This is a note to let you know that I've just added the patch titled
ALSA: seq: Clear client entry before deleting else at closing
to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: alsa-seq-clear-client-entry-before-deleting-else-at-closing.patch and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From a2ff19f7b70118ced291a28d5313469914de451b Mon Sep 17 00:00:00 2001
From: Takashi Iwai tiwai@suse.de Date: Fri, 9 Mar 2018 22:23:31 +0100 Subject: ALSA: seq: Clear client entry before deleting else at closing
From: Takashi Iwai tiwai@suse.de
commit a2ff19f7b70118ced291a28d5313469914de451b upstream.
When releasing a client, we need to clear the clienttab[] entry at first, then call snd_seq_queue_client_leave(). Otherwise, the in-flight cell in the queue might be picked up by the timer interrupt via snd_seq_check_queue() before calling snd_seq_queue_client_leave(), and it's delivered to another queue while the client is clearing queues. This may eventually result in an uncleared cell remaining in a queue, and the later snd_seq_pool_delete() may need to wait for a long time until the event gets really processed.
By moving the clienttab[] clearance at the beginning of release, any event delivery of a cell belonging to this client will fail at a later point, since snd_seq_client_ptr() returns NULL. Thus the cell that was picked up by the timer interrupt will be returned immediately without further delivery, and the long stall of snd_seq_delete_pool() can be avoided, too.
Cc: stable@vger.kernel.org Signed-off-by: Takashi Iwai tiwai@suse.de Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- sound/core/seq/seq_clientmgr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/core/seq/seq_clientmgr.c +++ b/sound/core/seq/seq_clientmgr.c @@ -255,12 +255,12 @@ static int seq_free_client1(struct snd_s
if (!client) return 0; - snd_seq_delete_all_ports(client); - snd_seq_queue_client_leave(client->number); spin_lock_irqsave(&clients_lock, flags); clienttablock[client->number] = 1; clienttab[client->number] = NULL; spin_unlock_irqrestore(&clients_lock, flags); + snd_seq_delete_all_ports(client); + snd_seq_queue_client_leave(client->number); snd_use_lock_sync(&client->use_lock); snd_seq_queue_client_termination(client->number); if (client->pool)
Patches currently in stable-queue which might be from tiwai@suse.de are
queue-4.9/alsa-hda-add-geminilake-id-to-skl_plus.patch queue-4.9/alsa-firewire-digi00x-handle-all-midi-messages-on-streaming-packets.patch queue-4.9/alsa-firewire-digi00x-add-support-for-console-models-of-digi00x-series.patch queue-4.9/alsa-pcm-fix-uaf-in-snd_pcm_oss_get_formats.patch queue-4.9/alsa-seq-fix-possible-uaf-in-snd_seq_check_queue.patch queue-4.9/alsa-hda-revert-power_save-option-default-value.patch queue-4.9/alsa-seq-clear-client-entry-before-deleting-else-at-closing.patch queue-4.9/alsa-firewire-lib-add-a-quirk-of-packet-without-valid-eoh-in-cip-format.patch