Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp2233821ybi; Mon, 1 Jul 2019 08:27:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqwSHisCiBgG9agt7xkCObSgJQA026I7XuIrvQVgpEB8ZHvjlR3pa97rRUA/cKEc6epF3yvV X-Received: by 2002:a17:902:e6:: with SMTP id a93mr29630449pla.175.1561994866462; Mon, 01 Jul 2019 08:27:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561994866; cv=none; d=google.com; s=arc-20160816; b=DqwaGTA3rIlgQjxTqzrL17IJ/o1gTUTpY00QIyQq3UwuLIrQ1U/K8Z37dr4VnlMAgD QW0nboInfaX4ey4dZewdxODvT4hgxE1DxioAhOhy4bxQLwuKCZ9Nam/w1fd9DX/CkL8G eMu9TkCbqbsBROZsD/+11gh9iRA2glXrS4E22Iu5PewqrNtbYTKB2iuFOzNIzKLjyeSt yGjQc9Qp5cjn3K6rwavbwob7aFaV8fI+bbaxyoBBV7lG5Ls068INL7Bp2EHh/DKmVx0h 3F8rX+WQbwcZalH5Sg5m2+7b0AC5cQD2uF65xCLG1EofsDxt7Vthd3GlNk9c0QyXR1cf e54Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:subject:cc:to:from:message-id:date; bh=smYRdO7+2Bn+AyDenxmGvvlaetElscXPLQDOwLVohgE=; b=yh+pKwniyWwgc8/kKcl87qEioPG4EtsqCEfbxq+nJ5wqqpwyBZDhZltj7jYduFEcSm zllqRB6g1f3Q/NHM30s5r704Wile1Gb+8GwOQIDIz7YQmt7zm+n9RwRxndbJpV6f6CE/ tMIXf1L89/aHRxBmRQCD2+ZZXUKCaUgtJ9ugRpXMaRptdwHFkpzdmJ3/2x9LAvAHxx0s EdsY/QaD9zizJw3qrAtuAlJj8uk7Zi0nqr5zba81gzO5PpSziJ6FMEIATfVNDovOL75z ogEXHDy8SYrsy6VoNXO5u2WfZoSfYdvl8e25avjZsdJoLLnCPwGG9OCcFCOlV8ox02xO 3rcQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3si11283537pld.40.2019.07.01.08.27.30; Mon, 01 Jul 2019 08:27:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729388AbfGAOJB (ORCPT + 99 others); Mon, 1 Jul 2019 10:09:01 -0400 Received: from mx2.suse.de ([195.135.220.15]:49432 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728016AbfGAOJA (ORCPT ); Mon, 1 Jul 2019 10:09:00 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 8653FB016; Mon, 1 Jul 2019 14:08:59 +0000 (UTC) Date: Mon, 01 Jul 2019 16:08:54 +0200 Message-ID: From: Takashi Iwai To: "Evan Green" Cc: , "Thomas Gleixner" , "Amadeusz S*awi*ski" , "Greg Kroah-Hartman" , "Jaroslav Kysela" , Subject: Re: [PATCH v2 1/2] ALSA: hda: Fix widget_mutex incomplete protection In-Reply-To: <20190626212220.239897-2-evgreen@chromium.org> References: <20190626212220.239897-1-evgreen@chromium.org> <20190626212220.239897-2-evgreen@chromium.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 26 Jun 2019 23:22:19 +0200, Evan Green wrote: > > The widget_mutex was introduced to serialize callers to > hda_widget_sysfs_{re}init. However, its protection of the sysfs widget array > is incomplete. For example, it is acquired around the call to > hda_widget_sysfs_reinit(), which actually creates the new array, but isn't > still acquired when codec->num_nodes and codec->start_nid is updated. So > the lock ensures one thread sets up the new array at a time, but doesn't > ensure which thread's value will end up in codec->num_nodes. If a larger > num_nodes wins but a smaller array was set up, the next call to > refresh_widgets() will touch free memory as it iterates over codec->num_nodes > that aren't there. > > The widget_lock really protects both the tree as well as codec->num_nodes, > start_nid, and end_nid, so make sure it's held across that update. It should > also be held during snd_hdac_get_sub_nodes(), so that a very old read from that > function doesn't end up clobbering a later update. OK, right, this fix is needed no matter whether to take my other change to skip hda_widget_sysfs_init() call in hda_widget_sysfs_reinit(). However... > While in there, move the exit mutex call inside the function. This moves the > mutex closer to the data structure it protects and removes a requirement of > acquiring the somewhat internal widget_lock before calling sysfs_exit. ... this doesn't look better from consistency POV. The whole code in hdac_sysfs.c doesn't take any lock in itself. The protection is supposed to be done in the caller side. So, let's keep as is now. Also... > codec->num_nodes = nums; > codec->start_nid = start_nid; > codec->end_nid = start_nid + nums; > + mutex_unlock(&codec->widget_lock); > return 0; > + > +unlock: > + mutex_unlock(&codec->widget_lock); > + return err; There is no need of two mutex_unlock() here. They can be unified, codec->num_nodes = nums; codec->start_nid = start_nid; codec->end_nid = start_nid + nums; unlock: mutex_unlock(&codec->widget_lock); return err; Could you refresh this and resubmit? thanks, Takashi