github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
6bfbf2aacb
linux/sound
History
Takashi Iwai b374197df2 ALSA: seq: Fix racy pool initializations 
commit d15d662e89 upstream.

ALSA sequencer core initializes the event pool on demand by invoking
snd_seq_pool_init() when the first write happens and the pool is
empty.  Meanwhile user can reset the pool size manually via ioctl
concurrently, and this may lead to UAF or out-of-bound accesses since
the function tries to vmalloc / vfree the buffer.

A simple fix is to just wrap the snd_seq_pool_init() call with the
recently introduced client->ioctl_mutex; as the calls for
snd_seq_pool_init() from other side are always protected with this
mutex, we can avoid the race.

Reported-by: 范龙飞 <long7573@126.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-22 15:45:01 +01:00
..
aoa ALSA: aoa-soundbus: Switch to dev_pm_ops 2015-08-05 16:47:47 +02:00
arm ASoC: pxa: pxa-pcm-lib: switch over to snd-soc-dmaengine-pcm 2015-09-30 23:21:16 +01:00
atmel ALSA: sound/atmel/ac97c.c: remove unused variable 2015-05-20 06:18:25 +02:00
core ALSA: seq: Fix racy pool initializations 2018-02-22 15:45:01 +01:00
drivers ALSA: aloop: Fix racy hw constraints adjustment 2018-01-17 09:35:26 +01:00
firewire ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned type 2017-05-02 21:19:55 -07:00
hda ALSA: hda: Drop useless WARN_ON() 2018-01-02 20:33:22 +01:00
i2c ALSA: ak4xxx-adda: Drop unnecessary ifdef CONFIG_PROC_FS 2015-05-29 07:51:23 +02:00
isa ALSA: msnd: Optimize / harden DSP and MIDI loops 2017-09-13 14:09:46 -07:00
mips ALSA: mips: let SND_SGI_O2 select SND_PCM 2015-06-15 13:21:58 +02:00
oss sound: oss/sb_audio: use swap() in sb_audio_close() 2015-06-12 20:46:29 +02:00
parisc ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
pci ALSA: hda/realtek: PCI quirk for Fujitsu U7x7 2018-02-22 15:45:01 +01:00
pcmcia ALSA: vx: Fix possible transfer overflow 2017-11-21 09:21:20 +01:00
ppc ALSA: ppc/awacs: shut up maybe-uninitialized warning 2017-05-08 07:46:01 +02:00
sh ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
soc ASoC: rsnd: avoid duplicate free_irq() 2018-02-16 20:09:37 +01:00
sparc ALSA: Add missing dependency on CONFIG_SND_TIMER 2016-02-17 12:30:58 -08:00
spi
synth ALSA: synth: Fix conflicting OSS device registration on AWE32 2015-10-05 16:55:09 +02:00
usb ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204 2018-02-22 15:45:01 +01:00
ac97_bus.c ASoC: Updates for v4.3 2015-08-31 16:25:22 +02:00
Kconfig ALSA: hda - Make snd_hda_bus_type public 2015-03-23 13:15:51 +01:00
last.c
Makefile ALSA: hda - Make snd_hda_bus_type public 2015-03-23 13:15:51 +01:00
sound_core.c sound: fix check for error condition of register_chrdev() 2015-11-07 11:14:30 +01:00
sound_firmware.c sound: sound_firmware: Fix invalid use of vfs_read() 2015-05-26 13:48:58 +02:00