mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2024-12-29 01:02:08 +00:00
ALSA: rawmidi: Fix kvfree() call in spinlock
At the conversion of locking with guard(), I overlooked that kvfree()
must not be called inside the spinlock unlike kfree(), and this was
caught by syzkaller now.
This patch reverts the conversion partially for restoring the kvfree()
call outside the spinlock. It's not trivial to use guard() in this
context, unfortunately.
Fixes: 84bb065b31
("ALSA: rawmidi: Use guard() for locking")
Reported-by: syzbot+351f8764833934c68836@syzkaller.appspotmail.com
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Closes: https://lore.kernel.org/6744737b.050a0220.1cc393.007e.GAE@google.com
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20241125142041.16578-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This commit is contained in:
parent
5ebe792a51
commit
20c0c49720
@ -724,8 +724,9 @@ static int resize_runtime_buffer(struct snd_rawmidi_substream *substream,
|
||||
newbuf = kvzalloc(params->buffer_size, GFP_KERNEL);
|
||||
if (!newbuf)
|
||||
return -ENOMEM;
|
||||
guard(spinlock_irq)(&substream->lock);
|
||||
spin_lock_irq(&substream->lock);
|
||||
if (runtime->buffer_ref) {
|
||||
spin_unlock_irq(&substream->lock);
|
||||
kvfree(newbuf);
|
||||
return -EBUSY;
|
||||
}
|
||||
@ -733,6 +734,7 @@ static int resize_runtime_buffer(struct snd_rawmidi_substream *substream,
|
||||
runtime->buffer = newbuf;
|
||||
runtime->buffer_size = params->buffer_size;
|
||||
__reset_runtime_ptrs(runtime, is_input);
|
||||
spin_unlock_irq(&substream->lock);
|
||||
kvfree(oldbuf);
|
||||
}
|
||||
runtime->avail_min = params->avail_min;
|
||||
|
Loading…
Reference in New Issue
Block a user