Details

Issue of the Implementation # L0192

Brief

sound/oss: deadlock in sequencer_ioctl(SNDCTL_SEQ_OUTOFBAND)

Detailed Description

A deadlock can be initiated by userspace via ioctl(SNDCTL_SEQ_OUTOFBAND) on /dev/sequencer with TMR_ECHO midi event. In this case the control flow is:

sound_ioctl()
-> case SND_DEV_SEQ:
   case SND_DEV_SEQ2:
     sequencer_ioctl()
     -> case SNDCTL_SEQ_OUTOFBAND:
          spin_lock_irqsave(&lock,flags);
          play_event();
          -> case EV_TIMING:
               seq_timing_event()
               -> case TMR_ECHO:
                    seq_copy_to_input()
                    -> spin_lock_irqsave(&lock,flags);

It seems that spin_lock_irqsave() around play_event() is not necessary, because the only other call location in seq_startplay() makes the call without acquiring spinlock.

Component

linux-kernel 4.0

Accepted

https://marc.info/?l=linux-kernel&m=142931483001579&w=2
commit

Status

Fixed in kernel 4.1-rc1

[Home]

Русский

About Us

Projects