diff options
| author | Takashi Iwai <tiwai@suse.de> | 2016-03-01 18:30:18 +0100 |
|---|---|---|
| committer | Sasha Levin <sasha.levin@oracle.com> | 2016-03-11 09:45:25 -0500 |
| commit | b2d914b265faf3886238aef2efc85f9d5554fe8f (patch) | |
| tree | 8c77857a9920413514a9de58a18c2e2aee8e1cfe | |
| parent | 0ee01eb779001565fbe1bea8c5bd39348104a23e (diff) | |
| download | linux-stable-b2d914b265faf3886238aef2efc85f9d5554fe8f.tar.gz linux-stable-b2d914b265faf3886238aef2efc85f9d5554fe8f.tar.bz2 linux-stable-b2d914b265faf3886238aef2efc85f9d5554fe8f.zip | |
ALSA: seq: oss: Don't drain at closing a client
[ Upstream commit 197b958c1e76a575d77038cc98b4bebc2134279f ]
The OSS sequencer client tries to drain the pending events at
releasing. Unfortunately, as spotted by syzkaller fuzzer, this may
lead to an unkillable process state when the event has been queued at
the far future. Since the process being released can't be signaled
any longer, it remains and waits for the echo-back event in that far
future.
Back to history, the draining feature was implemented at the time we
misinterpreted POSIX definition for blocking file operation.
Actually, such a behavior is superfluous at release, and we should
just release the device as is instead of keeping it up forever.
This patch just removes the draining call that may block the release
for too long time unexpectedly.
BugLink: http://lkml.kernel.org/r/CACT4Y+Y4kD-aBGj37rf-xBw9bH3GMU6P+MYg4W1e-s-paVD2pg@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
| -rw-r--r-- | sound/core/seq/oss/seq_oss.c | 2 | ||||
| -rw-r--r-- | sound/core/seq/oss/seq_oss_device.h | 1 | ||||
| -rw-r--r-- | sound/core/seq/oss/seq_oss_init.c | 16 |
3 files changed, 0 insertions, 19 deletions
diff --git a/sound/core/seq/oss/seq_oss.c b/sound/core/seq/oss/seq_oss.c index 16d42679e43f..bb032d7593e3 100644 --- a/sound/core/seq/oss/seq_oss.c +++ b/sound/core/seq/oss/seq_oss.c @@ -144,8 +144,6 @@ odev_release(struct inode *inode, struct file *file) if ((dp = file->private_data) == NULL) return 0; - snd_seq_oss_drain_write(dp); - mutex_lock(®ister_mutex); snd_seq_oss_release(dp); mutex_unlock(®ister_mutex); diff --git a/sound/core/seq/oss/seq_oss_device.h b/sound/core/seq/oss/seq_oss_device.h index b43924325249..d7b4d016b547 100644 --- a/sound/core/seq/oss/seq_oss_device.h +++ b/sound/core/seq/oss/seq_oss_device.h @@ -127,7 +127,6 @@ int snd_seq_oss_write(struct seq_oss_devinfo *dp, const char __user *buf, int co unsigned int snd_seq_oss_poll(struct seq_oss_devinfo *dp, struct file *file, poll_table * wait); void snd_seq_oss_reset(struct seq_oss_devinfo *dp); -void snd_seq_oss_drain_write(struct seq_oss_devinfo *dp); /* */ void snd_seq_oss_process_queue(struct seq_oss_devinfo *dp, abstime_t time); diff --git a/sound/core/seq/oss/seq_oss_init.c b/sound/core/seq/oss/seq_oss_init.c index beea8c861f49..acefecb1a47a 100644 --- a/sound/core/seq/oss/seq_oss_init.c +++ b/sound/core/seq/oss/seq_oss_init.c @@ -441,22 +441,6 @@ snd_seq_oss_release(struct seq_oss_devinfo *dp) /* - * Wait until the queue is empty (if we don't have nonblock) - */ -void -snd_seq_oss_drain_write(struct seq_oss_devinfo *dp) -{ - if (! dp->timer->running) - return; - if (is_write_mode(dp->file_mode) && !is_nonblock_mode(dp->file_mode) && - dp->writeq) { - while (snd_seq_oss_writeq_sync(dp->writeq)) - ; - } -} - - -/* * reset sequencer devices */ void |