Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-17 17:41:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
e2d2fded6b
linux/sound/core
History
Takashi Iwai 80982c7e83 ALSA: seq: oss: Serialize ioctls 
Some ioctls via OSS sequencer API may race and lead to UAF when the
port create and delete are performed concurrently, as spotted by a
couple of syzkaller cases.  This patch is an attempt to address it by
serializing the ioctls with the existing register_mutex.

Basically OSS sequencer API is an obsoleted interface and was designed
without much consideration of the concurrency.  There are very few
applications with it, and the concurrent performance isn't asked,
hence this "big hammer" approach should be good enough.

Reported-by: syzbot+1a54a94bd32716796edd@syzkaller.appspotmail.com
Reported-by: syzbot+9d2abfef257f3e2d4713@syzkaller.appspotmail.com
Suggested-by: Hillf Danton <hdanton@sina.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200804185815.2453-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2020-08-05 08:27:39 +02:00
..
oss ALSA: Use fallthrough pseudo-keyword 2020-07-09 13:01:29 +02:00
seq ALSA: seq: oss: Serialize ioctls 2020-08-05 08:27:39 +02:00
compress_offload.c ALSA: compress: fix partial_drain completion state 2020-07-07 11:52:18 +02:00
control_compat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
control.c ALSA: control: potential uninitialized return value 2020-01-08 07:20:28 +01:00
ctljack.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
device.c ALSA: core: Add snd_device_get_state() helper 2020-03-23 18:09:19 +01:00
hrtimer.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
hwdep_compat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
hwdep.c ALSA: hwdep: fix a left shifting 1 by 31 UB bug 2020-05-26 08:18:24 +02:00
info_oss.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
info.c ALSA: info: Drop WARN_ON() from buffer NULL sanity check 2020-07-17 10:59:38 +02:00
init.c ALSA: core: Warn on empty module 2020-06-25 15:01:35 +02:00
isadma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
jack.c ALSA: jack: More constification 2020-01-05 16:14:57 +01:00
Kconfig ALSA: control: Add verification for kctl accesses 2020-01-04 09:37:59 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
memalloc.c ALSA: Use fallthrough pseudo-keyword 2020-07-09 13:01:29 +02:00
memory.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
misc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
pcm_compat.c ALSA: pcm: Fix sparse warnings wrt snd_pcm_state_t 2020-01-31 16:23:13 +01:00
pcm_dmaengine.c ASoC: Updates for v5.7 2020-03-30 13:43:00 +02:00
pcm_drm_eld.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
pcm_iec958.c ALSA: core: pcm_iec958: fix kernel-doc 2020-07-07 10:22:33 +02:00
pcm_lib.c ALSA: pcm: fix incorrect hw_base increase 2020-05-18 09:52:13 +02:00
pcm_local.h ALSA: pcm: Make snd_pcm_hw_constraints_init() and _complete() static 2020-01-16 17:29:33 +01:00
pcm_memory.c Revert "ALSA: pcm: Use SG-buffer only when direct DMA is available" 2020-07-17 08:42:03 +02:00
pcm_misc.c ASoC: Updates for v5.7 2020-03-30 13:43:00 +02:00
pcm_native.c ALSA: Use fallthrough pseudo-keyword 2020-07-09 13:01:29 +02:00
pcm_param_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_timer.c ALSA: timer: Constify snd_timer_hardware definitions 2020-01-03 09:24:07 +01:00
pcm_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm.c ALSA: pcm: Fix superfluous snprintf() usage 2020-03-13 15:58:35 +01:00
rawmidi_compat.c ALSA: Avoid using timespec for struct snd_rawmidi_status 2019-12-11 22:06:16 +01:00
rawmidi.c ALSA: rawmidi: Fix racy buffer resize under concurrent accesses 2020-05-07 22:29:14 +02:00
seq_device.c ALSA: core: Constify snd_device_ops definitions 2020-01-03 09:23:51 +01:00
sgbuf.c ALSA: memalloc: Make SG-buffer helper usable for continuous buffer, too 2020-06-15 18:01:52 +02:00
sound_oss.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
sound.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
timer_compat.c ALSA: Avoid using timespec for struct snd_timer_tread 2019-12-13 11:25:57 +01:00
timer.c ALSA: timer: fix nsec/sec initialization confusion 2020-01-12 09:08:22 +01:00
vmaster.c ALSA: Replace the word "slave" in vmaster API 2020-07-20 10:10:47 +02:00