From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Takashi Iwai <tiwai@suse.de>
Subject: [PATCH 3.18 23/46] ALSA: aloop: Release cable upon open error path
Date: Mon, 15 Jan 2018 13:33:31 +0100 [thread overview]
Message-ID: <20180115123330.104956344@linuxfoundation.org> (raw)
In-Reply-To: <20180115123327.303455538@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 9685347aa0a5c2869058ca6ab79fd8e93084a67f upstream.
The aloop runtime object and its assignment in the cable are left even
when opening a substream fails. This doesn't mean any memory leak,
but it still keeps the invalid pointer that may be referred by the
another side of the cable spontaneously, which is a potential Oops
cause.
Clean up the cable assignment and the empty cable upon the error path
properly.
Fixes: 597603d615d2 ("ALSA: introduce the snd-aloop module for the PCM loopback")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/drivers/aloop.c | 38 +++++++++++++++++++++++++-------------
1 file changed, 25 insertions(+), 13 deletions(-)
--- a/sound/drivers/aloop.c
+++ b/sound/drivers/aloop.c
@@ -659,12 +659,31 @@ static int rule_channels(struct snd_pcm_
return snd_interval_refine(hw_param_interval(params, rule->var), &t);
}
+static void free_cable(struct snd_pcm_substream *substream)
+{
+ struct loopback *loopback = substream->private_data;
+ int dev = get_cable_index(substream);
+ struct loopback_cable *cable;
+
+ cable = loopback->cables[substream->number][dev];
+ if (!cable)
+ return;
+ if (cable->streams[!substream->stream]) {
+ /* other stream is still alive */
+ cable->streams[substream->stream] = NULL;
+ } else {
+ /* free the cable */
+ loopback->cables[substream->number][dev] = NULL;
+ kfree(cable);
+ }
+}
+
static int loopback_open(struct snd_pcm_substream *substream)
{
struct snd_pcm_runtime *runtime = substream->runtime;
struct loopback *loopback = substream->private_data;
struct loopback_pcm *dpcm;
- struct loopback_cable *cable;
+ struct loopback_cable *cable = NULL;
int err = 0;
int dev = get_cable_index(substream);
@@ -683,7 +702,6 @@ static int loopback_open(struct snd_pcm_
if (!cable) {
cable = kzalloc(sizeof(*cable), GFP_KERNEL);
if (!cable) {
- kfree(dpcm);
err = -ENOMEM;
goto unlock;
}
@@ -725,6 +743,10 @@ static int loopback_open(struct snd_pcm_
else
runtime->hw = cable->hw;
unlock:
+ if (err < 0) {
+ free_cable(substream);
+ kfree(dpcm);
+ }
mutex_unlock(&loopback->cable_lock);
return err;
}
@@ -733,20 +755,10 @@ static int loopback_close(struct snd_pcm
{
struct loopback *loopback = substream->private_data;
struct loopback_pcm *dpcm = substream->runtime->private_data;
- struct loopback_cable *cable;
- int dev = get_cable_index(substream);
loopback_timer_stop(dpcm);
mutex_lock(&loopback->cable_lock);
- cable = loopback->cables[substream->number][dev];
- if (cable->streams[!substream->stream]) {
- /* other stream is still alive */
- cable->streams[substream->stream] = NULL;
- } else {
- /* free the cable */
- loopback->cables[substream->number][dev] = NULL;
- kfree(cable);
- }
+ free_cable(substream);
mutex_unlock(&loopback->cable_lock);
return 0;
}
next prev parent reply other threads:[~2018-01-15 14:28 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-15 12:33 [PATCH 3.18 00/46] 3.18.92-stable review Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 01/46] kernel/acct.c: fix the acct->needcheck check in check_free_space() Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 02/46] crypto: n2 - cure use after free Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 03/46] fscache: Fix the default for fscache_maybe_release_page() Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 04/46] kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 05/46] kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 06/46] kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 07/46] Input: elantech - add new icbody type 15 Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 08/46] can: gs_usb: fix return value of the "set_bittiming" callback Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 09/46] IB/srpt: Disable RDMA access by the initiator Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 10/46] MIPS: Factor out NT_PRFPREG regset access helpers Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 11/46] MIPS: Guard against any partial write attempt with PTRACE_SETREGSET Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 12/46] MIPS: Consistently handle buffer counter " Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 13/46] MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 14/46] MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 15/46] MIPS: Also verify sizeof `elf_fpreg_t with PTRACE_SETREGSET Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 16/46] perf/core: Fix concurrent sys_perf_event_open() vs. move_group race Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 17/46] kvm: vmx: Scrub hardware GPRs at VM-exit Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 18/46] x86/acpi: Handle SCI interrupts above legacy space gracefully Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 19/46] ALSA: pcm: Remove incorrect snd_BUG_ON() usages Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 20/46] ALSA: pcm: Add missing error checks in OSS emulation plugin builder Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 21/46] ALSA: pcm: Abort properly at pending signal in OSS read/write loops Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 22/46] ALSA: pcm: Allow aborting mutex lock at " Greg Kroah-Hartman
2018-01-15 12:33 ` Greg Kroah-Hartman [this message]
2018-01-15 12:33 ` [PATCH 3.18 24/46] ALSA: aloop: Fix inconsistent format due to incomplete rule Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 25/46] ALSA: aloop: Fix racy hw constraints adjustment Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 26/46] x86/acpi: Reduce code duplication in mp_override_legacy_irq() Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 27/46] 8021q: fix a memory leak for VLAN 0 device Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 28/46] RDS: Heap OOB write in rds_message_alloc_sgs() Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 29/46] RDS: null pointer dereference in rds_atomic_free_op Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 30/46] sh_eth: fix TSU resource handling Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 31/46] sh_eth: fix SH7757 GEther initialization Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 32/46] net: stmmac: enable EEE in MII, GMII or RGMII only Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 33/46] crypto: algapi - fix NULL dereference in crypto_remove_spawns() Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 34/46] x86/microcode/intel: Extend BDW late-loading with a revision check Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 35/46] iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 36/46] target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 37/46] [PATCH] Revert "can: kvaser_usb: free buf in error paths" Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 38/46] USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 39/46] USB: serial: cp210x: add new device ID ELV ALC 8xxx Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 40/46] usb: misc: usb3503: make sure reset is low for at least 100us Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 41/46] USB: fix usbmon BUG trigger Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 42/46] usbip: remove kernel addresses from usb device and urb debug msgs Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 43/46] staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 44/46] Bluetooth: Prevent stack info leak from the EFS element Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 45/46] uas: ignore UAS for Norelsys NS1068(X) chips Greg Kroah-Hartman
2018-01-15 12:33 ` [PATCH 3.18 46/46] e1000e: Fix e1000_check_for_copper_link_ich8lan return value Greg Kroah-Hartman
2018-01-15 16:28 ` [PATCH 3.18 00/46] 3.18.92-stable review kernelci.org bot
2018-01-16 14:28 ` Guenter Roeck
2018-01-16 20:31 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180115123330.104956344@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.