summaryrefslogtreecommitdiffstats
path: root/sound/hda
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2018-03-09 22:23:31 +0100
committerTakashi Iwai <tiwai@suse.de>2018-03-10 17:30:01 +0100
commita2ff19f7b70118ced291a28d5313469914de451b (patch)
treec298a34bc11603591b75e30f9b105187d0735471 /sound/hda
parentALSA: seq: Fix possible UAF in snd_seq_check_queue() (diff)
downloadlinux-a2ff19f7b70118ced291a28d5313469914de451b.tar.xz
linux-a2ff19f7b70118ced291a28d5313469914de451b.zip
ALSA: seq: Clear client entry before deleting else at closing
When releasing a client, we need to clear the clienttab[] entry at first, then call snd_seq_queue_client_leave(). Otherwise, the in-flight cell in the queue might be picked up by the timer interrupt via snd_seq_check_queue() before calling snd_seq_queue_client_leave(), and it's delivered to another queue while the client is clearing queues. This may eventually result in an uncleared cell remaining in a queue, and the later snd_seq_pool_delete() may need to wait for a long time until the event gets really processed. By moving the clienttab[] clearance at the beginning of release, any event delivery of a cell belonging to this client will fail at a later point, since snd_seq_client_ptr() returns NULL. Thus the cell that was picked up by the timer interrupt will be returned immediately without further delivery, and the long stall of snd_seq_delete_pool() can be avoided, too. Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
Diffstat (limited to 'sound/hda')
0 files changed, 0 insertions, 0 deletions