From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80C09C433EF for ; Mon, 7 Mar 2022 08:31:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236163AbiCGIcP (ORCPT ); Mon, 7 Mar 2022 03:32:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47772 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236161AbiCGIcL (ORCPT ); Mon, 7 Mar 2022 03:32:11 -0500 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B991562A0D for ; Mon, 7 Mar 2022 00:31:17 -0800 (PST) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id 6AAB61F38E; Mon, 7 Mar 2022 08:31:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1646641876; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ODYQkIzrW67UKhaDilLjCn994IjpCUyWTB8wXc1WOVc=; b=ol+gn0so01KDiKkfiN/jbU72CMraXTJlZEckaq2G2FwP6WQ6AHPkFBd7jefHSTpfN/Ev8i eesiSMTcK22H6gMsj7v/w99PS2IXLTbMTVg+JQHBxp9bDMI2Fvs7t2eN/vNdUNt60IRGkc +/T7iZrjEq/nSU6XQwMGFqW9NS6nNIc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1646641876; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ODYQkIzrW67UKhaDilLjCn994IjpCUyWTB8wXc1WOVc=; b=wd0H1WotfzzbWJfNNy4pFPQkwBF3B0QuaXDa+aP8hz1Xtk+gen6jzXRHvdpTr0y1THZYLv IPaYpuuy8V8DWUCg== Received: from alsa1.suse.de (alsa1.suse.de [10.160.4.42]) by relay2.suse.de (Postfix) with ESMTP id 5880BA3B8A; Mon, 7 Mar 2022 08:31:16 +0000 (UTC) Date: Mon, 07 Mar 2022 09:31:16 +0100 Message-ID: From: Takashi Iwai To: Hillf Danton Cc: syzbot , alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, tiwai@suse.com Subject: Re: [syzbot] possible deadlock in snd_timer_interrupt (2) In-Reply-To: <20220307080520.3199-1-hdanton@sina.com> References: <00000000000048c71405d96594c7@google.com> <20220307080520.3199-1-hdanton@sina.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 07 Mar 2022 09:05:20 +0100, Hillf Danton wrote: > > Walk around the deadlock by trying to lock tasklist_lock for write on > timer irq and scheduling workqueue work if any lock owner detected. Oh no, that's toooo ugly. And the problem isn't only here; take a look at commits f671a691e299 and 2f488f698fda. There are other users of kill_fasync() with the hard-IRQ disabled, too. So, IMO, the handling of tasklist_lock around kill_fasync() looks broken and the fix should be needed there (or other core part), instead of messing round each caller's code. thanks, Takashi > > Only for thoughts now. > > Hillf > > #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ 38f80f42147f > > --- x/sound/core/timer.c > +++ y/sound/core/timer.c > @@ -916,7 +916,14 @@ void snd_timer_interrupt(struct snd_time > } > > /* now process all fast callbacks */ > - snd_timer_process_callbacks(timer, &timer->ack_list_head); > + if (write_trylock(&tasklist_lock)) { > + write_unlock(&tasklist_lock); > + snd_timer_process_callbacks(timer, &timer->ack_list_head); > + } else { > + /* go the slow path to avoid deadlock by calling kill_fasync() */ > + list_splice_init(&timer->ack_list_head, > + &timer->sack_list_head); > + } > > /* do we have any slow callbacks? */ > use_work = !list_empty(&timer->sack_list_head); > -- >