| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1583e474-55e3-ec13-f8c9-029bb23971bb@gmail.com>
Date: Tue, 17 Dec 2019 21:39:01 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: Takashi Iwai <tiwai@...e.de>
Cc: perex@...ex.cz, tiwai@...e.com, rfontana@...hat.com,
gregkh@...uxfoundation.org, allison@...utok.net,
tglx@...utronix.de, alsa-devel@...a-project.org,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [BUG] ALSA: seq: a possible sleep-in-atomic-context bug in
snd_virmidi_dev_receive_event()
On 2019/12/17 21:37, Takashi Iwai wrote:
> On Tue, 17 Dec 2019 14:24:21 +0100,
> Jia-Ju Bai wrote:
>> The driver may sleep while holding a read lock.
>> The function call path (from bottom to top) in Linux 4.19 is:
>>
>> sound/core/seq/seq_memory.c, 96:
>> copy_from_user in snd_seq_dump_var_event
>> sound/core/seq/seq_virmidi.c, 97:
>> snd_seq_dump_var_event in snd_virmidi_dev_receive_event
>> sound/core/seq/seq_virmidi.c, 88:
>> _raw_read_lock in snd_virmidi_dev_receive_event
> This can't happen. snd_virmidi_dev_receive_event() takes
> conditionally either read_lock or rw_sem depending on the atomic
> argument. And the data including user-space pointer is handled always
> with atomic=1, hence down_read() is used instead of read_lock() here.
>
Okay, thanks for the explanation.
Best wishes,
Jia-Ju Bai
Powered by blists - more mailing lists