• Takashi Iwai's avatar
    ALSA: hrtimer: Fix stall by hrtimer_cancel() · f35e5e12
    Takashi Iwai authored
    commit 2ba1fe7a upstream.
    
    hrtimer_cancel() waits for the completion from the callback, thus it
    must not be called inside the callback itself.  This was already a
    problem in the past with ALSA hrtimer driver, and the early commit
    [fcfdebe7: ALSA: hrtimer - Fix lock-up] tried to address it.
    
    However, the previous fix is still insufficient: it may still cause a
    lockup when the ALSA timer instance reprograms itself in its callback.
    Then it invokes the start function even in snd_timer_interrupt() that
    is called in hrtimer callback itself, results in a CPU stall.  This is
    no hypothetical problem but actually triggered by syzkaller fuzzer.
    
    This patch tries to fix the issue again.  Now we call
    hrtimer_try_to_cancel() at both start and stop functions so that it
    won't fall into a deadlock, yet giving some chance to cancel the queue
    if the functions have been called outside the callback.  The proper
    hrtimer_cancel() is called in anyway at closing, so this should be
    enough.
    Reported-and-tested-by: default avatarDmitry Vyukov <dvyukov@google.com>
    Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    f35e5e12
hrtimer.c 4.1 KB