* Patch "ALSA: timer: Fix negative queue usage by racy accesses" has been added to the 4.4-stable tree
@ 2016-07-25 0:29 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-07-25 0:29 UTC (permalink / raw)
To: tiwai, gregkh; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
ALSA: timer: Fix negative queue usage by racy accesses
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
alsa-timer-fix-negative-queue-usage-by-racy-accesses.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 3fa6993fef634e05d200d141a85df0b044572364 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: Mon, 4 Jul 2016 14:02:15 +0200
Subject: ALSA: timer: Fix negative queue usage by racy accesses
From: Takashi Iwai <tiwai@suse.de>
commit 3fa6993fef634e05d200d141a85df0b044572364 upstream.
The user timer tu->qused counter may go to a negative value when
multiple concurrent reads are performed since both the check and the
decrement of tu->qused are done in two individual locked contexts.
This results in bogus read outs, and the endless loop in the
user-space side.
The fix is to move the decrement of the tu->qused counter into the
same spinlock context as the zero-check of the counter.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/timer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -1961,6 +1961,7 @@ static ssize_t snd_timer_user_read(struc
qhead = tu->qhead++;
tu->qhead %= tu->queue_size;
+ tu->qused--;
spin_unlock_irq(&tu->qlock);
if (tu->tread) {
@@ -1974,7 +1975,6 @@ static ssize_t snd_timer_user_read(struc
}
spin_lock_irq(&tu->qlock);
- tu->qused--;
if (err < 0)
goto _error;
result += unit;
Patches currently in stable-queue which might be from tiwai@suse.de are
queue-4.4/alsa-hda-fix-the-headset-mic-jack-detection-on-dell-machine.patch
queue-4.4/alsa-ctl-stop-notification-after-disconnection.patch
queue-4.4/alsa-dummy-fix-a-use-after-free-at-closing.patch
queue-4.4/alsa-timer-fix-negative-queue-usage-by-racy-accesses.patch
queue-4.4/alsa-hda-fix-use-after-free-after-module-unload.patch
queue-4.4/alsa-hda-realtek-add-new-pin-definition-in-alc225-pin-quirk-table.patch
queue-4.4/alsa-hda-add-pci-id-for-kabylake-h.patch
queue-4.4/alsa-pcm-free-chmap-at-pcm-free-callback-too.patch
queue-4.4/alsa-au88x0-fix-calculation-in-vortex_wtdma_bufshift.patch
queue-4.4/alsa-hda-realtek-add-lenovo-l460-to-docking-unit-fixup.patch
queue-4.4/alsa-echoaudio-fix-memory-allocation.patch
queue-4.4/alsa-hda-realtek-add-two-more-thinkpad-ids-5050-5053-for-tpt460-fixup.patch
queue-4.4/alsa-hda-fix-read-before-array-start.patch
queue-4.4/alsa-hda-add-amd-stoney-pci-id-with-proper-driver-caps.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-07-25 0:29 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-07-25 0:29 Patch "ALSA: timer: Fix negative queue usage by racy accesses" has been added to the 4.4-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).