evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/sound/core/seq
History
Takashi Iwai 623e5c8ae3 ALSA: seq: Make ioctls race-free 
commit b3defb791b26ea0683a93a4f49c77ec45ec96f10 upstream.

The ALSA sequencer ioctls have no protection against racy calls while
the concurrent operations may lead to interfere with each other.  As
reported recently, for example, the concurrent calls of setting client
pool with a combination of write calls may lead to either the
unkillable dead-lock or UAF.

As a slightly big hammer solution, this patch introduces the mutex to
make each ioctl exclusive.  Although this may reduce performance via
parallel ioctl calls, usually it's not demanded for sequencer usages,
hence it should be negligible.

Reported-by: Luo Quan <a4651386@163.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
[bwh: Backported to 4.4: ioctl dispatch is done from snd_seq_do_ioctl();
 take the mutex and add ret variable there.]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-03 17:04:25 +01:00
..
oss ALSA: seq: Fix OSS sysex delivery in OSS emulation 2017-11-15 17:13:12 +01:00
Kconfig
Makefile ALSA: core: Fix randconfig build wrt CONFIG_PROC_FS 2015-05-29 07:21:02 +02:00
seq.c Subject: ALSA: seq: Remove autoload locks in driver registration 2014-10-18 20:25:19 +02:00
seq_clientmgr.c ALSA: seq: Make ioctls race-free 2018-02-03 17:04:25 +01:00
seq_clientmgr.h ALSA: seq: Make ioctls race-free 2018-02-03 17:04:25 +01:00
seq_compat.c ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode 2016-01-31 11:28:57 -08:00
seq_device.c ALSA: seq: Cancel pending autoload work at unbinding device 2017-11-18 11:11:05 +01:00
seq_dummy.c ALSA: seq: Drop snd_seq_autoload_lock() and _unlock() 2015-02-12 14:42:31 +01:00
seq_fifo.c ALSA: seq: Fix race during FIFO resize 2017-04-08 09:53:31 +02:00
seq_fifo.h
seq_info.c ALSA: core: Build conditionally and remove superfluous ifdefs 2015-04-24 17:31:07 +02:00
seq_info.h ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
seq_lock.c ALSA: seq: Enable 'use' locking in all configurations 2017-10-27 10:23:16 +02:00
seq_lock.h ALSA: seq: Enable 'use' locking in all configurations 2017-10-27 10:23:16 +02:00
seq_memory.c ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() 2017-03-30 09:35:15 +02:00
seq_memory.h ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() 2017-03-30 09:35:15 +02:00
seq_midi.c ALSA: seq: Drop snd_seq_autoload_lock() and _unlock() 2015-02-12 14:42:31 +01:00
seq_midi_emul.c ALSA: seq: potential out of bounds in do_control() 2015-02-12 11:07:48 +01:00
seq_midi_event.c sound: Add module.h to the previously silent sound users 2011-10-31 19:31:21 -04:00
seq_ports.c ALSA: seq: Fix use-after-free at creating a port 2017-10-18 09:20:42 +02:00
seq_ports.h ALSA: seq: remove unused callback_all field 2015-01-26 13:56:58 +01:00
seq_prioq.c ALSA: seq: Drop superfluous error/debug messages after malloc failures 2015-03-10 15:41:18 +01:00
seq_prioq.h
seq_queue.c ALSA: seq: 2nd attempt at fixing race creating a queue 2017-08-24 17:02:35 -07:00
seq_queue.h ALSA: seq: 2nd attempt at fixing race creating a queue 2017-08-24 17:02:35 -07:00
seq_system.c sound: Add export.h for THIS_MODULE/EXPORT_SYMBOL where needed 2011-10-31 19:31:22 -04:00
seq_system.h
seq_timer.c ALSA: seq: Remove spurious WARN_ON() at timer check 2017-12-16 10:33:49 +01:00
seq_timer.h
seq_virmidi.c ALSA: seq: Fix copy_from_user() call inside lock 2017-10-18 09:20:42 +02:00