Re: [syzbot] [sound?] possible deadlock in snd_pcm_period_elapsed (4)

From: Hillf Danton
Date: Sat Mar 16 2024 - 01:40:21 EST


#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

--- x/sound/core/timer.c
+++ y/sound/core/timer.c
@@ -409,8 +409,9 @@ static void snd_timer_close_locked(struc
struct snd_timer *timer = timeri->timer;

if (timer) {
- guard(spinlock)(&timer->lock);
+ spin_lock_irq(&timer->lock);
timeri->flags |= SNDRV_TIMER_IFLG_DEAD;
+ spin_unlock_irq(&timer->lock);
}

if (!list_empty(&timeri->open_list)) {
--- x/drivers/virtio/virtio_ring.c
+++ y/drivers/virtio/virtio_ring.c
@@ -316,7 +316,13 @@ static void *vring_alloc_queue(struct vi
return dma_alloc_coherent(dma_dev, size,
dma_handle, flag);
} else {
- void *queue = alloc_pages_exact(PAGE_ALIGN(size), flag);
+ void *queue;
+ unsigned long sz = PAGE_ALIGN(size);
+ unsigned int order = 0;
+
+ while ((PAGE_SIZE << order) < sz)
+ order++;
+ queue = (void *) __get_free_pages(flag, order);

if (queue) {
phys_addr_t phys_addr = virt_to_phys(queue);
@@ -334,7 +340,7 @@ static void *vring_alloc_queue(struct vi
* unrepresentable address.
*/
if (WARN_ON_ONCE(*dma_handle != phys_addr)) {
- free_pages_exact(queue, PAGE_ALIGN(size));
+ free_pages((unsigned long) queue, order);
return NULL;
}
}
@@ -348,8 +354,14 @@ static void vring_free_queue(struct virt
{
if (vring_use_dma_api(vdev))
dma_free_coherent(dma_dev, size, queue, dma_handle);
- else
- free_pages_exact(queue, PAGE_ALIGN(size));
+ else {
+ unsigned long sz = PAGE_ALIGN(size);
+ unsigned int order = 0;
+
+ while ((PAGE_SIZE << order) < sz)
+ order++;
+ free_pages((unsigned long) queue, order);
+ }
}

/*
--- x/mm/debug_vm_pgtable.c
+++ y/mm/debug_vm_pgtable.c
@@ -77,6 +77,7 @@ struct pgtable_debug_args {
pgprot_t page_prot_none;

bool is_contiguous_page;
+ unsigned int ctg_order;
unsigned long pud_pfn;
unsigned long pmd_pfn;
unsigned long pte_pfn;
@@ -1033,7 +1034,8 @@ static void __init destroy_args(struct p
has_transparent_pud_hugepage() &&
args->pud_pfn != ULONG_MAX) {
if (args->is_contiguous_page) {
- free_contig_range(args->pud_pfn,
+ if (args->ctg_order == HPAGE_PUD_SHIFT - PAGE_SHIFT)
+ free_contig_range(args->pud_pfn,
(1 << (HPAGE_PUD_SHIFT - PAGE_SHIFT)));
} else {
page = pfn_to_page(args->pud_pfn);
@@ -1049,7 +1051,8 @@ static void __init destroy_args(struct p
has_transparent_hugepage() &&
args->pmd_pfn != ULONG_MAX) {
if (args->is_contiguous_page) {
- free_contig_range(args->pmd_pfn, (1 << HPAGE_PMD_ORDER));
+ if (args->ctg_order == HPAGE_PMD_ORDER)
+ free_contig_range(args->pmd_pfn, (1 << HPAGE_PMD_ORDER));
} else {
page = pfn_to_page(args->pmd_pfn);
__free_pages(page, HPAGE_PMD_ORDER);
@@ -1104,6 +1107,7 @@ debug_vm_pgtable_alloc_huge_page(struct
first_online_node, NULL);
if (page) {
args->is_contiguous_page = true;
+ args->ctg_order = order;
return page;
}
}
--