android_kernel_samsung_msm8976/sound/oss
Alexey Khoroshilov cccea7f5c4 sound/oss: fix deadlock in sequencer_ioctl(SNDCTL_SEQ_OUTOFBAND)
commit bc26d4d06e337ade069f33d3f4377593b24e6e36 upstream.

A deadlock can be initiated by userspace via ioctl(SNDCTL_SEQ_OUTOFBAND)
on /dev/sequencer with TMR_ECHO midi event.

In this case the control flow is:
sound_ioctl()
-> case SND_DEV_SEQ:
   case SND_DEV_SEQ2:
     sequencer_ioctl()
     -> case SNDCTL_SEQ_OUTOFBAND:
          spin_lock_irqsave(&lock,flags);
          play_event();
          -> case EV_TIMING:
               seq_timing_event()
               -> case TMR_ECHO:
                    seq_copy_to_input()
                    -> spin_lock_irqsave(&lock,flags);

It seems that spin_lock_irqsave() around play_event() is not necessary,
because the only other call location in seq_startplay() makes the call
without acquiring spinlock.

So, the patch just removes spinlocks around play_event().
By the way, it removes unreachable code in seq_timing_event(),
since (seq_mode == SEQ_2) case is handled in the beginning.

Compile tested only.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-05-17 09:51:33 -07:00
..
dmasound dmasound_core: saner arguments for sq_fsync() 2013-04-29 15:41:42 -04:00
.gitignore oss: remove maui_boot.h from .gitignore and dontdiff 2012-09-01 08:36:09 -07:00
ad1848.c sound: oss: remove __dev* attributes 2012-12-07 07:30:49 +01:00
ad1848.h
ad1848_mixer.h
aedsp16.c
audio.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
bin2hex.c
CHANGELOG
coproc.h
dev_table.c
dev_table.h
dmabuf.c sound: oss/dmabuf: use dma_map_single 2013-04-26 07:36:38 +02:00
hex2hex.c
kahlua.c sound: oss: remove __dev* attributes 2012-12-07 07:30:49 +01:00
Kconfig sound: Fix make allmodconfig on MIPS correctly 2013-05-13 15:54:19 +02:00
Makefile
midi_ctrl.h
midi_synth.c
midi_synth.h
midibuf.c
mpu401.c
mpu401.h
msnd.c
msnd.h
msnd_classic.c
msnd_classic.h
msnd_pinnacle.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
msnd_pinnacle.h
opl3.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
opl3_hw.h
os.h Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
pas2.h
pas2_card.c sound: oss/pas2: Fix possible access out of array 2013-01-04 10:38:27 +01:00
pas2_midi.c
pas2_mixer.c
pas2_pcm.c
pss.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
README.FIRST
sb.h
sb_audio.c sound: oss/sb_audio: cap value in sb201_audio_set_speed() 2012-11-18 10:24:49 +01:00
sb_card.c
sb_card.h
sb_common.c sound: oss: sb_common: Used kmemdup instead of kmalloc and memcpy 2013-04-02 11:23:00 +02:00
sb_ess.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
sb_ess.h
sb_midi.c
sb_mixer.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
sb_mixer.h
sequencer.c sound/oss: fix deadlock in sequencer_ioctl(SNDCTL_SEQ_OUTOFBAND) 2015-05-17 09:51:33 -07:00
sound_calls.h
sound_config.h
sound_firmware.h
sound_timer.c sound: oss: use strlcpy() in sound_timer_init() 2011-09-29 08:12:33 +02:00
soundcard.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
soundvers.h
swarm_cs4297a.c sound: swarm_cs4297: Provide definitions for AC97 registers 2012-06-20 08:38:27 +02:00
sys_timer.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
trix.c ALSA: module_param: make bool parameters really bool 2011-12-19 10:34:41 +01:00
tuning.h
uart401.c sound: oss: uart401: Used kmemdup instead of kmalloc and memcpy 2013-04-02 11:22:52 +02:00
uart6850.c sound: Remove unnecessary semicolon 2012-10-06 16:47:53 +02:00
ulaw.h
v_midi.c
v_midi.h
vidc.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
vidc.h
vidc_fill.S
vwsnd.c Fix comment typo multipy -> multiply 2012-06-03 12:04:08 +02:00
waveartist.c ARM: footbridge: nw_gpio_lock is raw_spin_lock 2012-10-07 10:33:12 +02:00
waveartist.h

The modular sound driver patches were funded by Red Hat Software 
(www.redhat.com). The sound driver here is thus a modified version of 
Hannu's code. Please bear that in mind when considering the appropriate
forums for bug reporting. 

Alan Cox