From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
"Steven Rostedt (Google)" <rostedt@goodmis.org>,
Guenter Roeck <linux@roeck-us.net>, Takashi Iwai <tiwai@suse.de>
Subject: [PATCH 4.9 10/44] ALSA: Use del_timer_sync() before freeing timer
Date: Wed, 2 Nov 2022 03:34:56 +0100 [thread overview]
Message-ID: <20221102022049.390565517@linuxfoundation.org> (raw)
In-Reply-To: <20221102022049.017479464@linuxfoundation.org>
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit f0a868788fcbf63cdab51f5adcf73b271ede8164 upstream.
The current code for freeing the emux timer is extremely dangerous:
CPU0 CPU1
---- ----
snd_emux_timer_callback()
snd_emux_free()
spin_lock(&emu->voice_lock)
del_timer(&emu->tlist); <-- returns immediately
spin_unlock(&emu->voice_lock);
[..]
kfree(emu);
spin_lock(&emu->voice_lock);
[BOOM!]
Instead just use del_timer_sync() which will wait for the timer to finish
before continuing. No need to check if the timer is active or not when
doing so.
This doesn't fix the race of a possible re-arming of the timer, but at
least it won't use the data that has just been freed.
[ Fixed unused variable warning by tiwai ]
Cc: stable@vger.kernel.org
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20221026231236.6834b551@gandalf.local.home
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/synth/emux/emux.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
--- a/sound/synth/emux/emux.c
+++ b/sound/synth/emux/emux.c
@@ -138,15 +138,10 @@ EXPORT_SYMBOL(snd_emux_register);
*/
int snd_emux_free(struct snd_emux *emu)
{
- unsigned long flags;
-
if (! emu)
return -EINVAL;
- spin_lock_irqsave(&emu->voice_lock, flags);
- if (emu->timer_active)
- del_timer(&emu->tlist);
- spin_unlock_irqrestore(&emu->voice_lock, flags);
+ del_timer_sync(&emu->tlist);
snd_emux_proc_free(emu);
snd_emux_delete_virmidi(emu);
next prev parent reply other threads:[~2022-11-02 3:43 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-02 2:34 [PATCH 4.9 00/44] 4.9.332-rc1 review Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 01/44] ocfs2: clear dinode links count in case of error Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 02/44] ocfs2: fix BUG when iput after ocfs2_mknod fails Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 03/44] ata: ahci-imx: Fix MODULE_ALIAS Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 04/44] ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 05/44] arm64: errata: Remove AES hwcap for COMPAT tasks Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 06/44] HID: magicmouse: Do not set BTN_MOUSE on double report Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 07/44] net/atm: fix proc_mpc_write incorrect return value Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 08/44] net: hns: fix possible memory leak in hnae_ae_register() Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 09/44] [PATCH v3] ACPI: video: Force backlight native for more TongFang devices Greg Kroah-Hartman
2022-11-02 2:34 ` Greg Kroah-Hartman [this message]
2022-11-02 2:34 ` [PATCH 4.9 11/44] ALSA: au88x0: use explicitly signed char Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 12/44] USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 13/44] usb: bdc: change state when port disconnected Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 14/44] xhci: Remove device endpoints from bandwidth list when freeing the device Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 15/44] tools: iio: iio_utils: fix digit calculation Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 16/44] fbdev: smscufx: Fix several use-after-free bugs Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 17/44] mac802154: Fix LQI recording Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 18/44] drm/msm/hdmi: fix memory corruption with too many bridges Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 19/44] mmc: core: Fix kernel panic when remove non-standard SDIO card Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 20/44] kernfs: fix use-after-free in __kernfs_remove Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 21/44] s390/futex: add missing EX_TABLE entry to __futex_atomic_op() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 22/44] Xen/gntdev: dont ignore kernel unmapping error Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 23/44] xen/gntdev: Prevent leaking grants Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 24/44] mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 25/44] net: ieee802154: fix error return code in dgram_bind() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 26/44] drm/msm: Fix return type of mdp4_lvds_connector_mode_valid Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 27/44] arc: iounmap() arg is volatile Greg Kroah-Hartman
2022-11-02 2:35 ` Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 28/44] ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 29/44] kcm: annotate data-races around kcm->rx_psock Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 30/44] kcm: annotate data-races around kcm->rx_wait Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 31/44] net: lantiq_etop: dont free skb when returning NETDEV_TX_BUSY Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 32/44] tcp: fix indefinite deferral of RTO with SACK reneging Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 33/44] can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 34/44] media: vivid: s_fbuf: add more sanity checks Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 35/44] media: vivid: dev->bitmap_cap wasnt freed in all cases Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 36/44] media: v4l2-dv-timings: add sanity checks for blanking values Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 37/44] media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check interlaced Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 38/44] i40e: Fix ethtool rx-flow-hash setting for X722 Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 39/44] net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 40/44] ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 41/44] ALSA: aoa: Fix I2S device accounting Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 42/44] openvswitch: switch from WARN to pr_warn Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 43/44] net: ehea: fix possible memory leak in ehea_register_port() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 44/44] can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive Greg Kroah-Hartman
2022-11-02 10:07 ` [PATCH 4.9 00/44] 4.9.332-rc1 review Jon Hunter
2022-11-02 17:21 ` Pavel Machek
2022-11-02 17:32 ` Florian Fainelli
2022-11-02 20:44 ` Guenter Roeck
2022-11-03 11:59 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221102022049.390565517@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux@roeck-us.net \
--cc=patches@lists.linux.dev \
--cc=rostedt@goodmis.org \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.