[Qemu-commits] [qemu/qemu] eb1a35: coreaudio: Lock only the buffer

Mon, 28 Jun 2021 01:27:24 -0700 

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: eb1a35e47aff9bda70d74874241e7966f800f4e3
      
https://github.com/qemu/qemu/commit/eb1a35e47aff9bda70d74874241e7966f800f4e3
  Author: Akihiko Odaki <akihiko.od...@gmail.com>
  Date:   2021-06-23 (Wed, 23 Jun 2021)

  Changed paths:
    M audio/coreaudio.c

  Log Message:
  -----------
  coreaudio: Lock only the buffer

On macOS 11.3.1, Core Audio calls AudioDeviceIOProc after calling an
internal function named HALB_Mutex::Lock(), which locks a mutex in
HALB_IOThread::Entry(void*). HALB_Mutex::Lock() is also called in
AudioObjectGetPropertyData, which is called by coreaudio driver.
Therefore, a deadlock will occur if coreaudio driver calls
AudioObjectGetPropertyData while holding a lock for a mutex and tries
to lock the same mutex in AudioDeviceIOProc.

audioDeviceIOProc, which implements AudioDeviceIOProc in coreaudio
driver, requires an exclusive access for the device configuration and
the buffer. Fortunately, a mutex is necessary only for the buffer in
audioDeviceIOProc because a change for the device configuration occurs
only before setting up AudioDeviceIOProc or after stopping the playback
with AudioDeviceStop.

With this change, the mutex owned by the driver will only be used for
the buffer, and the device configuration change will be protected with
the implicit iothread mutex.

Signed-off-by: Akihiko Odaki <akihiko.od...@gmail.com>
Message-id: 20210622201740.38005-1-akihiko.od...@gmail.com
Message-Id: <20210622201740.38005-1-akihiko.od...@gmail.com>
Signed-off-by: Gerd Hoffmann <kra...@redhat.com>


  Commit: 60e543f5ce46d4a90a95963b3bab5c7d13a2aaa9
      
https://github.com/qemu/qemu/commit/60e543f5ce46d4a90a95963b3bab5c7d13a2aaa9
  Author: Qiang Liu <cyruscy...@gmail.com>
  Date:   2021-06-24 (Thu, 24 Jun 2021)

  Changed paths:
    M hw/audio/sb16.c
    M tests/qtest/fuzz-sb16-test.c

  Log Message:
  -----------
  hw/audio/sb16: Restrict I/O sampling rate range for command 41h/42h

The I/O sampling rate range is enforced to 5000 to 45000HZ according to
commit a2cd86a9. Setting I/O sampling rate with command 41h/42h, a guest
user can break this assumption and trigger an assertion in audio_calloc
via command 0xd4. This patch restricts the I/O sampling rate range for
command 41h/42h.

Fixes: 85571bc7415 ("audio merge (malc)")
Signed-off-by: Qiang Liu <cyruscy...@gmail.com>
Message-Id: <1624502687-5214-1-git-send-email-cyruscy...@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Signed-off-by: Gerd Hoffmann <kra...@redhat.com>


  Commit: 5d2d18ae395f40c6df016229ed9d659cd12375db
      
https://github.com/qemu/qemu/commit/5d2d18ae395f40c6df016229ed9d659cd12375db
  Author: Peter Maydell <peter.mayd...@linaro.org>
  Date:   2021-06-25 (Fri, 25 Jun 2021)

  Changed paths:
    M audio/coreaudio.c
    M hw/audio/sb16.c
    M tests/qtest/fuzz-sb16-test.c

  Log Message:
  -----------
  Merge remote-tracking branch 
'remotes/kraxel/tags/audio-20210624-pull-request' into staging

audio: bugfixes

# gpg: Signature made Thu 24 Jun 2021 13:16:16 BST
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kra...@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <g...@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kra...@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20210624-pull-request:
  hw/audio/sb16: Restrict I/O sampling rate range for command 41h/42h
  coreaudio: Lock only the buffer

Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>


Compare: https://github.com/qemu/qemu/compare/e3955ae93f51...5d2d18ae395f

Reply via email to