www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Takashi Iwai <tiwai@suse.de>
	Sat, 30 Jan 2016 22:30:25 +0000 (23:30 +0100)
committer	Chuck Anderson <chuck.anderson@oracle.com>
	Thu, 26 May 2016 22:44:40 +0000 (15:44 -0700)
commit	2ec8196324ec2d9bfdc9c6e86c068045f21bb7c6
tree	1dab416247459ab744bf3a972a3eca4c49af7652	tree
parent	9d787b739e891982a08011786a389051c6dc2a52	commit \| diff

ALSA: seq: Fix yet another races among ALSA timer accesses

Orabug: 23330802

[ Upstream commit 2cdc7b636d55cbcf42e1e6c8accd85e62d3e9ae8 ]

ALSA sequencer may open/close and control ALSA timer instance
dynamically either via sequencer events or direct ioctls. These are
done mostly asynchronously, and it may call still some timer action
like snd_timer_start() while another is calling snd_timer_close().
Since the instance gets removed by snd_timer_close(), it may lead to
a use-after-free.

This patch tries to address such a race by protecting each
snd_timer_*() call via the existing spinlock and also by avoiding the
access to timer during close call.

BugLink: http://lkml.kernel.org/r/CACT4Y+Z6RzW5MBr-HUdV-8zwg71WQfKTdPpYGvOeS7v4cyurNQ@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
(cherry picked from commit b55a0342e88343fbca10e8a1ac5f6aa1c001f40f)

Signed-off-by: Dan Duval <dan.duval@oracle.com>