ALSA: seq: Fix nested rwsem annotation for lockdep splat
authorTakashi Iwai <tiwai@suse.de>
Sun, 29 Oct 2017 10:10:43 +0000 (11:10 +0100)
committerTakashi Iwai <tiwai@suse.de>
Tue, 31 Oct 2017 08:09:10 +0000 (09:09 +0100)
syzkaller reported the lockdep splat due to the possible deadlock of
grp->list_mutex of each sequencer client object.  Actually this is
rather a false-positive report due to the missing nested lock
annotations.  The sequencer client may deliver the event directly to
another client which takes another own lock.

For addressing this issue, this patch replaces the simple down_read()
with down_read_nested().  As a lock subclass, the already existing
"hop" can be re-used, which indicates the depth of the call.

Reference: http://lkml.kernel.org/r/089e082686ac9b482e055c832617@google.com
Reported-by: syzbot <bot+7feb8de6b4d6bf810cf098bef942cc387e79d0ad@syzkaller.appspotmail.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
sound/core/seq/seq_clientmgr.c

index 6c9cba2166d95b3b9175cc9eb39ca14e3a14f0f5..d10c780dfd5468137b3b862f6b04e0279d32e3d6 100644 (file)
@@ -663,7 +663,7 @@ static int deliver_to_subscribers(struct snd_seq_client *client,
        if (atomic)
                read_lock(&grp->list_lock);
        else
-               down_read(&grp->list_mutex);
+               down_read_nested(&grp->list_mutex, hop);
        list_for_each_entry(subs, &grp->list_head, src_list) {
                /* both ports ready? */
                if (atomic_read(&subs->ref_count) != 2)