Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-11 14:42:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
1f8763c59c
linux/sound
History
Takashi Iwai 1f8763c59c ALSA: seq: Fix a potential UAF by wrong private_free call order 
John Keeping reported and posted a patch for a potential UAF in
rawmidi sequencer destruction: the snd_rawmidi_dev_seq_free() may be
called after the associated rawmidi object got already freed.
After a deeper look, it turned out that the bug is rather the
incorrect private_free call order for a snd_seq_device.  The
snd_seq_device private_free gets called at the release callback of the
sequencer device object, while this was rather expected to be executed
at the snd_device call chains that runs at the beginning of the whole
card-free procedure.  It's been broken since the rewrite of
sequencer-device binding (although it hasn't surfaced because the
sequencer device release happens usually right along with the card
device release).

This patch corrects the private_free call to be done in the right
place, at snd_seq_device_dev_free().

Fixes: 7c37ae5c62 ("ALSA: seq: Rewrite sequencer device binding with standard bus")
Reported-and-tested-by: John Keeping <john@metanate.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210930114114.8645-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-09-30 14:13:22 +02:00
..
ac97 bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
aoa Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
arm ALSA: pxa2xx: Use managed PCM buffer allocation 2021-08-04 08:08:21 +02:00
atmel
core ALSA: seq: Fix a potential UAF by wrong private_free call order 2021-09-30 14:13:22 +02:00
drivers ALSA: pcsp: Make hrtimer forwarding more robust 2021-09-28 10:58:08 +02:00
firewire ALSA: firewire-motu: fix truncated bytes in message tracepoints 2021-09-21 18:48:32 +02:00
hda ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID 2021-07-20 09:10:55 +02:00
i2c ALSA: i2c: tea6330t: Remove redundant initialization of variable err 2021-06-12 09:32:14 +02:00
isa ALSA: gus: Fix repeated probe for ISA interwave card 2021-09-07 11:40:08 +02:00
mips ALSA: n64: check return value after calling platform_get_resource() 2021-06-12 09:31:13 +02:00
oss sound/oss/dmasound: Remove superfluous "break" 2021-05-27 08:24:23 +02:00
parisc parisc architecture updates for kernel 5.15: 2021-09-02 13:16:00 -07:00
pci ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop 2021-09-30 13:54:00 +02:00
pcmcia ALSA: vx: Manage vx_core object with devres 2021-07-19 16:17:09 +02:00
ppc ALSA: ppc: fix error return code in snd_pmac_probe() 2021-06-16 08:52:29 +02:00
sh module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
soc ASoC: Fixes for v5.15 2021-09-21 18:42:14 +02:00
sparc ALSA: sparc: Fix assignment in if condition 2021-06-09 17:30:29 +02:00
spi
synth ALSA: emux: fix spelling mistakes 2021-07-05 19:34:22 +02:00
usb ALSA: usb-audio: Fix a missing error check in scarlett gen2 mixer 2021-09-30 13:48:51 +02:00
virtio ALSA: virtio: fix kernel-doc 2021-04-27 08:39:39 +02:00
x86 ALSA: memalloc: Correctly name as WC 2021-08-04 08:07:58 +02:00
xen module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
ac97_bus.c
Kconfig ALSA: virtio: add virtio sound driver 2021-03-07 09:07:16 +01:00
last.c
Makefile ALSA: virtio: add virtio sound driver 2021-03-07 09:07:16 +01:00
sound_core.c