linux_dsm_epyc7002/sound/core
Takashi Iwai 2a3f7221ac ALSA: core: Fix card races between register and disconnect
There is a small race window in the card disconnection code that
allows the registration of another card with the very same card id.
This leads to a warning in procfs creation as caught by syzkaller.

The problem is that we delete snd_cards and snd_cards_lock entries at
the very beginning of the disconnection procedure.  This makes the
slot available to be assigned for another card object while the
disconnection procedure is being processed.  Then it becomes possible
to issue a procfs registration with the existing file name although we
check the conflict beforehand.

The fix is simply to move the snd_cards and snd_cards_lock clearances
at the end of the disconnection procedure.  The references to these
entries are merely either from the global proc files like
/proc/asound/cards or from the card registration / disconnection, so
it should be fine to shift at the very end.

Reported-by: syzbot+48df349490c36f9f54ab@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-04-16 17:06:33 +02:00
..
oss ALSA: pcm: Fix possible OOB access in PCM oss plugins 2019-03-22 16:27:03 +01:00
seq ALSA: seq: Fix OOB-reads from strlcpy 2019-04-05 14:33:01 +02:00
compress_offload.c ALSA: compress: Remove superfluous snd_info_register() calls 2019-02-06 18:11:54 +01:00
control_compat.c
control.c ALSA: control: Consolidate helpers for adding and replacing ctl elements 2018-11-24 20:04:10 +01:00
ctljack.c
device.c
hrtimer.c
hwdep_compat.c
hwdep.c
info_oss.c
info.c ALSA: info: Fix racy addition/deletion of nodes 2019-04-16 15:49:48 +02:00
init.c ALSA: core: Fix card races between register and disconnect 2019-04-16 17:06:33 +02:00
isadma.c
jack.c
Kconfig docs: Fix some broken references 2018-06-15 18:10:01 -03:00
Makefile
memalloc.c ALSA: core: Don't allow NULL device for memory allocation 2019-02-05 11:05:26 +01:00
memory.c
misc.c
pcm_compat.c
pcm_dmaengine.c
pcm_drm_eld.c
pcm_iec958.c
pcm_lib.c ALSA: pcm: Comment why read blocks when PCM is not running 2019-02-13 08:01:05 +01:00
pcm_local.h ALSA: pcm: Unify snd_pcm_group initialization 2019-01-21 16:39:35 +01:00
pcm_memory.c ALSA: pcm: Define snd_pcm_lib_preallocate_*() as returning void 2019-02-08 14:24:12 +01:00
pcm_misc.c
pcm_native.c ALSA: pcm: Don't suspend stream in unrecoverable PCM state 2019-03-25 16:36:30 +01:00
pcm_param_trace.h
pcm_timer.c
pcm_trace.h
pcm.c ALSA: pcm: Remove superfluous snd_info_register() calls 2019-02-06 18:11:54 +01:00
rawmidi_compat.c
rawmidi.c ALSA: rawmidi: Fix potential Spectre v1 vulnerability 2019-03-21 13:21:15 +01:00
seq_device.c
sgbuf.c ALSA: memalloc: Add non-cached buffer type 2018-08-28 13:56:47 +02:00
sound_oss.c
sound.c
timer_compat.c
timer.c ALSA: timer: catch invalid timer object creation 2018-07-22 10:42:41 +02:00
vmaster.c