From 85d59b57be59970e892e9ab13f3cc3d21f14ac23 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: Thu, 8 Mar 2018 12:01:25 +0100
Subject: [PATCH] ALSA: seq: Remove superfluous snd_seq_queue_client_leave_cells() call
Git-commit: 85d59b57be59970e892e9ab13f3cc3d21f14ac23
Patch-mainline: v4.16-rc5
References: CVE-2018-1000004,bsc#1076017

With the previous two fixes for the write / ioctl races:
  ALSA: seq: Don't allow resizing pool in use
  ALSA: seq: More protection for concurrent write and ioctl races
the cells aren't any longer in queues at the point calling
snd_seq_pool_done() in snd_seq_ioctl_set_client_pool().  Hence the
function call snd_seq_queue_client_leave_cells() can be dropped safely
from there.

Suggested-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

---
 sound/core/seq/seq_clientmgr.c |    1 -
 1 file changed, 1 deletion(-)

--- a/sound/core/seq/seq_clientmgr.c
+++ b/sound/core/seq/seq_clientmgr.c
@@ -1843,7 +1843,6 @@ static int snd_seq_ioctl_set_client_pool
 				return -EBUSY;
 			/* remove all existing cells */
 			snd_seq_pool_mark_closing(client->pool);
-			snd_seq_queue_client_leave_cells(client->number);
 			snd_seq_pool_done(client->pool);
 		}
 		client->pool->size = info->output_pool;