git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit

author	Takashi Iwai <tiwai@suse.de>
	Tue, 21 Mar 2017 12:56:04 +0000 (13:56 +0100)
committer	Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
	Thu, 6 Apr 2017 08:25:05 +0000 (09:25 +0100)
commit	4dfc23df8b9881a17a2af2aa410b9965b73b0dc8
tree	a11c5b9363c09f3a7154fcd3b168a6f6fafbf322	tree
parent	97b0f82d4ae84575d2f5a1a282d8470c2c9a1d84	commit \| diff

ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()

BugLink: http://bugs.launchpad.net/bugs/1677600
commit c520ff3d03f0b5db7146d9beed6373ad5d2a5e0e upstream.

When snd_seq_pool_done() is called, it marks the closing flag to
refuse the further cell insertions. But snd_seq_pool_done() itself
doesn't clear the cells but just waits until all cells are cleared by
the caller side. That is, it's racy, and this leads to the endless
stall as syzkaller spotted.

This patch addresses the racy by splitting the setup of pool->closing
flag out of snd_seq_pool_done(), and calling it properly before
snd_seq_pool_done().

BugLink: http://lkml.kernel.org/r/CACT4Y+aqqy8bZA1fFieifNxR2fAfFQQABcBHj801+u5ePV0URw@mail.gmail.com
Reported-and-tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

sound/core/seq/seq_clientmgr.c		diff \| blob \| blame \| history
sound/core/seq/seq_fifo.c		diff \| blob \| blame \| history
sound/core/seq/seq_memory.c		diff \| blob \| blame \| history
sound/core/seq/seq_memory.h		diff \| blob \| blame \| history