korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-24 12:44:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
c0317c0e87
linux/sound/core
History
Wang Wensheng c0317c0e87 ALSA: timer: Fix use-after-free problem 
When the timer instance was add into ack_list but was not currently in
process, the user could stop it via snd_timer_stop1() without delete it
from the ack_list. Then the user could free the timer instance and when
it was actually processed UAF occurred.

This issue could be reproduced via testcase snd_timer01 in ltp - running
several instances of that testcase at the same time.

What I actually met was that the ack_list of the timer broken and the
kernel went into deadloop with irqoff. That could be detected by
hardlockup detector on board or when we run it on qemu, we could use gdb
to dump the ack_list when the console has no response.

To fix this issue, we delete the timer instance from ack_list and
active_list unconditionally in snd_timer_stop1().

Signed-off-by: Wang Wensheng <wangwensheng4@huawei.com>
Suggested-by: Takashi Iwai <tiwai@suse.de>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20211103033517.80531-1-wangwensheng4@huawei.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-11-03 16:52:13 +01:00
..
oss ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume 2021-10-26 07:59:40 +02:00
seq Merge branch 'for-linus' into for-next 2021-08-09 07:53:22 +02:00
compress_offload.c ALSA: compress: Initialize mutex in snd_compress_new() 2021-07-15 10:22:38 +02:00
control_compat.c ALSA: control: Drop superfluous snd_power_wait() calls 2021-05-25 08:48:49 +02:00
control_led.c ALSA: core: control_led: use strscpy instead of strlcpy 2021-08-13 08:05:17 +02:00
control.c ALSA: control: Minor optimization for SNDRV_CTL_IOCTL_POWER_STATE 2021-05-25 08:49:06 +02:00
ctljack.c ALSA: Convert strlcpy to strscpy when return value is unused 2021-01-08 09:30:05 +01:00
device.c ALSA: core: Add snd_device_get_state() helper 2020-03-23 18:09:19 +01:00
hrtimer.c ALSA: timer: Replace tasklet with work 2020-09-09 18:32:52 +02:00
hwdep_compat.c ALSA: compat_ioctl: avoid compat_alloc_user_space 2020-09-21 10:37:07 +02:00
hwdep.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
info_oss.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
info.c isystem: trim/fixup stdarg.h and other headers 2021-08-19 09:02:55 +09:00
init.c ALSA: core: Fix double calls of snd_card_free() via devres 2021-07-31 10:36:06 +02:00
isadma.c ALSA: core: Add device-managed request_dma() 2021-07-19 16:16:34 +02:00
jack.c ALSA: jack: implement software jack injection via debugfs 2021-02-02 10:37:07 +01:00
Kconfig ALSA: control - add generic LED trigger module as the new control layer 2021-03-30 15:33:58 +02:00
Makefile ALSA: memalloc: Convert x86 SG-buffer handling with non-contiguous type 2021-10-18 13:32:13 +02:00
memalloc_local.h ALSA: memalloc: Support for non-contiguous page allocation 2021-10-18 13:32:10 +02:00
memalloc.c ALSA: memalloc: Fix a typo in snd_dma_buffer_sync() description 2021-10-19 08:07:41 +02:00
memory.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
misc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
pcm_compat.c ALSA: memalloc: Support for non-contiguous page allocation 2021-10-18 13:32:10 +02:00
pcm_dmaengine.c ASoC: dmaengine_pcm: add peripheral configuration 2021-02-05 17:16:41 +00:00
pcm_drm_eld.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
pcm_iec958.c ALSA: iec958: Split status creation and fill 2021-06-08 17:05:41 +02:00
pcm_lib.c ALSA: memalloc: Support for non-contiguous page allocation 2021-10-18 13:32:10 +02:00
pcm_local.h ALSA: memalloc: Support for non-contiguous page allocation 2021-10-18 13:32:10 +02:00
pcm_memory.c ALSA: memalloc: Support for non-contiguous page allocation 2021-10-18 13:32:10 +02:00
pcm_misc.c ALSA: pcm: Fix assignment in if condition 2021-06-09 17:30:24 +02:00
pcm_native.c ALSA: memalloc: Support for non-contiguous page allocation 2021-10-18 13:32:10 +02:00
pcm_param_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_timer.c ALSA: timer: Constify snd_timer_hardware definitions 2020-01-03 09:24:07 +01:00
pcm_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm.c ALSA: pcm: use DEVICE_ATTR_RO macro 2021-05-25 09:00:04 +02:00
rawmidi_compat.c ALSA: rawmidi: Add framing mode 2021-05-17 16:02:44 +02:00
rawmidi.c ALSA: rawmidi: introduce SNDRV_RAWMIDI_IOCTL_USER_PVERSION 2021-09-23 09:26:40 +02:00
seq_device.c ALSA: seq: Fix a potential UAF by wrong private_free call order 2021-09-30 14:13:22 +02:00
sound_oss.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
sound.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
timer_compat.c ALSA: Convert strlcpy to strscpy when return value is unused 2021-01-08 09:30:05 +01:00
timer.c ALSA: timer: Fix use-after-free problem 2021-11-03 16:52:13 +01:00
vmaster.c ALSA: Replace the word "slave" in vmaster API 2020-07-20 10:10:47 +02:00