ALSA: seq: Fix potential concurrent access to the deleted pool (104c5131) · Commits · e / devices / android_kernel_fairphone_FP3

sound/core/seq/seq_clientmgr.c

+1 −2

Original line number	Diff line number	Diff line
		@@ -1822,8 +1822,7 @@ static int snd_seq_ioctl_get_client_pool(struct snd_seq_client *client,
		if (cptr->type == USER_CLIENT) {
		info->input_pool = cptr->data.user.fifo_pool_size;
		info->input_free = info->input_pool;
		if (cptr->data.user.fifo)
		info->input_free = snd_seq_unused_cells(cptr->data.user.fifo->pool);
		info->input_free = snd_seq_fifo_unused_cells(cptr->data.user.fifo);
		} else {
		info->input_pool = 0;
		info->input_free = 0;

+17 −0

Original line number	Diff line number	Diff line
		@@ -278,3 +278,20 @@ int snd_seq_fifo_resize(struct snd_seq_fifo *f, int poolsize)

		return 0;
		}

		/* get the number of unused cells safely */
		int snd_seq_fifo_unused_cells(struct snd_seq_fifo *f)
		{
		unsigned long flags;
		int cells;

		if (!f)
		return 0;

		snd_use_lock_use(&f->use_lock);
		spin_lock_irqsave(&f->lock, flags);
		cells = snd_seq_unused_cells(f->pool);
		spin_unlock_irqrestore(&f->lock, flags);
		snd_use_lock_free(&f->use_lock);
		return cells;
		}

+2 −0

Original line number	Diff line number	Diff line
		@@ -68,5 +68,7 @@ int snd_seq_fifo_poll_wait(struct snd_seq_fifo f, struct file file, poll_table
		/* resize pool in fifo */
		int snd_seq_fifo_resize(struct snd_seq_fifo *f, int poolsize);

		/* get the number of unused cells safely */
		int snd_seq_fifo_unused_cells(struct snd_seq_fifo *f);

		#endif