ALSA: seq: Fix concurrent access to queue current tick/time
authorTakashi Iwai <tiwai@suse.de>
Fri, 14 Feb 2020 11:13:15 +0000 (12:13 +0100)
committerTakashi Iwai <tiwai@suse.de>
Fri, 14 Feb 2020 14:53:09 +0000 (15:53 +0100)
commitdc7497795e014d84699c3b8809ed6df35352dd74
tree2268c9c6fe20d5638e558ae014d512b85e543599
parentbb51e669fa49feb5904f452b2991b240ef31bc97
ALSA: seq: Fix concurrent access to queue current tick/time

snd_seq_check_queue() passes the current tick and time of the given
queue as a pointer to snd_seq_prioq_cell_out(), but those might be
updated concurrently by the seq timer update.

Fix it by retrieving the current tick and time via the proper helper
functions at first, and pass those values to snd_seq_prioq_cell_out()
later in the loops.

snd_seq_timer_get_cur_time() takes a new argument and adjusts with the
current system time only when it's requested so; this update isn't
needed for snd_seq_check_queue(), as it's called either from the
interrupt handler or right after queuing.

Also, snd_seq_timer_get_cur_tick() is changed to read the value in the
spinlock for the concurrency, too.

Reported-by: syzbot+fd5e0eaa1a32999173b2@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20200214111316.26939-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
sound/core/seq/seq_clientmgr.c
sound/core/seq/seq_queue.c
sound/core/seq/seq_timer.c
sound/core/seq/seq_timer.h