- 08 3月, 2018 1 次提交
-
-
由 Takashi Iwai 提交于
This patch is an attempt for further hardening against races between the concurrent write and ioctls. The previous fix d15d662e ("ALSA: seq: Fix racy pool initializations") covered the race of the pool initialization at writer and the pool resize ioctl by the client->ioctl_mutex (CVE-2018-1000004). However, basically this mutex should be applied more widely to the whole write operation for avoiding the unexpected pool operations by another thread. The only change outside snd_seq_write() is the additional mutex argument to helper functions, so that we can unlock / relock the given mutex temporarily during schedule() call for blocking write. Fixes: d15d662e ("ALSA: seq: Fix racy pool initializations") Reported-by: N范龙飞 <long7573@126.com> Reported-by: NNicolai Stange <nstange@suse.de> Reviewed-and-tested-by: NNicolai Stange <nstange@suse.de> Cc: <stable@vger.kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 20 6月, 2017 1 次提交
-
-
由 Ingo Molnar 提交于
Rename: wait_queue_t => wait_queue_entry_t 'wait_queue_t' was always a slight misnomer: its name implies that it's a "queue", but in reality it's a queue *entry*. The 'real' queue is the wait queue head, which had to carry the name. Start sorting this out by renaming it to 'wait_queue_entry_t'. This also allows the real structure name 'struct __wait_queue' to lose its double underscore and become 'struct wait_queue_entry', which is the more canonical nomenclature for such data types. Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: NIngo Molnar <mingo@kernel.org>
-
- 16 6月, 2017 1 次提交
-
-
由 Takashi Iwai 提交于
Just a tidy up to follow the standard EXPORT_SYMBOL*() declarations in order to improve grep-ability. - Move EXPORT_SYMBOL*() to the position right after its definition - Remove superfluous blank line before EXPORT_SYMBOL*() lines Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 21 3月, 2017 1 次提交
-
-
由 Takashi Iwai 提交于
When snd_seq_pool_done() is called, it marks the closing flag to refuse the further cell insertions. But snd_seq_pool_done() itself doesn't clear the cells but just waits until all cells are cleared by the caller side. That is, it's racy, and this leads to the endless stall as syzkaller spotted. This patch addresses the racy by splitting the setup of pool->closing flag out of snd_seq_pool_done(), and calling it properly before snd_seq_pool_done(). BugLink: http://lkml.kernel.org/r/CACT4Y+aqqy8bZA1fFieifNxR2fAfFQQABcBHj801+u5ePV0URw@mail.gmail.comReported-and-tested-by: NDmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 02 3月, 2017 1 次提交
-
-
由 Ingo Molnar 提交于
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> Fix up affected files that include this signal functionality via sched.h. Acked-by: NLinus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: NIngo Molnar <mingo@kernel.org>
-
- 06 2月, 2017 1 次提交
-
-
由 Takashi Iwai 提交于
snd_seq_pool_done() syncs with closing of all opened threads, but it aborts the wait loop with a timeout, and proceeds to the release resource even if not all threads have been closed. The timeout was 5 seconds, and if you run a crazy stuff, it can exceed easily, and may result in the access of the invalid memory address -- this is what syzkaller detected in a bug report. As a fix, let the code graduate from naiveness, simply remove the loop timeout. BugLink: http://lkml.kernel.org/r/CACT4Y+YdhDV2H5LLzDTJDVF-qiYHUHhtRaW4rbb4gUhTCQB81w@mail.gmail.comReported-by: NDmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 15 2月, 2016 1 次提交
-
-
由 Takashi Iwai 提交于
When multiple concurrent writes happen on the ALSA sequencer device right after the open, it may try to allocate vmalloc buffer for each write and leak some of them. It's because the presence check and the assignment of the buffer is done outside the spinlock for the pool. The fix is to move the check and the assignment into the spinlock. (The current implementation is suboptimal, as there can be multiple unnecessary vmallocs because the allocation is done before the check in the spinlock. But the pool size is already checked beforehand, so this isn't a big problem; that is, the only possible path is the multiple writes before any pool assignment, and practically seen, the current coverage should be "good enough".) The issue was triggered by syzkaller fuzzer. BugLink: http://lkml.kernel.org/r/CACT4Y+bSzazpXNvtAr=WXaL8hptqjHwqEyFA+VN2AWEx=aurkg@mail.gmail.comReported-by: NDmitry Vyukov <dvyukov@google.com> Tested-by: NDmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 10 3月, 2015 1 次提交
-
-
由 Takashi Iwai 提交于
The kernel memory allocators already report the errors when the requested allocation fails, thus we don't need to warn it again in each caller side. Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 23 6月, 2014 1 次提交
-
-
由 Rasmus Villemoes 提交于
Add a newline and, while at it, remove a space and redundant braces. Signed-off-by: NRasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 14 2月, 2014 1 次提交
-
-
由 Takashi Iwai 提交于
Use the standard pr_xxx() helpers instead of home-baked snd_print*(). Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 01 11月, 2011 1 次提交
-
-
由 Paul Gortmaker 提交于
These aren't modules, but they do make use of these macros, so they will need export.h to get that definition. Previously, they got it via the implicit module.h inclusion. Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com>
-
- 15 2月, 2011 1 次提交
-
-
由 Clemens Ladisch 提交于
Change the core code where sparse complains. In most cases, this means just adding annotations to confirm that we indeed want to do the dirty things we're doing. Signed-off-by: NClemens Ladisch <clemens@ladisch.de> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 13 8月, 2008 1 次提交
-
-
由 Takashi Iwai 提交于
Kill snd_assert() in sound/core/*, either removed or replaced with if () with snd_BUG_ON(). Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@perex.cz>
-
- 01 2月, 2008 1 次提交
-
-
由 Takashi Iwai 提交于
This header file exists only for some hacks to adapt alsa-driver tree. It's useless for building in the kernel. Let's move a few lines in it to sound/core.h and remove it. With this patch, sound/driver.h isn't removed but has just a single compile warning to include it. This should be really killed in future. Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@perex.cz>
-
- 16 10月, 2007 1 次提交
-
-
由 Jaroslav Kysela 提交于
Signed-off-by: NJaroslav Kysela <perex@perex.cz>
-
- 20 12月, 2006 1 次提交
-
-
由 Clemens Ladisch 提交于
Use the roundup macro instead of manual calculations. Signed-off-by: NClemens Ladisch <clemens@ladisch.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
- 23 6月, 2006 1 次提交
-
-
由 Takashi Iwai 提交于
Move EXPORT_SYMBOL()s to places adjacent to functions/variables. Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 10 1月, 2006 1 次提交
-
-
由 Jes Sorensen 提交于
This patch converts the inode semaphore to a mutex. I have tested it on XFS and compiled as much as one can consider on an ia64. Anyway your luck with it might be different. Modified-by: NIngo Molnar <mingo@elte.hu> (finished the conversion) Signed-off-by: NJes Sorensen <jes@sgi.com> Signed-off-by: NIngo Molnar <mingo@elte.hu>
-
- 03 1月, 2006 1 次提交
-
-
由 Takashi Iwai 提交于
Modules: ALSA sequencer Remove xxx_t typedefs from the core sequencer codes. Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 04 11月, 2005 1 次提交
-
-
由 Nishanth Aravamudan 提交于
Use schedule_timeout_{,un}interruptible() instead of set_current_state()/schedule_timeout() to reduce kernel size. Also use human-time conversion functions instead of hard-coded division to avoid rounding issues. Signed-off-by: NNishanth Aravamudan <nacc@us.ibm.com> Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 12 9月, 2005 1 次提交
-
-
由 Takashi Iwai 提交于
ALSA sequencer,Instrument layer,ALSA<-OSS sequencer Replace kcalloc(1,..) with kzalloc(). Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 28 7月, 2005 1 次提交
-
-
由 Jesper Juhl 提交于
`gcc -W' likes to complain if the static keyword is not at the beginning of the declaration. This patch fixes all remaining occurrences of "inline static" up with "static inline" in the entire kernel tree (140 occurrences in 47 files). While making this change I came across a few lines with trailing whitespace that I also fixed up, I have also added or removed a blank line or two here and there, but there are no functional changes in the patch. Signed-off-by: NJesper Juhl <juhl-lkml@dif.dk> Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
- 17 4月, 2005 1 次提交
-
-
由 Linus Torvalds 提交于
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!
-