linux.git/sound/core/seq/seq_memory.c, branch v4.6.3 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git ALSA: seq: Fix leak of pool buffer at concurrent writes 2016-02-15T15:26:52+00:00 Takashi Iwai tiwai@suse.de 2016-02-15T15:20:24+00:00 d99a36f4728fcbcc501b78447f625bdcce15b842 When multiple concurrent writes happen on the ALSA sequencer device right after the open, it may try to allocate vmalloc buffer for each write and leak some of them. It's because the presence check and the assignment of the buffer is done outside the spinlock for the pool. The fix is to move the check and the assignment into the spinlock. (The current implementation is suboptimal, as there can be multiple unnecessary vmallocs because the allocation is done before the check in the spinlock. But the pool size is already checked beforehand, so this isn't a big problem; that is, the only possible path is the multiple writes before any pool assignment, and practically seen, the current coverage should be "good enough".) The issue was triggered by syzkaller fuzzer. BugLink: http://lkml.kernel.org/r/CACT4Y+bSzazpXNvtAr=WXaL8hptqjHwqEyFA+VN2AWEx=aurkg@mail.gmail.com Reported-by: Dmitry Vyukov <dvyukov@google.com> Tested-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> 
When multiple concurrent writes happen on the ALSA sequencer device
right after the open, it may try to allocate vmalloc buffer for each
write and leak some of them.  It's because the presence check and the
assignment of the buffer is done outside the spinlock for the pool.

The fix is to move the check and the assignment into the spinlock.

(The current implementation is suboptimal, as there can be multiple
 unnecessary vmallocs because the allocation is done before the check
 in the spinlock.  But the pool size is already checked beforehand, so
 this isn't a big problem; that is, the only possible path is the
 multiple writes before any pool assignment, and practically seen, the
 current coverage should be "good enough".)

The issue was triggered by syzkaller fuzzer.

BugLink: http://lkml.kernel.org/r/CACT4Y+bSzazpXNvtAr=WXaL8hptqjHwqEyFA+VN2AWEx=aurkg@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
ALSA: seq: Drop superfluous error/debug messages after malloc failures 2015-03-10T14:41:18+00:00 Takashi Iwai tiwai@suse.de 2015-03-10T14:41:18+00:00 24db8bbaa3fcfaf0c2faccbff5864b58088ac1f6 The kernel memory allocators already report the errors when the requested allocation fails, thus we don't need to warn it again in each caller side. Signed-off-by: Takashi Iwai <tiwai@suse.de> 
The kernel memory allocators already report the errors when the
requested allocation fails, thus we don't need to warn it again in
each caller side.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
ALSA: seq: seq_memory.c: Fix closing brace followed by if 2014-06-23T15:58:33+00:00 Rasmus Villemoes linux@rasmusvillemoes.dk 2014-06-23T15:56:09+00:00 b245a822a45915f63197d81cb899132e78f29fd8 Add a newline and, while at it, remove a space and redundant braces. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Takashi Iwai <tiwai@suse.de> 
Add a newline and, while at it, remove a space and redundant braces.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
ALSA: seq: Use standard printk helpers 2014-02-14T07:14:18+00:00 Takashi Iwai tiwai@suse.de 2014-02-04T17:24:34+00:00 04cc79a048ee215ec39af05d61f1fc8a4ab3d8c1 Use the standard pr_xxx() helpers instead of home-baked snd_print*(). Signed-off-by: Takashi Iwai <tiwai@suse.de> 
Use the standard pr_xxx() helpers instead of home-baked snd_print*().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
sound: Add export.h for THIS_MODULE/EXPORT_SYMBOL where needed 2011-10-31T23:31:22+00:00 Paul Gortmaker paul.gortmaker@windriver.com 2011-09-22T13:34:58+00:00 d81a6d71760c4d8323f1f9a506c64084caa09063 These aren't modules, but they do make use of these macros, so they will need export.h to get that definition. Previously, they got it via the implicit module.h inclusion. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> 
These aren't modules, but they do make use of these macros, so
they will need export.h to get that definition.  Previously,
they got it via the implicit module.h inclusion.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
ALSA: core: sparse cleanups 2011-02-14T16:10:11+00:00 Clemens Ladisch clemens@ladisch.de 2011-02-14T10:00:47+00:00 fea952e5cc23ea94b4677ca20774cdc3cea014e2 Change the core code where sparse complains. In most cases, this means just adding annotations to confirm that we indeed want to do the dirty things we're doing. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Takashi Iwai <tiwai@suse.de> 
Change the core code where sparse complains.  In most cases, this means
just adding annotations to confirm that we indeed want to do the dirty
things we're doing.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
ALSA: Kill snd_assert() in sound/core/* 2008-08-13T09:46:35+00:00 Takashi Iwai tiwai@suse.de 2008-08-08T15:09:09+00:00 7eaa943c8ed8e91e05d0f5d0dc7a18e3319b45cf Kill snd_assert() in sound/core/*, either removed or replaced with if () with snd_BUG_ON(). Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@perex.cz> 
Kill snd_assert() in sound/core/*, either removed or replaced with
if () with snd_BUG_ON().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
[ALSA] Remove sound/driver.h 2008-01-31T16:29:48+00:00 Takashi Iwai tiwai@suse.de 2008-01-08T17:13:27+00:00 9004acc70e8c49c50c4c7b652f906f1e0ed5709d This header file exists only for some hacks to adapt alsa-driver tree. It's useless for building in the kernel. Let's move a few lines in it to sound/core.h and remove it. With this patch, sound/driver.h isn't removed but has just a single compile warning to include it. This should be really killed in future. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@perex.cz> 
This header file exists only for some hacks to adapt alsa-driver
tree.  It's useless for building in the kernel.  Let's move a few
lines in it to sound/core.h and remove it.
With this patch, sound/driver.h isn't removed but has just a single
compile warning to include it.  This should be really killed in
future.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
[ALSA] Changed Jaroslav Kysela's e-mail from perex@suse.cz to perex@perex.cz 2007-10-16T14:51:18+00:00 Jaroslav Kysela perex@perex.cz 2007-10-15T07:50:19+00:00 c1017a4cdb68ae5368fbc9ee42c77f1f5dca8916 Signed-off-by: Jaroslav Kysela <perex@perex.cz> 
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
[ALSA] use the roundup macro 2006-12-20T07:55:37+00:00 Clemens Ladisch clemens@ladisch.de 2006-10-09T06:14:15+00:00 201efe3793b0faab3538a463ad6d63cf0ef4403c Use the roundup macro instead of manual calculations. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Jaroslav Kysela <perex@suse.cz> 
Use the roundup macro instead of manual calculations.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>