]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit
projects / mirror_ubuntu-zesty-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b8c4097) | patch
ALSA: seq: Fix link corruption by event error handling
authorTakashi Iwai <tiwai@suse.de>
Tue, 28 Feb 2017 21:15:51 +0000 (22:15 +0100)
committerThadeu Lima de Souza Cascardo <cascardo@canonical.com>
Thu, 6 Apr 2017 08:20:51 +0000 (09:20 +0100)
commitf28973811c2c54509b5f190d8fb89d992db27ba6
treec5ff83cac4d16b2e1b5a97886183e5fa729d080etree
parentb8c409786fd8ac60c634f2a429f2d67d858edc0ccommit | diff
ALSA: seq: Fix link corruption by event error handling

BugLink: http://bugs.launchpad.net/bugs/1673538
commit f3ac9f737603da80c2da3e84b89e74429836bb6d upstream.

The sequencer FIFO management has a bug that may lead to a corruption
(shortage) of the cell linked list.  When a sequencer client faces an
error at the event delivery, it tries to put back the dequeued cell.
When the first queue was put back, this forgot the tail pointer
tracking, and the link will be screwed up.

Although there is no memory corruption, the sequencer client may stall
forever at exit while flushing the pending FIFO cells in
snd_seq_pool_done(), as spotted by syzkaller.

This patch addresses the missing tail pointer tracking at
snd_seq_fifo_cell_putback().  Also the patch makes sure to clear the
cell->enxt pointer at snd_seq_fifo_event_in() for avoiding a similar
mess-up of the FIFO linked list.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
sound/core/seq/seq_fifo.c diff | blob | blame | history
ubuntu-zesty-kernel mirror