diff options
| author | Takashi Iwai <tiwai@suse.de> | 2019-11-06 16:42:57 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-01-04 13:39:34 +0100 |
| commit | f68d9c56ca9212397cf152cc50eb38709e618c1c (patch) | |
| tree | ce5d6e5934bcc95b5b368bf3ca6b0da688a19191 /sound/core | |
| parent | 189fb903afdbc37015dbe32dd75e9a96b9a5de28 (diff) | |
ALSA: timer: Limit max amount of slave instances
[ Upstream commit fdea53fe5de532969a332d6e5e727f2ad8bf084d ]
The fuzzer tries to open the timer instances as much as possible, and
this may cause a system hiccup easily. We've already introduced the
cap for the max number of available instances for the h/w timers, and
we should put such a limit also to the slave timers, too.
This patch introduces the limit to the multiple opened slave timers.
The upper limit is hard-coded to 1000 for now, which should suffice
for any practical usages up to now.
Link: https://lore.kernel.org/r/20191106154257.5853-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'sound/core')
| -rw-r--r-- | sound/core/timer.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/sound/core/timer.c b/sound/core/timer.c index e944d27f79c3..f8a4b2a2f8f6 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -87,6 +87,9 @@ static LIST_HEAD(snd_timer_slave_list); /* lock for slave active lists */ static DEFINE_SPINLOCK(slave_active_lock); +#define MAX_SLAVE_INSTANCES 1000 +static int num_slaves; + static DEFINE_MUTEX(register_mutex); static int snd_timer_free(struct snd_timer *timer); @@ -265,6 +268,10 @@ int snd_timer_open(struct snd_timer_instance **ti, err = -EINVAL; goto unlock; } + if (num_slaves >= MAX_SLAVE_INSTANCES) { + err = -EBUSY; + goto unlock; + } timeri = snd_timer_instance_new(owner, NULL); if (!timeri) { err = -ENOMEM; @@ -274,6 +281,7 @@ int snd_timer_open(struct snd_timer_instance **ti, timeri->slave_id = tid->device; timeri->flags |= SNDRV_TIMER_IFLG_SLAVE; list_add_tail(&timeri->open_list, &snd_timer_slave_list); + num_slaves++; err = snd_timer_check_slave(timeri); if (err < 0) { snd_timer_close_locked(timeri, &card_dev_to_put); @@ -363,6 +371,8 @@ static int snd_timer_close_locked(struct snd_timer_instance *timeri, struct snd_timer_instance *slave, *tmp; list_del(&timeri->open_list); + if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) + num_slaves--; /* force to stop the timer */ snd_timer_stop(timeri); |