0000 (UTC)
Date:   Tue, 26 Mar 2019 15:23:51 +0100
Message-ID: <s5hr2at67ew.wl-tiwai@suse.de>
From:   Takashi Iwai <tiwai@suse.de>
To:     Timo Wischer <twischer@de.adit-jv.com>
Cc:     <broonie@kernel.org>, <perex@perex.cz>,
        <alsa-devel@alsa-project.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 09/10] ALSA: pcm: Add snd_pcm_ops for snd_pcm_link()
In-Reply-To: <3ad5c313-ba2c-b541-8930-3f2515dfca72@de.adit-jv.com>
References: <1553529644-5654-1-git-send-email-twischer@de.adit-jv.com>
        <1553586574-18608-1-git-send-email-twischer@de.adit-jv.com>
        <1553586574-18608-5-git-send-email-twischer@de.adit-jv.com>
        <s5ho95ym3s7.wl-tiwai@suse.de>
        <3ad5c313-ba2c-b541-8930-3f2515dfca72@de.adit-jv.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka)
 FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3
 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 26 Mar 2019 12:25:37 +0100,
Timo Wischer wrote:
> 
> On 3/26/19 09:35, Takashi Iwai wrote:
> 
>     On Tue, 26 Mar 2019 08:49:33 +0100,
>     <twischer@de.adit-jv.com> wrote:
>     
>         From: Timo Wischer <twischer@de.adit-jv.com>
>         
>         snd_pcm_link() can be called by the user as long as the device is not
>         yet started. Therefore currently a driver which wants to iterate over
>         the linked substreams has to do this at the start trigger. But the start
>         trigger should not block for a long time. Therefore there is no callback
>         which can be used to iterate over the linked substreams without delaying
>         the start trigger.
>         This patch introduces a new callback function which will be called after
>         the linked substream list was updated by snd_pcm_link(). This callback
>         function is allowed to block for a longer time without interfering the
>         synchronized start up of linked substreams.
>         
>         Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>
>         
>     Well, the idea appears interesting, but I'm afraid that the
>     implementation is still racy.  The place you're calling the new
>     callback isn't protected, hence the stream can be triggered while
>     calling it.  That is, even during operating your loopback link_changed
>     callback, another thread is able to start the stream.
>     
> Hi Takashi,
> 
> As far as I got you mean the following scenario:
> 
>   * snd_pcm_link() is called for a HW sound card
>       + loopback_snd_timer_link_changed()

The start may happen at this point.

>       + loopback_snd_timer_open()
>       + spin_lock_irqsave(&dpcm->cable->lock, flags);
>   * snd_pcm_start() called for aloop sound card
>       + loopback_trigger()
>       + spin_lock(&cable->lock) -> has to wait till loopback_snd_timer_open()
>         calls spin_unlock_irqrestore()
> 
> So far snd_pcm_start() has to wait for loopback_snd_timer_open().
> 
>   * loopback_snd_timer_open() will continue with
>       + dpcm->cable->snd_timer.instance = NULL;
>       + spin_unlock_irqrestore()
>   * loopback_trigger() can enter the lock
>       + loopback_snd_timer_start() will fail with -EINVAL due to
>         (loopback_trigger == NULL)
> 
> At least this will not result into memory corruption due to race or any other
> wired behavior.

I don't expect the memory corruption, but my point is that dealing
with linked streams is still tricky.  It was considered for the
lightweight coupled start/stop operation, and something intensively
depending on the linked status was out of the original design...

> But my expectation is that snd_pcm_link(hw, aloop) or snd_pcm_link(aloop, hw)
> is only called by the application calling snd_pcm_start(aloop)
> because the same aloop device cannot be opened by multiple applications at the
> same time.
> 
> Do you see an use case where one application would call snd_pcm_start() in
> parallel with snd_pcm_link() (somehow configuring the device)?

It's not about the actual application usages but rather against the
malicious attacks.  Especially aloop is a virtual device that is
available allover the places, it may be deployed / attacked easily.

> May be we should add an additional synchronization mechanism in pcm_native.c
> to avoid call of snd_pcm_link() in parallel with snd_pcm_start().

If it really matters...  Honestly speaking, I'm not fully convinced
whether we want to deal with this using the PCM link mechanism.

What's the motivation for using the linked streams at the first place?
That's one of the biggest missing piece in the whole picture.


thanks,

Takashi