ALSA: seq: More protection for concurrent write and ioctl races

static int snd_seq_client_enqueue_event(struct snd_seq_client *client,

					struct snd_seq_event *event,

					struct file *file, int blocking,

					int atomic, int hop)

					int atomic, int hop,

					struct mutex *mutexp)

{

	struct snd_seq_event_cell *cell;

	int err;

		return -ENXIO; /* queue is not allocated */

	/* allocate an event cell */

	err = snd_seq_event_dup(client->pool, event, &cell, !blocking || atomic, file);

	err = snd_seq_event_dup(client->pool, event, &cell, !blocking || atomic,

				file, mutexp);

	if (err < 0)

		return err;

		return -ENXIO;

	/* allocate the pool now if the pool is not allocated yet */ 

	if (client->pool->size > 0 && !snd_seq_write_pool_allocated(client)) {

	mutex_lock(&client->ioctl_mutex);

	if (client->pool->size > 0 && !snd_seq_write_pool_allocated(client)) {

		err = snd_seq_pool_init(client->pool);

		mutex_unlock(&client->ioctl_mutex);

		if (err < 0)

			return -ENOMEM;

			goto out;

	}

	/* only process whole events */

		/* ok, enqueue it */

		err = snd_seq_client_enqueue_event(client, &event, file,

						   !(file->f_flags & O_NONBLOCK),

						   0, 0);

						   0, 0, &client->ioctl_mutex);

		if (err < 0)

			break;

		written += len;

	}

 out:

	mutex_unlock(&client->ioctl_mutex);

	return written ? written : err;

}

	if (! cptr->accept_output)

		result = -EPERM;

	else /* send it */

		result = snd_seq_client_enqueue_event(cptr, ev, file, blocking, atomic, hop);

		result = snd_seq_client_enqueue_event(cptr, ev, file, blocking,

						      atomic, hop, NULL);

	snd_seq_client_unlock(cptr);

	return result;

		return -EINVAL;

	snd_use_lock_use(&f->use_lock);

	err = snd_seq_event_dup(f->pool, event, &cell, 1, NULL); /* always non-blocking */

	err = snd_seq_event_dup(f->pool, event, &cell, 1, NULL, NULL); /* always non-blocking */

	if (err < 0) {

		if ((err == -ENOMEM) || (err == -EAGAIN))

			atomic_inc(&f->overflow);

 */

static int snd_seq_cell_alloc(struct snd_seq_pool *pool,

			      struct snd_seq_event_cell **cellp,

			      int nonblock, struct file *file)

			      int nonblock, struct file *file,

			      struct mutex *mutexp)

{

	struct snd_seq_event_cell *cell;

	unsigned long flags;

		set_current_state(TASK_INTERRUPTIBLE);

		add_wait_queue(&pool->output_sleep, &wait);

		spin_unlock_irq(&pool->lock);

		if (mutexp)

			mutex_unlock(mutexp);

		schedule();

		if (mutexp)

			mutex_lock(mutexp);

		spin_lock_irq(&pool->lock);

		remove_wait_queue(&pool->output_sleep, &wait);

		/* interrupted? */

 */

int snd_seq_event_dup(struct snd_seq_pool *pool, struct snd_seq_event *event,

		      struct snd_seq_event_cell **cellp, int nonblock,

		      struct file *file)

		      struct file *file, struct mutex *mutexp)

{

	int ncells, err;

	unsigned int extlen;

	if (ncells >= pool->total_elements)

		return -ENOMEM;

	err = snd_seq_cell_alloc(pool, &cell, nonblock, file);

	err = snd_seq_cell_alloc(pool, &cell, nonblock, file, mutexp);

	if (err < 0)

		return err;

			int size = sizeof(struct snd_seq_event);

			if (len < size)

				size = len;

			err = snd_seq_cell_alloc(pool, &tmp, nonblock, file);

			err = snd_seq_cell_alloc(pool, &tmp, nonblock, file,

						 mutexp);

			if (err < 0)

				goto __error;

			if (cell->event.data.ext.ptr == NULL)

void snd_seq_cell_free(struct snd_seq_event_cell *cell);

int snd_seq_event_dup(struct snd_seq_pool *pool, struct snd_seq_event *event,

		      struct snd_seq_event_cell **cellp, int nonblock, struct file *file);

		      struct snd_seq_event_cell **cellp, int nonblock,

		      struct file *file, struct mutex *mutexp);

/* return number of unused (free) cells */

static inline int snd_seq_unused_cells(struct snd_seq_pool *pool)