summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2016-02-02 15:27:36 +0100
committerTakashi Iwai <tiwai@suse.de>2016-02-08 08:15:35 +0100
commitddce57a6f0a2d8d1bfacfa77f06043bc760403c2 (patch)
treea306d91d91f7a2473397f141373a9cb68e87e5de /include
parent388f7b1d6e8ca06762e2454d28d6c3c55ad0fe95 (diff)
ALSA: dummy: Implement timer backend switching more safely
Currently the selected timer backend is referred at any moment from the running PCM callbacks. When the backend is switched, it's possible to lead to inconsistency from the running backend. This was pointed by syzkaller fuzzer, and the commit [7ee96216c31a: ALSA: dummy: Disable switching timer backend via sysfs] disabled the dynamic switching for avoiding the crash. This patch improves the handling of timer backend switching. It keeps the reference to the selected backend during the whole operation of an opened stream so that it won't be changed by other streams. Together with this change, the hrtimer parameter is reenabled as writable now. NOTE: this patch also turned out to fix the still remaining race. Namely, ops was still replaced dynamically at dummy_pcm_open: static int dummy_pcm_open(struct snd_pcm_substream *substream) { .... dummy->timer_ops = &dummy_systimer_ops; if (hrtimer) dummy->timer_ops = &dummy_hrtimer_ops; Since dummy->timer_ops is common among all streams, and when the replacement happens during accesses of other streams, it may lead to a crash. This was actually triggered by syzkaller fuzzer and KASAN. This patch rewrites the code not to use the ops shared by all streams any longer, too. BugLink: http://lkml.kernel.org/r/CACT4Y+aZ+xisrpuM6cOXbL21DuM0yVxPYXf4cD4Md9uw0C3dBQ@mail.gmail.com Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions