Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp2403563ybi;
        Mon, 1 Jul 2019 11:24:32 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwC0AWGVDlwgRLrkB8u6NmBvr6KCfsLk0hf+jdmoHeCTqNiFYAXfzlXoxm4x9bl3JE7Lvd/
X-Received: by 2002:a17:902:3103:: with SMTP id w3mr31080283plb.84.1562005472106;
        Mon, 01 Jul 2019 11:24:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562005472; cv=none;
        d=google.com; s=arc-20160816;
        b=tpSNfVzWyn8eTu5SZeiJKKi3Hl9DpDS8qrSDP1JyXej1yp9qNBNl9SIX8Spfq5Ca1x
         q6384cNfJSBFQ/CmTmazZQHPtNpY3fdTUze+46tlLXfA5biXSHaFwPOxkIvOEZO/9ufL
         /hgBVE7+iEZy6QChgJMPgbZtyOFc/dcbiF1GVilFYvcA6f9PhSiihzJBUPdn2/F4HCG+
         gC3dlYEIm1T79sptj/o+rZt0lB3Z97lrRFmcUqPlyAMLn9K9j16p0nIcBCXm15BQDQRS
         qGwBWF4zWitJbc09fVJbWrFk2g39/ED8VKK18W1cnhjXOnNwJ8db/wgIhGqSK0sU0e0c
         Eoug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:subject:cc:to:from:message-id:date;
        bh=X2jVJ2o6odh80FdgNL3xBfZuAMeMwj5f5If+TKOQXsY=;
        b=AqVwr48+xU3Eqck20Mgd7ze5ZI4C7+TAoVIWXRozH5DTiDlysIDST5H1WQsTfJW9MC
         lDJ5scVK4uK6hisVOaMwkVjUOLnzFORqeI6KrltGyEntZ6xNNY7YxjOeqbpZoLGPFsGJ
         9H58KMM8uDf2hJ5qOwSopzlh6n0imaBbadykKc6TcpUIvnTjTuX5fn8o2uiLwicgp8QH
         +Qo4JhgXb3ydFNn+sLY+xSz/EqigMsdkJS6XBLIqBQWkIamTZkNZ5CNNRFmKZqtFOctd
         gmPINbbXD78/i5tg8yjoQ/BCjmG9MRQ7/UZwGmI6/l/yAnRZVBh1IErMNYZSY4/9ZLTs
         J9rQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y5si10077602pgv.390.2019.07.01.11.24.17;
        Mon, 01 Jul 2019 11:24:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727153AbfGASOF (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 99 others); Mon, 1 Jul 2019 14:14:05 -0400
Received: from mx2.suse.de ([195.135.220.15]:56280 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726846AbfGASOE (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 1 Jul 2019 14:14:04 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 9CA9CAD3E;
        Mon,  1 Jul 2019 18:14:03 +0000 (UTC)
Date:   Mon, 01 Jul 2019 20:14:03 +0200
Message-ID: <s5hy31hoc5w.wl-tiwai@suse.de>
From:   Takashi Iwai <tiwai@suse.de>
To:     "Evan Green" <evgreen@chromium.org>
Cc:     <alsa-devel@alsa-project.org>,
        "Thomas Gleixner" <tglx@linutronix.de>,
        "Amadeusz S*awi*ski" <amadeuszx.slawinski@linux.intel.com>,
        "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
        "Jaroslav Kysela" <perex@perex.cz>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3] ALSA: hda: Fix widget_mutex incomplete protection
In-Reply-To: <20190701173030.168346-1-evgreen@chromium.org>
References: <20190701173030.168346-1-evgreen@chromium.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka)
 FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3
 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 01 Jul 2019 19:30:30 +0200,
Evan Green wrote:
> 
> The widget_mutex was introduced to serialize callers to
> hda_widget_sysfs_{re}init. However, its protection of the sysfs widget array
> is incomplete. For example, it is acquired around the call to
> hda_widget_sysfs_reinit(), which actually creates the new array, but isn't
> still acquired when codec->num_nodes and codec->start_nid is updated. So
> the lock ensures one thread sets up the new array at a time, but doesn't
> ensure which thread's value will end up in codec->num_nodes. If a larger
> num_nodes wins but a smaller array was set up, the next call to
> refresh_widgets() will touch free memory as it iterates over codec->num_nodes
> that aren't there.
> 
> The widget_lock really protects both the tree as well as codec->num_nodes,
> start_nid, and end_nid, so make sure it's held across that update. It should
> also be held during snd_hdac_get_sub_nodes(), so that a very old read from that
> function doesn't end up clobbering a later update.
> 
> Fixes: ed180abba7f1 ("ALSA: hda: Fix race between creating and refreshing sysfs entries")
> 
> Signed-off-by: Evan Green <evgreen@chromium.org>

Applied now.  Thanks.


Takashi