From 87988a534d8e12f2e6fc01fe63e6c1925dc5307c Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Fri, 10 May 2024 12:14:23 +0200 Subject: ALSA: Fix deadlocks with kctl removals at disconnection In snd_card_disconnect(), we set card->shutdown flag at the beginning, call callbacks and do sync for card->power_ref_sleep waiters at the end. The callback may delete a kctl element, and this can lead to a deadlock when the device was in the suspended state. Namely: * A process waits for the power up at snd_power_ref_and_wait() in snd_ctl_info() or read/write() inside card->controls_rwsem. * The system gets disconnected meanwhile, and the driver tries to delete a kctl via snd_ctl_remove*(); it tries to take card->controls_rwsem again, but this is already locked by the above. Since the sleeper isn't woken up, this deadlocks. An easy fix is to wake up sleepers before processing the driver disconnect callbacks but right after setting the card->shutdown flag. Then all sleepers will abort immediately, and the code flows again. So, basically this patch moves the wait_event() call at the right timing. While we're at it, just to be sure, call wait_event_all() instead of wait_event(), although we don't use exclusive events on this queue for now. Link: https://bugzilla.kernel.org/show_bug.cgi?id=218816 Cc: Reviewed-by: Jaroslav Kysela Link: https://lore.kernel.org/r/20240510101424.6279-1-tiwai@suse.de Signed-off-by: Takashi Iwai --- sound/core/init.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'sound/core/init.c') diff --git a/sound/core/init.c b/sound/core/init.c index 4ed5037d8693..89c8354862c4 100644 --- a/sound/core/init.c +++ b/sound/core/init.c @@ -516,6 +516,14 @@ void snd_card_disconnect(struct snd_card *card) } } +#ifdef CONFIG_PM + /* wake up sleepers here before other callbacks for avoiding potential + * deadlocks with other locks (e.g. in kctls); + * then this notifies the shutdown and sleepers would abort immediately + */ + wake_up_all(&card->power_sleep); +#endif + /* notify all connected devices about disconnection */ /* at this point, they cannot respond to any calls except release() */ @@ -543,7 +551,6 @@ void snd_card_disconnect(struct snd_card *card) } #ifdef CONFIG_PM - wake_up(&card->power_sleep); snd_power_sync_ref(card); #endif } -- cgit v1.2.3 From da0713fff528112890aac02fea08937b65d5c8ba Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Fri, 10 May 2024 14:51:27 +0200 Subject: ALSA: core: Remove superfluous CONFIG_PM Since the recent code change, the conditional build with CONFIG_PM is calling only snd_power_sync_ref(). As a dummy function is provided for this function, we can get rid of CONFIG_PM gracefully now. Link: https://lore.kernel.org/r/20240510125128.6058-1-tiwai@suse.de Signed-off-by: Takashi Iwai --- sound/core/init.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'sound/core/init.c') diff --git a/sound/core/init.c b/sound/core/init.c index 89c8354862c4..6b127864a1a3 100644 --- a/sound/core/init.c +++ b/sound/core/init.c @@ -550,9 +550,7 @@ void snd_card_disconnect(struct snd_card *card) clear_bit(card->number, snd_cards_lock); } -#ifdef CONFIG_PM snd_power_sync_ref(card); -#endif } EXPORT_SYMBOL(snd_card_disconnect); -- cgit v1.2.3 From 39381fe7394e5eafac76e7e9367e7351138a29c1 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Wed, 22 May 2024 09:04:39 +0200 Subject: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the code around it with '#ifdef MODULE'. This works in most cases, but the devils are always in details. "MODULE" is defined when the target code (i.e. the sound core) is built as a module; but this doesn't mean that the caller is also built-in or not. Namely, when only the sound core is built-in (CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m), the passed module pointer is ignored even if it's non-NULL, and card->module remains as NULL. This would result in the missing module reference up/down at the device open/close, leading to a race with the code execution after the module removal. For addressing the bug, move the assignment of card->module again out of ifdef. The WARN_ON() is still wrapped with ifdef because the module can be really NULL when all sound drivers are built-in. Note that we keep 'ifdef MODULE' for WARN_ON(), otherwise it would lead to a false-positive NULL module check. Admittedly it won't catch perfectly, i.e. no check is performed when CONFIG_SND=y. But, it's no real problem as it's only for debugging, and the condition is pretty rare. Fixes: 81033c6b584b ("ALSA: core: Warn on empty module") Reported-by: Xu Yang Closes: https://lore.kernel.org/r/20240520170349.2417900-1-xu.yang_2@nxp.com Cc: Signed-off-by: Takashi Iwai Tested-by: Xu Yang Link: https://lore.kernel.org/r/20240522070442.17786-1-tiwai@suse.de --- sound/core/init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sound/core/init.c') diff --git a/sound/core/init.c b/sound/core/init.c index 6b127864a1a3..ac072614d1ea 100644 --- a/sound/core/init.c +++ b/sound/core/init.c @@ -313,8 +313,8 @@ static int snd_card_init(struct snd_card *card, struct device *parent, card->number = idx; #ifdef MODULE WARN_ON(!module); - card->module = module; #endif + card->module = module; INIT_LIST_HEAD(&card->devices); init_rwsem(&card->controls_rwsem); rwlock_init(&card->ctl_files_rwlock); -- cgit v1.2.3 From c1a8d5f31b601648603986775ab0ec8305f86122 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Wed, 22 May 2024 09:04:40 +0200 Subject: ALSA: core: Enable proc module when CONFIG_MODULES=y We used '#ifdef MODULE' for judging whether the system supports the sound module or not, and /proc/asound/modules is created only when '#ifdef MODULE' is true. The check is not really appropriate, though, because the flag means only for the sound core and the drivers are still allowed to be built as modules even if 'MODULE' is not set in sound/core/init.c. For fixing the inconsistency, replace those ifdefs with 'ifdef CONFIG_MODULES'. One place for a NULL module check is rewritten with IS_MODULE(CONFIG_SND) to be more intuitive. It can't be changed to CONFIG_MODULES; otherwise it would hit a WARN_ON() incorrectly. This is a slight behavior change; the modules proc entry appears now no matter whether the sound core is built-in or not as long as modules are enabled on the kernel in general. This can't be avoided due to the nature of kernel builds. Link: https://lore.kernel.org/r/20240520170349.2417900-1-xu.yang_2@nxp.com Signed-off-by: Takashi Iwai Tested-by: Xu Yang Link: https://lore.kernel.org/r/20240522070442.17786-2-tiwai@suse.de --- sound/core/init.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'sound/core/init.c') diff --git a/sound/core/init.c b/sound/core/init.c index ac072614d1ea..4e52bbe32786 100644 --- a/sound/core/init.c +++ b/sound/core/init.c @@ -50,7 +50,7 @@ MODULE_PARM_DESC(slots, "Module names assigned to the slots."); static int module_slot_match(struct module *module, int idx) { int match = 1; -#ifdef MODULE +#ifdef CONFIG_MODULES const char *s1, *s2; if (!module || !*module->name || !slots[idx]) @@ -77,7 +77,7 @@ static int module_slot_match(struct module *module, int idx) if (!c1) break; } -#endif /* MODULE */ +#endif /* CONFIG_MODULES */ return match; } @@ -311,9 +311,7 @@ static int snd_card_init(struct snd_card *card, struct device *parent, } card->dev = parent; card->number = idx; -#ifdef MODULE - WARN_ON(!module); -#endif + WARN_ON(IS_MODULE(CONFIG_SND) && !module); card->module = module; INIT_LIST_HEAD(&card->devices); init_rwsem(&card->controls_rwsem); @@ -969,7 +967,7 @@ void snd_card_info_read_oss(struct snd_info_buffer *buffer) #endif -#ifdef MODULE +#ifdef CONFIG_MODULES static void snd_card_module_info_read(struct snd_info_entry *entry, struct snd_info_buffer *buffer) { @@ -997,7 +995,7 @@ int __init snd_card_info_init(void) if (snd_info_register(entry) < 0) return -ENOMEM; /* freed in error path */ -#ifdef MODULE +#ifdef CONFIG_MODULES entry = snd_info_create_module_entry(THIS_MODULE, "modules", NULL); if (!entry) return -ENOMEM; -- cgit v1.2.3