| Message ID | 20241229185232.GA1977892@ZenIV (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | fix remaining descriptor races in sound/core/compress_offload.c | expand |
On Sun, 29 Dec 2024 19:52:32 +0100, Al Viro wrote: > > 3d3f43fab4cf "ALSA: compress_offload: improve file descriptors installation for dma-buf" > fixed some of descriptor races in snd_compr_task_new(), but there's a couple more left. > > We need to grab the references to dmabuf before moving them into descriptor table - > trying to do that by descriptor afterwards might end up getting a different object, > with a dangling reference left in task->{input,output} > > Fixes: 3d3f43fab4cf "ALSA: compress_offload: improve file descriptors installation for dma-buf" > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Applied now. Thanks! Takashi
diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index edf5aadf38e5..543c7f525f84 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -1053,13 +1053,13 @@ static int snd_compr_task_new(struct snd_compr_stream *stream, struct snd_compr_ put_unused_fd(fd_i); goto cleanup; } + /* keep dmabuf reference until freed with task free ioctl */ + get_dma_buf(task->input); + get_dma_buf(task->output); fd_install(fd_i, task->input->file); fd_install(fd_o, task->output->file); utask->input_fd = fd_i; utask->output_fd = fd_o; - /* keep dmabuf reference until freed with task free ioctl */ - dma_buf_get(utask->input_fd); - dma_buf_get(utask->output_fd); list_add_tail(&task->list, &stream->runtime->tasks); stream->runtime->total_tasks++; return 0;
3d3f43fab4cf "ALSA: compress_offload: improve file descriptors installation for dma-buf" fixed some of descriptor races in snd_compr_task_new(), but there's a couple more left. We need to grab the references to dmabuf before moving them into descriptor table - trying to do that by descriptor afterwards might end up getting a different object, with a dangling reference left in task->{input,output} Fixes: 3d3f43fab4cf "ALSA: compress_offload: improve file descriptors installation for dma-buf" Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> ---