* Patch "ALSA: timer: Fix negative queue usage by racy accesses" has been added to the 4.6-stable tree
@ 2016-07-25 0:31 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-07-25 0:31 UTC (permalink / raw)
To: tiwai, gregkh; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
ALSA: timer: Fix negative queue usage by racy accesses
to the 4.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
alsa-timer-fix-negative-queue-usage-by-racy-accesses.patch
and it can be found in the queue-4.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 3fa6993fef634e05d200d141a85df0b044572364 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: Mon, 4 Jul 2016 14:02:15 +0200
Subject: ALSA: timer: Fix negative queue usage by racy accesses
From: Takashi Iwai <tiwai@suse.de>
commit 3fa6993fef634e05d200d141a85df0b044572364 upstream.
The user timer tu->qused counter may go to a negative value when
multiple concurrent reads are performed since both the check and the
decrement of tu->qused are done in two individual locked contexts.
This results in bogus read outs, and the endless loop in the
user-space side.
The fix is to move the decrement of the tu->qused counter into the
same spinlock context as the zero-check of the counter.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/timer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -1954,6 +1954,7 @@ static ssize_t snd_timer_user_read(struc
qhead = tu->qhead++;
tu->qhead %= tu->queue_size;
+ tu->qused--;
spin_unlock_irq(&tu->qlock);
if (tu->tread) {
@@ -1967,7 +1968,6 @@ static ssize_t snd_timer_user_read(struc
}
spin_lock_irq(&tu->qlock);
- tu->qused--;
if (err < 0)
goto _error;
result += unit;
Patches currently in stable-queue which might be from tiwai@suse.de are
queue-4.6/alsa-hda-fix-the-headset-mic-jack-detection-on-dell-machine.patch
queue-4.6/alsa-ctl-stop-notification-after-disconnection.patch
queue-4.6/alsa-dummy-fix-a-use-after-free-at-closing.patch
queue-4.6/alsa-timer-fix-negative-queue-usage-by-racy-accesses.patch
queue-4.6/alsa-hda-fix-use-after-free-after-module-unload.patch
queue-4.6/alsa-hda-realtek-add-new-pin-definition-in-alc225-pin-quirk-table.patch
queue-4.6/alsa-hdac_regmap-fix-the-register-access-for-runtime-pm.patch
queue-4.6/alsa-hda-add-pci-id-for-kabylake-h.patch
queue-4.6/alsa-usb-audio-fix-quirks-code-is-not-called.patch
queue-4.6/alsa-pcm-free-chmap-at-pcm-free-callback-too.patch
queue-4.6/alsa-au88x0-fix-calculation-in-vortex_wtdma_bufshift.patch
queue-4.6/alsa-hda-realtek-add-lenovo-l460-to-docking-unit-fixup.patch
queue-4.6/alsa-echoaudio-fix-memory-allocation.patch
queue-4.6/alsa-hda-realtek-add-two-more-thinkpad-ids-5050-5053-for-tpt460-fixup.patch
queue-4.6/alsa-hda-fix-read-before-array-start.patch
queue-4.6/alsa-hda-add-amd-stoney-pci-id-with-proper-driver-caps.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-07-25 0:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-07-25 0:31 Patch "ALSA: timer: Fix negative queue usage by racy accesses" has been added to the 4.6-stable tree gregkh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.