From: Jiri Slaby <jslaby@suse.cz>
To: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Takashi Iwai <tiwai@suse.de>,
Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 3.12 15/60] ALSA: timer: Reject user params with too small ticks
Date: Tue, 14 Mar 2017 14:15:06 +0100 [thread overview]
Message-ID: <a1449d26f610373e7c339fde3d21df64f9472b2c.1489497268.git.jslaby@suse.cz> (raw)
In-Reply-To: <d93cf67053e241539a1ef7c30ee8583022bc0e89.1489497268.git.jslaby@suse.cz>
In-Reply-To: <cover.1489497268.git.jslaby@suse.cz>
From: Takashi Iwai <tiwai@suse.de>
3.12-stable review patch. If anyone has any objections, please let me know.
===============
commit 71321eb3f2d0df4e6c327e0b936eec4458a12054 upstream.
When a user sets a too small ticks with a fine-grained timer like
hrtimer, the kernel tries to fire up the timer irq too frequently.
This may lead to the condensed locks, eventually the kernel spinlock
lockup with warnings.
For avoiding such a situation, we define a lower limit of the
resolution, namely 1ms. When the user passes a too small tick value
that results in less than that, the kernel returns -EINVAL now.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
sound/core/timer.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/sound/core/timer.c b/sound/core/timer.c
index e02c36b48630..6629c9ce155c 100644
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -1669,9 +1669,21 @@ static int snd_timer_user_params(struct file *file,
return -EBADFD;
if (copy_from_user(¶ms, _params, sizeof(params)))
return -EFAULT;
- if (!(t->hw.flags & SNDRV_TIMER_HW_SLAVE) && params.ticks < 1) {
- err = -EINVAL;
- goto _end;
+ if (!(t->hw.flags & SNDRV_TIMER_HW_SLAVE)) {
+ u64 resolution;
+
+ if (params.ticks < 1) {
+ err = -EINVAL;
+ goto _end;
+ }
+
+ /* Don't allow resolution less than 1ms */
+ resolution = snd_timer_resolution(tu->timeri);
+ resolution *= params.ticks;
+ if (resolution < 1000000) {
+ err = -EINVAL;
+ goto _end;
+ }
}
if (params.queue_size > 0 &&
(params.queue_size < 32 || params.queue_size > 1024)) {
--
2.12.0
next prev parent reply other threads:[~2017-03-14 13:33 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-14 13:15 [PATCH 3.12 00/60] 3.12.72-stable review Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 01/60] md linear: fix a race between linear_add() and linear_congested() Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 02/60] sctp: deny peeloff operation on asocs with threads sleeping on it Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 03/60] net/sched: em_meta: Fix 'meta vlan' to correctly recognize zero VID frames Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 04/60] perf trace: Use the syscall raw_syscalls:sys_enter timestamp Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 05/60] MIPS: Fix special case in 64 bit IP checksumming Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 06/60] MIPS: OCTEON: Fix copy_from_user fault handling for large buffers Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 07/60] MIPS: Clear ISA bit correctly in get_frame_info() Jiri Slaby
2017-03-14 13:14 ` [PATCH 3.12 08/60] MIPS: Prevent unaligned accesses during stack unwinding Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 09/60] MIPS: Fix get_frame_info() handling of microMIPS function size Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 10/60] MIPS: Fix is_jump_ins() handling of 16b microMIPS instructions Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 11/60] MIPS: Calculate microMIPS ra properly when unwinding the stack Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 12/60] MIPS: Handle microMIPS jumps in the same way as MIPS32/MIPS64 jumps Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 13/60] uvcvideo: Fix a wrong macro Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 14/60] ALSA: hda - fix Lewisburg audio issue Jiri Slaby
2017-03-14 13:15 ` Jiri Slaby [this message]
2017-03-14 13:15 ` [PATCH 3.12 16/60] ALSA: seq: Fix link corruption by event error handling Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 17/60] staging: rtl: fix possible NULL pointer dereference Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 18/60] mm: vmpressure: fix sending wrong events on underflow Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 19/60] ipc/shm: Fix shmat mmap nil-page protection Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 20/60] scsi: storvsc: use tagged SRB requests if supported by the device Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 21/60] scsi: storvsc: properly handle SRB_ERROR when sense message is present Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 22/60] scsi: storvsc: properly set residual data length on errors Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 23/60] scsi: aacraid: Reorder Adapter status check Jiri Slaby
2017-03-14 13:15 ` Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 24/60] sd: get disk reference in sd_check_events() Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 25/60] jbd2: don't leak modified metadata buffers on an aborted journal Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 26/60] ext4: trim allocation requests to group size Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 27/60] ext4: preserve the needs_recovery flag when the journal is aborted Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 28/60] ext4: return EROFS if device is r/o and journal replay is needed Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 29/60] samples/seccomp: fix 64-bit comparison macros Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 30/60] ath5k: drop bogus warning on drv_set_key with unsupported cipher Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 31/60] ath9k: use correct OTP register offsets for the AR9340 and AR9550 Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 32/60] fuse: add missing FR_FORCE Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 33/60] can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 34/60] hv: allocate synic pages for all present CPUs Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 35/60] RDMA/core: Fix incorrect structure packing for booleans Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 36/60] rdma_cm: fail iwarp accepts w/o connection params Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 37/60] NFSv4: Fix memory and state leak in _nfs4_open_and_get_state Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 38/60] NFSv4: fix getacl head length estimation Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 39/60] NFSv4: fix getacl ERANGE for some ACL buffer sizes Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 40/60] bcma: use (get|put)_device when probing/removing device driver Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 41/60] powerpc/xmon: Fix data-breakpoint Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 42/60] MIPS: IP22: Reformat inline assembler code to modern standards Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 43/60] MIPS: IP22: Fix build error due to binutils 2.25 uselessnes Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 44/60] scsi: lpfc: Correct WQ creation for pagesize Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 45/60] TTY: n_hdlc, fix lockdep false positive Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 46/60] tty: n_hdlc: get rid of racy n_hdlc.tbuf Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 47/60] serial: 8250_pci: Add MKS Tenta SCOM-0800 and SCOM-0801 cards Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 48/60] KVM: VMX: use correct vmcs_read/write for guest segment selector/base Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 49/60] Bluetooth: Add another AR3012 04ca:3018 device Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 50/60] s390/qdio: clear DSCI prior to scanning multiple input queues Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 51/60] s390: TASK_SIZE for kernel threads Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 52/60] IB/ipoib: Fix deadlock between rmmod and set_mode Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 53/60] ktest: Fix child exit code processing Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 54/60] nlm: Ensure callback code also checks that the files match Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 55/60] xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 56/60] mac80211: flush delayed work when entering suspend Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 57/60] drm/ast: Fix test for VGA enabled Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 58/60] drm/ttm: Make sure BOs being swapped out are cacheable Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 59/60] fat: fix using uninitialized fields of fat_inode/fsinfo_inode Jiri Slaby
2017-03-14 13:15 ` [PATCH 3.12 60/60] drivers: hv: Turn off write permission on the hypercall page Jiri Slaby
2017-03-14 13:24 ` [PATCH 3.12 00/60] 3.12.72-stable review Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a1449d26f610373e7c339fde3d21df64f9472b2c.1489497268.git.jslaby@suse.cz \
--to=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.