Skip to content

Commit 197b958

Browse files
tiwaitiwai
committed
ALSA: seq: oss: Don't drain at closing a client
The OSS sequencer client tries to drain the pending events at releasing. Unfortunately, as spotted by syzkaller fuzzer, this may lead to an unkillable process state when the event has been queued at the far future. Since the process being released can't be signaled any longer, it remains and waits for the echo-back event in that far future. Back to history, the draining feature was implemented at the time we misinterpreted POSIX definition for blocking file operation. Actually, such a behavior is superfluous at release, and we should just release the device as is instead of keeping it up forever. This patch just removes the draining call that may block the release for too long time unexpectedly. BugLink: http://lkml.kernel.org/r/CACT4Y+Y4kD-aBGj37rf-xBw9bH3GMU6P+MYg4W1e-s-paVD2pg@mail.gmail.com Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
1 parent 17e2df4 commit 197b958

File tree

3 files changed

+0
-19
lines changed

3 files changed

+0
-19
lines changed

sound/core/seq/oss/seq_oss.c

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -149,8 +149,6 @@ odev_release(struct inode *inode, struct file *file)
149149
if ((dp = file->private_data) == NULL)
150150
return 0;
151151

152-
snd_seq_oss_drain_write(dp);
153-
154152
mutex_lock(&register_mutex);
155153
snd_seq_oss_release(dp);
156154
mutex_unlock(&register_mutex);

sound/core/seq/oss/seq_oss_device.h

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -127,7 +127,6 @@ int snd_seq_oss_write(struct seq_oss_devinfo *dp, const char __user *buf, int co
127127
unsigned int snd_seq_oss_poll(struct seq_oss_devinfo *dp, struct file *file, poll_table * wait);
128128

129129
void snd_seq_oss_reset(struct seq_oss_devinfo *dp);
130-
void snd_seq_oss_drain_write(struct seq_oss_devinfo *dp);
131130

132131
/* */
133132
void snd_seq_oss_process_queue(struct seq_oss_devinfo *dp, abstime_t time);

sound/core/seq/oss/seq_oss_init.c

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -435,22 +435,6 @@ snd_seq_oss_release(struct seq_oss_devinfo *dp)
435435
}
436436

437437

438-
/*
439-
* Wait until the queue is empty (if we don't have nonblock)
440-
*/
441-
void
442-
snd_seq_oss_drain_write(struct seq_oss_devinfo *dp)
443-
{
444-
if (! dp->timer->running)
445-
return;
446-
if (is_write_mode(dp->file_mode) && !is_nonblock_mode(dp->file_mode) &&
447-
dp->writeq) {
448-
while (snd_seq_oss_writeq_sync(dp->writeq))
449-
;
450-
}
451-
}
452-
453-
454438
/*
455439
* reset sequencer devices
456440
*/

0 commit comments

Comments
 (0)