diff options
author | Takashi Iwai <tiwai@suse.de> | 2018-03-09 22:23:31 +0100 |
---|---|---|
committer | Takashi Iwai <tiwai@suse.de> | 2018-03-10 17:30:01 +0100 |
commit | a2ff19f7b70118ced291a28d5313469914de451b (patch) | |
tree | c298a34bc11603591b75e30f9b105187d0735471 /sound/ac97/Kconfig | |
parent | ALSA: seq: Fix possible UAF in snd_seq_check_queue() (diff) | |
download | linux-a2ff19f7b70118ced291a28d5313469914de451b.tar.xz linux-a2ff19f7b70118ced291a28d5313469914de451b.zip |
ALSA: seq: Clear client entry before deleting else at closing
When releasing a client, we need to clear the clienttab[] entry at
first, then call snd_seq_queue_client_leave(). Otherwise, the
in-flight cell in the queue might be picked up by the timer interrupt
via snd_seq_check_queue() before calling snd_seq_queue_client_leave(),
and it's delivered to another queue while the client is clearing
queues. This may eventually result in an uncleared cell remaining in
a queue, and the later snd_seq_pool_delete() may need to wait for a
long time until the event gets really processed.
By moving the clienttab[] clearance at the beginning of release, any
event delivery of a cell belonging to this client will fail at a later
point, since snd_seq_client_ptr() returns NULL. Thus the cell that
was picked up by the timer interrupt will be returned immediately
without further delivery, and the long stall of snd_seq_delete_pool()
can be avoided, too.
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Diffstat (limited to 'sound/ac97/Kconfig')
0 files changed, 0 insertions, 0 deletions