linux/sound/core/seq
Takashi Iwai c520ff3d03 ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
When snd_seq_pool_done() is called, it marks the closing flag to
refuse the further cell insertions.  But snd_seq_pool_done() itself
doesn't clear the cells but just waits until all cells are cleared by
the caller side.  That is, it's racy, and this leads to the endless
stall as syzkaller spotted.

This patch addresses the racy by splitting the setup of pool->closing
flag out of snd_seq_pool_done(), and calling it properly before
snd_seq_pool_done().

BugLink: http://lkml.kernel.org/r/CACT4Y+aqqy8bZA1fFieifNxR2fAfFQQABcBHj801+u5ePV0URw@mail.gmail.com
Reported-and-tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-03-21 14:01:10 +01:00
..
oss sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
Kconfig
Makefile ALSA: core: Fix randconfig build wrt CONFIG_PROC_FS 2015-05-29 07:21:02 +02:00
seq_clientmgr.c ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() 2017-03-21 14:01:10 +01:00
seq_clientmgr.h ALSA: seq: Provide card number / PID via sequencer client info 2016-03-08 10:52:52 +01:00
seq_compat.c ALSA: seq: fix passing wrong pointer in function call of compatibility layer 2016-10-12 20:09:36 +02:00
seq_device.c ALSA: core: Fix randconfig build wrt CONFIG_PROC_FS 2015-05-29 07:21:02 +02:00
seq_dummy.c ALSA: seq: Drop snd_seq_autoload_lock() and _unlock() 2015-02-12 14:42:31 +01:00
seq_fifo.c ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() 2017-03-21 14:01:10 +01:00
seq_fifo.h
seq_info.c ALSA: core: Build conditionally and remove superfluous ifdefs 2015-04-24 17:31:07 +02:00
seq_info.h ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
seq_lock.c ALSA: seq: Use standard printk helpers 2014-02-14 08:14:18 +01:00
seq_lock.h
seq_memory.c ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() 2017-03-21 14:01:10 +01:00
seq_memory.h ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() 2017-03-21 14:01:10 +01:00
seq_midi_emul.c ALSA: seq: potential out of bounds in do_control() 2015-02-12 11:07:48 +01:00
seq_midi_event.c
seq_midi.c ALSA: seq: Drop snd_seq_autoload_lock() and _unlock() 2015-02-12 14:42:31 +01:00
seq_ports.c ALSA: seq: Fix double port list deletion 2016-02-16 14:37:19 +01:00
seq_ports.h ALSA: seq: remove unused callback_all field 2015-01-26 13:56:58 +01:00
seq_prioq.c ALSA: seq: Drop superfluous error/debug messages after malloc failures 2015-03-10 15:41:18 +01:00
seq_prioq.h
seq_queue.c ALSA: seq: Fix race at creating a queue 2017-02-08 12:42:37 +01:00
seq_queue.h
seq_system.c
seq_system.h
seq_timer.c ALSA: seq: Fix time account regression 2016-10-25 16:00:46 +02:00
seq_timer.h ALSA: seq_timer: use monotonic times internally 2016-06-17 22:56:13 +02:00
seq_virmidi.c ALSA: seq: Constify snd_rawmidi_ops 2017-01-12 12:49:55 +01:00
seq.c ALSA: timer: remove legacy rtctimer 2016-04-25 10:41:46 +02:00