Merge "ALSA: seq: Fix use-after-free at creating a port"

	struct snd_seq_client_port *port;

	struct snd_seq_port_info info;

	struct snd_seq_port_callback *callback;

	int port_idx;

	if (copy_from_user(&info, arg, sizeof(info)))

		return -EFAULT;

		return -ENOMEM;

	if (client->type == USER_CLIENT && info.kernel) {

		snd_seq_delete_port(client, port->addr.port);

		port_idx = port->addr.port;

		snd_seq_port_unlock(port);

		snd_seq_delete_port(client, port_idx);

		return -EINVAL;

	}

	if (client->type == KERNEL_CLIENT) {

	snd_seq_set_port_info(port, &info);

	snd_seq_system_client_ev_port_start(port->addr.client, port->addr.port);

	snd_seq_port_unlock(port);

	if (copy_to_user(arg, &info, sizeof(info)))

		return -EFAULT;

}

/* create a port, port number is returned (-1 on failure) */

/* create a port, port number is returned (-1 on failure);

 * the caller needs to unref the port via snd_seq_port_unlock() appropriately

 */

struct snd_seq_client_port *snd_seq_create_port(struct snd_seq_client *client,

						int port)

{

	snd_use_lock_init(&new_port->use_lock);

	port_subs_info_init(&new_port->c_src);

	port_subs_info_init(&new_port->c_dest);

	snd_use_lock_use(&new_port->use_lock);

	num = port >= 0 ? port : 0;

	mutex_lock(&client->ports_mutex);

	list_add_tail(&new_port->list, &p->list);

	client->num_ports++;

	new_port->addr.port = num;	/* store the port number in the port */

	sprintf(new_port->name, "port-%d", num);

	write_unlock_irqrestore(&client->ports_lock, flags);

	mutex_unlock(&client->ports_mutex);

	sprintf(new_port->name, "port-%d", num);

	return new_port;

}