From: Pierre-Louis Bossart Date: Fri, 24 Sep 2021 19:24:14 +0000 (-0500) Subject: ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() X-Git-Tag: v6.6.17~8344^2~86^2~55 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1465d06a6d8580e73ae65f8590392df58c5ed2fd;p=platform%2Fkernel%2Flinux-rpi.git ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() The fields 'opened', 'running', 'assigned_key' are all protected by a spinlock, but the spinlock is not taken when looking for a stream. This can result in a possible race between assign() and release(). Fix by taking the spinlock before walking through the bus stream list. Signed-off-by: Pierre-Louis Bossart Link: https://lore.kernel.org/r/20210924192417.169243-2-pierre-louis.bossart@linux.intel.com Signed-off-by: Takashi Iwai --- diff --git a/sound/hda/hdac_stream.c b/sound/hda/hdac_stream.c index 1eb8563..9867555 100644 --- a/sound/hda/hdac_stream.c +++ b/sound/hda/hdac_stream.c @@ -296,6 +296,7 @@ struct hdac_stream *snd_hdac_stream_assign(struct hdac_bus *bus, int key = (substream->pcm->device << 16) | (substream->number << 2) | (substream->stream + 1); + spin_lock_irq(&bus->reg_lock); list_for_each_entry(azx_dev, &bus->stream_list, list) { if (azx_dev->direction != substream->stream) continue; @@ -309,13 +310,12 @@ struct hdac_stream *snd_hdac_stream_assign(struct hdac_bus *bus, res = azx_dev; } if (res) { - spin_lock_irq(&bus->reg_lock); res->opened = 1; res->running = 0; res->assigned_key = key; res->substream = substream; - spin_unlock_irq(&bus->reg_lock); } + spin_unlock_irq(&bus->reg_lock); return res; } EXPORT_SYMBOL_GPL(snd_hdac_stream_assign);