AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-01-22 00:21:42 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
caee728ab7
linux_dsm_epyc7002/sound/core/seq
History
Takashi Iwai d15d662e89 ALSA: seq: Fix racy pool initializations 
ALSA sequencer core initializes the event pool on demand by invoking
snd_seq_pool_init() when the first write happens and the pool is
empty.  Meanwhile user can reset the pool size manually via ioctl
concurrently, and this may lead to UAF or out-of-bound accesses since
the function tries to vmalloc / vfree the buffer.

A simple fix is to just wrap the snd_seq_pool_init() call with the
recently introduced client->ioctl_mutex; as the calls for
snd_seq_pool_init() from other side are always protected with this
mutex, we can avoid the race.

Reported-by: 范龙飞 <long7573@126.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-02-14 10:39:08 +01:00
..
oss vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
Kconfig ALSA: seq: Fix CONFIG_SND_SEQ_MIDI dependency 2017-08-11 09:51:41 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
seq_clientmgr.c ALSA: seq: Fix racy pool initializations 2018-02-14 10:39:08 +01:00
seq_clientmgr.h ALSA: seq: Make ioctls race-free 2018-01-11 14:37:51 +01:00
seq_compat.c ALSA: seq: fix passing wrong pointer in function call of compatibility layer 2016-10-12 20:09:36 +02:00
seq_dummy.c ALSA: seq: Drop snd_seq_autoload_lock() and _unlock() 2015-02-12 14:42:31 +01:00
seq_fifo.c sched/wait: Rename wait_queue_t => wait_queue_entry_t 2017-06-20 12:18:27 +02:00
seq_fifo.h
seq_info.c ALSA: core: Build conditionally and remove superfluous ifdefs 2015-04-24 17:31:07 +02:00
seq_info.h ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
seq_lock.c ALSA: seq: Enable 'use' locking in all configurations 2017-10-18 08:01:46 +02:00
seq_lock.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
seq_memory.c sound updates for 4.13-rc1 2017-07-06 10:56:51 -07:00
seq_memory.h ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() 2017-03-21 14:01:10 +01:00
seq_midi_emul.c ALSA: seq: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:03 +02:00
seq_midi_event.c ALSA: seq: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:03 +02:00
seq_midi.c ALSA: seq: Drop snd_seq_autoload_lock() and _unlock() 2015-02-12 14:42:31 +01:00
seq_ports.c ALSA: seq: Fix use-after-free at creating a port 2017-10-11 09:58:18 +02:00
seq_ports.h
seq_prioq.c ALSA: seq: Drop superfluous error/debug messages after malloc failures 2015-03-10 15:41:18 +01:00
seq_prioq.h
seq_queue.c ALSA: seq: Process queue tempo/ppq change in a shot 2018-01-15 16:48:36 +01:00
seq_queue.h ALSA: seq: 2nd attempt at fixing race creating a queue 2017-08-15 08:02:35 +02:00
seq_system.c
seq_system.h
seq_timer.c ALSA: seq: Process queue tempo/ppq change in a shot 2018-01-15 16:48:36 +01:00
seq_timer.h ALSA: seq: Process queue tempo/ppq change in a shot 2018-01-15 16:48:36 +01:00
seq_virmidi.c ALSA: seq: Fix copy_from_user() call inside lock 2017-10-09 14:10:13 +02:00
seq.c ALSA: timer: remove legacy rtctimer 2016-04-25 10:41:46 +02:00