• Takashi Iwai's avatar
    ALSA: seq: Fix link corruption by event error handling · f3ac9f73
    Takashi Iwai authored
    The sequencer FIFO management has a bug that may lead to a corruption
    (shortage) of the cell linked list.  When a sequencer client faces an
    error at the event delivery, it tries to put back the dequeued cell.
    When the first queue was put back, this forgot the tail pointer
    tracking, and the link will be screwed up.
    
    Although there is no memory corruption, the sequencer client may stall
    forever at exit while flushing the pending FIFO cells in
    snd_seq_pool_done(), as spotted by syzkaller.
    
    This patch addresses the missing tail pointer tracking at
    snd_seq_fifo_cell_putback().  Also the patch makes sure to clear the
    cell->enxt pointer at snd_seq_fifo_event_in() for avoiding a similar
    mess-up of the FIFO linked list.
    Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
    f3ac9f73
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...