Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp4515053pxa;
        Mon, 10 Aug 2020 10:56:00 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzkXvoodzfHqkWj3eTXf4c2uthweLLCxiJsrdIbP/ZLvFzqy0jjnwH0Uo6Mfhl3r6Vspi0W
X-Received: by 2002:a05:6402:1846:: with SMTP id v6mr22328987edy.179.1597082160508;
        Mon, 10 Aug 2020 10:56:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1597082160; cv=none;
        d=google.com; s=arc-20160816;
        b=NbOl8S2IQgNs7KjIcUs3juBTHGrmpP2Ra81wz4WpCVI+UcvL7kl3CxeBBARbz2PgeU
         gx/wW0wChxUY8i5ZhCJqsXWFjWesGKysjoAb89W+m8nRYs1V0zMT8XdRcyHlA3KU/CaN
         GGm9ZZX5DJFt98VYl7+YI0gZ7N8GjKOdQicJR/jpXrGXoqjVmw+DL68R0n5xZ+0CJB8F
         gv3+yHz/m60+QA1zX9rvKX1To/0i1JRn0011PTOAyZI2qJrpRpEQYBOQ1dtPYtQFXXnK
         9ASKRx/TB2coqIgNaUCnIbUnzsQCr+vjxfapGSFqX6YqiXQalaVDWA3myEbF9epff8B/
         XHAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:subject:cc:to:from:message-id:date;
        bh=2CnOxsWWPkCB26xPsaO1PiWpAJk/cbMYOyzBF17wu8o=;
        b=uIs0HOfhiR3w5uFuDj5U686DbcbltWZ8FkUTSg9yJRBTUWOjd9h7Mj+EArF5jCNlvB
         uckeoKErHC92kYVINvrn7E1aG42Cc+JVU+VEgi4Y19rywIv6k9l++sxmbQqDKKgiztov
         pk7phJtxBfFUKz3c+5ReKKgAIYunB+5ekFy3ZzQwzKsNnD2vk1kcLeWbjOGCduZy3xaU
         FaKP/trMpiRCU51UzKGhDwDmyqmvtS9nnltbF23lf9JAfta+DpEiY2CjtKd+FQle90F5
         3dcnjev3ushxfF4ILqgZ4YqZvQNfAmys56YIg/Evv3Oc1hSDkMYh3S0WeRkNknhpaxxS
         3b7A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id s9si1867634edh.243.2020.08.10.10.55.37;
        Mon, 10 Aug 2020 10:56:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727885AbgHJRxK (ORCPT <rfc822;shmalave.kernel@gmail.com>
        + 99 others); Mon, 10 Aug 2020 13:53:10 -0400
Received: from mx2.suse.de ([195.135.220.15]:47436 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726820AbgHJRxK (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 10 Aug 2020 13:53:10 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.221.27])
        by mx2.suse.de (Postfix) with ESMTP id 85B64AC8B;
        Mon, 10 Aug 2020 17:53:28 +0000 (UTC)
Date:   Mon, 10 Aug 2020 19:53:07 +0200
Message-ID: <s5hzh722xrw.wl-tiwai@suse.de>
From:   Takashi Iwai <tiwai@suse.de>
To:     Pavel Machek <pavel@denx.de>
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        linux-kernel@vger.kernel.org, stable@vger.kernel.org,
        syzbot+1a54a94bd32716796edd@syzkaller.appspotmail.com,
        syzbot+9d2abfef257f3e2d4713@syzkaller.appspotmail.com,
        Hillf Danton <hdanton@sina.com>
Subject: Re: [PATCH 4.19 06/48] ALSA: seq: oss: Serialize ioctls
In-Reply-To: <20200810163717.GA24408@amd>
References: <20200810151804.199494191@linuxfoundation.org>
        <20200810151804.528955642@linuxfoundation.org>
        <20200810163717.GA24408@amd>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka)
 FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3
 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 10 Aug 2020 18:37:17 +0200,
Pavel Machek wrote:
> 
> Hi!
> 
> > commit 80982c7e834e5d4e325b6ce33757012ecafdf0bb upstream.
> > 
> > Some ioctls via OSS sequencer API may race and lead to UAF when the
> > port create and delete are performed concurrently, as spotted by a
> > couple of syzkaller cases.  This patch is an attempt to address it by
> > serializing the ioctls with the existing register_mutex.
> > 
> > Basically OSS sequencer API is an obsoleted interface and was designed
> > without much consideration of the concurrency.  There are very few
> > applications with it, and the concurrent performance isn't asked,
> > hence this "big hammer" approach should be good enough.
> 
> That really is a "big hammer". And I believe it is too big.
>
> In particular, do we need to drop the lock while sleeping in
> SNDCTL_SEQ_SYNC: => snd_seq_oss_writeq_sync ?

Well, do you see any issue with this for really used applications?
If yes, I'd happily take a look and give finer locking.


thanks,

Takashi