Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3afe38f6 authored by Kai Vehmanen's avatar Kai Vehmanen Committed by Greg Kroah-Hartman
Browse files

ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close 



commit ce1558c285f9ad04c03b46833a028230771cc0a7 upstream

A race exists between closing a PCM and update of ELD data. In
hdmi_pcm_close(), hinfo->nid value is modified without taking
spec->pcm_lock. If this happens concurrently while processing an ELD
update in hdmi_pcm_setup_pin(), converter assignment may be done
incorrectly.

This bug was found by hitting a WARN_ON in snd_hda_spdif_ctls_assign()
in a HDMI receiver connection stress test:

[2739.684569] WARNING: CPU: 5 PID: 2090 at sound/pci/hda/patch_hdmi.c:1898 check_non_pcm_per_cvt+0x41/0x50 [snd_hda_codec_hdmi]
...
[2739.684707] Call Trace:
[2739.684720]  update_eld+0x121/0x5a0 [snd_hda_codec_hdmi]
[2739.684736]  hdmi_present_sense+0x21e/0x3b0 [snd_hda_codec_hdmi]
[2739.684750]  check_presence_and_report+0x81/0xd0 [snd_hda_codec_hdmi]
[2739.684842]  intel_audio_codec_enable+0x122/0x190 [i915]

Fixes: 42b29870 ("ALSA: hda - hdmi playback without monitor in dynamic pcm bind mode")
Signed-off-by: default avatarKai Vehmanen <kai.vehmanen@linux.intel.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201013152628.920764-1-kai.vehmanen@linux.intel.com


Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
[sudip: adjust context]
Signed-off-by: default avatarSudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 72289dc2

sound/pci/hda/patch_hdmi.c

+12 −8
Original line number Diff line number Diff line
@@ -1955,20 +1955,23 @@ static int hdmi_pcm_close(struct hda_pcm_stream *hinfo, 
	int pinctl;

	int err = 0;



	mutex_lock(&spec->pcm_lock);

	if (hinfo->nid) {

		pcm_idx = hinfo_to_pcm_index(codec, hinfo);

		if (snd_BUG_ON(pcm_idx < 0))

			return -EINVAL;

		if (snd_BUG_ON(pcm_idx < 0)) {

			err = -EINVAL;

			goto unlock;

		}

		cvt_idx = cvt_nid_to_cvt_index(codec, hinfo->nid);

		if (snd_BUG_ON(cvt_idx < 0))

			return -EINVAL;

		if (snd_BUG_ON(cvt_idx < 0)) {

			err = -EINVAL;

			goto unlock;

		}

		per_cvt = get_cvt(spec, cvt_idx);



		snd_BUG_ON(!per_cvt->assigned);

		per_cvt->assigned = 0;

		hinfo->nid = 0;



		mutex_lock(&spec->pcm_lock);

		snd_hda_spdif_ctls_unassign(codec, pcm_idx);

		clear_bit(pcm_idx, &spec->pcm_in_use);

		pin_idx = hinfo_to_pin_index(codec, hinfo);
@@ -1996,9 +1999,10 @@ static int hdmi_pcm_close(struct hda_pcm_stream *hinfo, 
		per_pin->setup = false;

		per_pin->channels = 0;

		mutex_unlock(&per_pin->lock);

	}



unlock:

	mutex_unlock(&spec->pcm_lock);

	}



	return err;

}