[37/90] ALSA: timer - Fix Oops at closing slave timer

From: Greg KH
Date: Sun Aug 14 2011 - 12:07:50 EST

Next message: Greg KH: "[39/90] ALSA: snd-usb: avoid dividing by zero on invalid input"
Previous message: Greg KH: "[35/90] cifs: convert prefixpath delimiters in"
In reply to: Greg KH: "[35/90] cifs: convert prefixpath delimiters in"
Next in thread: Greg KH: "[39/90] ALSA: snd-usb: avoid dividing by zero on invalid input"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.0-stable review patch. If anyone has any objections, please let us know.

------------------

From: Takashi Iwai <tiwai@xxxxxxx>

commit 0584ffa548b6e59aceb027112f23a55f0133400e upstream.

A slave-timer instance has no timer reference, and this results in
NULL-dereference at stopping the timer, typically called at closing
the device.

Reference: https://bugzilla.kernel.org/show_bug.cgi?id=40682

Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
sound/core/timer.c | 2 ++
1 file changed, 2 insertions(+)

--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -531,6 +531,8 @@ int snd_timer_stop(struct snd_timer_inst
if (err < 0)
return err;
timer = timeri->timer;
+ if (!timer)
+ return -EINVAL;
spin_lock_irqsave(&timer->lock, flags);
timeri->cticks = timeri->ticks;
timeri->pticks = 0;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[39/90] ALSA: snd-usb: avoid dividing by zero on invalid input"
Previous message: Greg KH: "[35/90] cifs: convert prefixpath delimiters in"
In reply to: Greg KH: "[35/90] cifs: convert prefixpath delimiters in"
Next in thread: Greg KH: "[39/90] ALSA: snd-usb: avoid dividing by zero on invalid input"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]