Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3570966pxb; Mon, 24 Jan 2022 12:29:41 -0800 (PST) X-Google-Smtp-Source: ABdhPJwIo0Mn+arKTZs60NvKUOwjLepdAX0J7m2ys+nT4PnP+sciSYGhmYxWPPY2oC6EYvgRLNum X-Received: by 2002:a05:6a00:244f:b0:4c4:3915:2d70 with SMTP id d15-20020a056a00244f00b004c439152d70mr15258198pfj.44.1643056181239; Mon, 24 Jan 2022 12:29:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643056181; cv=none; d=google.com; s=arc-20160816; b=KrBYp6tWM/vNOG8c6GfssCpzponA85bp75Mf6k+OzUYrc0ghHx3O+ItXy5feGlY1kx LJe4g9eSlCvBSiuhptcRgNg8TR5CpXnv5rSJnu6a49qiutUcSItOFc39V0Z4doh8UwSl aI8lgG2zgmJ9PGB9aRPE1Qc6dWianEWcGXixcw2F0XsRIpWWZ3/XPpPTCSF6WtaYMn3F XE3FuPkb9IA+ZQj8UIykj6qDYKqQLWeRBMOMwl2nevpgCrvvxgCnJwDlvXZavBcEsTtw kaelUQT6Qgr/Wxioa7AKdb++P7aE4m5zkS4CZQtK36lumxtghScsk9WQnogaIKIRrTCp zvsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=yoI66fDi5VSUygqKtGcT1lWnzA+hb6lLTeThEvx2uzQ=; b=YPoSZhz4MAPF0Jn1uZbwiPMx/hymmHs7u9IRjpCYXcRjw2Ltmk8upNqz9fmFl2PkeJ Nm+mxkze1oJtPMEfWnzWjIqr9vYDlX/NE5UTidabQIlZpHpsmjJHkzW5l7wgWffmdiIn 3NDukbTV93DPKuONxHYlx8kf+tP7bBhR33dm+Bz9q54olCdgNV4zrebVG8qHpmfuDWg2 +rfaVb9/3Ni7CeGEJOClEfdiX9CLYJSrunap8fC1l21uQnUsEqy9sqn1z8NZL+oiCMpT PlolW6wVrUU9bc0RyuGeAGqQZMH+f2v5UfpMzZg+5g4EZpVvaJFM7N1SY7ztzmGuWIiJ oRsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=byY4wknn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q6si1551861plr.359.2022.01.24.12.29.28; Mon, 24 Jan 2022 12:29:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=byY4wknn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344131AbiAXTbX (ORCPT + 99 others); Mon, 24 Jan 2022 14:31:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50410 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350021AbiAXTXQ (ORCPT ); Mon, 24 Jan 2022 14:23:16 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 02280C0613BD; Mon, 24 Jan 2022 11:09:39 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 967F260EC4; Mon, 24 Jan 2022 19:09:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7759AC340E5; Mon, 24 Jan 2022 19:09:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643051378; bh=1j7mayRmOuGQ+nRLdXsL59wVA+c5vHDalgnqM39ocY4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=byY4wknntQvvpRKmWiKa1sXCIBaCbb8tlXtQ+qh2FISTfhxKhCr3ux0PR0UJzNnN5 Deki2RaxuRMxxk09FL9lcISHdZeeurWk0QguBf/OaUQahEZaUXx48kN6rCj54Jp6Nf E9BA8V1Z6x0SNYIeePOYb3lc4DEjmxLjAPbWGYy8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Zqiang , syzbot+bb950e68b400ab4f65f8@syzkaller.appspotmail.com, Takashi Iwai , Sasha Levin Subject: [PATCH 4.14 141/186] ALSA: seq: Set upper limit of processed events Date: Mon, 24 Jan 2022 19:43:36 +0100 Message-Id: <20220124183941.639737985@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124183937.101330125@linuxfoundation.org> References: <20220124183937.101330125@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Takashi Iwai [ Upstream commit 6fadb494a638d8b8a55864ecc6ac58194f03f327 ] Currently ALSA sequencer core tries to process the queued events as much as possible when they become dispatchable. If applications try to queue too massive events to be processed at the very same timing, the sequencer core would still try to process such all events, either in the interrupt context or via some notifier; in either away, it might be a cause of RCU stall or such problems. As a potential workaround for those problems, this patch adds the upper limit of the amount of events to be processed. The remaining events are processed in the next batch, so they won't be lost. For the time being, it's limited up to 1000 events per queue, which should be high enough for any normal usages. Reported-by: Zqiang Reported-by: syzbot+bb950e68b400ab4f65f8@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20211102033222.3849-1-qiang.zhang1211@gmail.com Link: https://lore.kernel.org/r/20211207165146.2888-1-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Sasha Levin --- sound/core/seq/seq_queue.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/sound/core/seq/seq_queue.c b/sound/core/seq/seq_queue.c index ea1aa07962761..b923059a22276 100644 --- a/sound/core/seq/seq_queue.c +++ b/sound/core/seq/seq_queue.c @@ -257,12 +257,15 @@ struct snd_seq_queue *snd_seq_queue_find_name(char *name) /* -------------------------------------------------------- */ +#define MAX_CELL_PROCESSES_IN_QUEUE 1000 + void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) { unsigned long flags; struct snd_seq_event_cell *cell; snd_seq_tick_time_t cur_tick; snd_seq_real_time_t cur_time; + int processed = 0; if (q == NULL) return; @@ -285,6 +288,8 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) if (!cell) break; snd_seq_dispatch_event(cell, atomic, hop); + if (++processed >= MAX_CELL_PROCESSES_IN_QUEUE) + goto out; /* the rest processed at the next batch */ } /* Process time queue... */ @@ -294,14 +299,19 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) if (!cell) break; snd_seq_dispatch_event(cell, atomic, hop); + if (++processed >= MAX_CELL_PROCESSES_IN_QUEUE) + goto out; /* the rest processed at the next batch */ } + out: /* free lock */ spin_lock_irqsave(&q->check_lock, flags); if (q->check_again) { q->check_again = 0; - spin_unlock_irqrestore(&q->check_lock, flags); - goto __again; + if (processed < MAX_CELL_PROCESSES_IN_QUEUE) { + spin_unlock_irqrestore(&q->check_lock, flags); + goto __again; + } } q->check_blocked = 0; spin_unlock_irqrestore(&q->check_lock, flags); -- 2.34.1