linux/sound/core/seq
Takashi Iwai d99a36f472 ALSA: seq: Fix leak of pool buffer at concurrent writes
When multiple concurrent writes happen on the ALSA sequencer device
right after the open, it may try to allocate vmalloc buffer for each
write and leak some of them.  It's because the presence check and the
assignment of the buffer is done outside the spinlock for the pool.

The fix is to move the check and the assignment into the spinlock.

(The current implementation is suboptimal, as there can be multiple
 unnecessary vmallocs because the allocation is done before the check
 in the spinlock.  But the pool size is already checked beforehand, so
 this isn't a big problem; that is, the only possible path is the
 multiple writes before any pool assignment, and practically seen, the
 current coverage should be "good enough".)

The issue was triggered by syzkaller fuzzer.

BugLink: http://lkml.kernel.org/r/CACT4Y+bSzazpXNvtAr=WXaL8hptqjHwqEyFA+VN2AWEx=aurkg@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-02-15 16:26:52 +01:00
..
oss ALSA: seq: Degrade the error message for too many opens 2016-01-25 11:52:23 +01:00
Kconfig
Makefile ALSA: core: Fix randconfig build wrt CONFIG_PROC_FS 2015-05-29 07:21:02 +02:00
seq_clientmgr.c ALSA: seq: Fix lockdep warnings due to double mutex locks 2016-02-03 14:51:51 +01:00
seq_clientmgr.h
seq_compat.c ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode 2016-01-18 14:39:13 +01:00
seq_device.c ALSA: core: Fix randconfig build wrt CONFIG_PROC_FS 2015-05-29 07:21:02 +02:00
seq_dummy.c ALSA: seq: Drop snd_seq_autoload_lock() and _unlock() 2015-02-12 14:42:31 +01:00
seq_fifo.c ALSA: seq: Drop superfluous error/debug messages after malloc failures 2015-03-10 15:41:18 +01:00
seq_fifo.h
seq_info.c ALSA: core: Build conditionally and remove superfluous ifdefs 2015-04-24 17:31:07 +02:00
seq_info.h ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
seq_lock.c ALSA: seq: Use standard printk helpers 2014-02-14 08:14:18 +01:00
seq_lock.h
seq_memory.c ALSA: seq: Fix leak of pool buffer at concurrent writes 2016-02-15 16:26:52 +01:00
seq_memory.h
seq_midi_emul.c ALSA: seq: potential out of bounds in do_control() 2015-02-12 11:07:48 +01:00
seq_midi_event.c sound: Add module.h to the previously silent sound users 2011-10-31 19:31:21 -04:00
seq_midi.c ALSA: seq: Drop snd_seq_autoload_lock() and _unlock() 2015-02-12 14:42:31 +01:00
seq_ports.c ALSA: seq: Fix lockdep warnings due to double mutex locks 2016-02-03 14:51:51 +01:00
seq_ports.h ALSA: seq: remove unused callback_all field 2015-01-26 13:56:58 +01:00
seq_prioq.c ALSA: seq: Drop superfluous error/debug messages after malloc failures 2015-03-10 15:41:18 +01:00
seq_prioq.h
seq_queue.c ALSA: seq: Fix race at timer setup and close 2016-01-12 17:50:41 +01:00
seq_queue.h
seq_system.c sound: Add export.h for THIS_MODULE/EXPORT_SYMBOL where needed 2011-10-31 19:31:22 -04:00
seq_system.h
seq_timer.c ALSA: seq: Fix yet another races among ALSA timer accesses 2016-02-01 12:23:29 +01:00
seq_timer.h
seq_virmidi.c ALSA: rawmidi: Make snd_rawmidi_transmit() race-free 2016-02-03 14:51:28 +01:00
seq.c Subject: ALSA: seq: Remove autoload locks in driver registration 2014-10-18 20:25:19 +02:00