ALSA: timer: Limit max amount of slave instances

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The fuzzer tries to open the timer instances as much as possible, and
this may cause a system hiccup easily. We've already introduced the
cap for the max number of available instances for the h/w timers, and
we should put such a limit also to the slave timers, too.

This patch introduces the limit to the multiple opened slave timers.
The upper limit is hard-coded to 1000 for now, which should suffice
for any practical usages up to now.

Link: https://lore.kernel.org/r/20191106154257.5853-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Takashi Iwai 6 years ago fdea53fe b65f131b

+10

1 changed file

expand all

sound

core

timer.c

+10

sound/core/timer.c

··· 74 74 /* lock for slave active lists */ 75 75 static DEFINE_SPINLOCK(slave_active_lock); 76 76 77 + #define MAX_SLAVE_INSTANCES 1000 78 + static int num_slaves; 79 + 77 80 static DEFINE_MUTEX(register_mutex); 78 81 79 82 static int snd_timer_free(struct snd_timer *timer); ··· 253 250 err = -EINVAL; 254 251 goto unlock; 255 252 } 253 + if (num_slaves >= MAX_SLAVE_INSTANCES) { 254 + err = -EBUSY; 255 + goto unlock; 256 + } 256 257 timeri = snd_timer_instance_new(owner, NULL); 257 258 if (!timeri) { 258 259 err = -ENOMEM; ··· 266 259 timeri->slave_id = tid->device; 267 260 timeri->flags |= SNDRV_TIMER_IFLG_SLAVE; 268 261 list_add_tail(&timeri->open_list, &snd_timer_slave_list); 262 + num_slaves++; 269 263 err = snd_timer_check_slave(timeri); 270 264 if (err < 0) { 271 265 snd_timer_close_locked(timeri); ··· 358 350 } 359 351 360 352 list_del(&timeri->open_list); 353 + if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) 354 + num_slaves--; 361 355 362 356 /* force to stop the timer */ 363 357 snd_timer_stop(timeri);