OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/sound/core
History
Takashi Iwai 4d81a7bdd3 ALSA: seq: oss: Serialize ioctls 
commit 80982c7e83 upstream.

Some ioctls via OSS sequencer API may race and lead to UAF when the
port create and delete are performed concurrently, as spotted by a
couple of syzkaller cases.  This patch is an attempt to address it by
serializing the ioctls with the existing register_mutex.

Basically OSS sequencer API is an obsoleted interface and was designed
without much consideration of the concurrency.  There are very few
applications with it, and the concurrent performance isn't asked,
hence this "big hammer" approach should be good enough.

Reported-by: syzbot+1a54a94bd32716796edd@syzkaller.appspotmail.com
Reported-by: syzbot+9d2abfef257f3e2d4713@syzkaller.appspotmail.com
Suggested-by: Hillf Danton <hdanton@sina.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200804185815.2453-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-08-11 15:33:33 +02:00
..
oss ALSA: pcm: oss: Place the plugin buffer overflow checks correctly 2020-05-06 08:15:08 +02:00
seq ALSA: seq: oss: Serialize ioctls 2020-08-11 15:33:33 +02:00
Kconfig
Makefile
compress_offload.c ALSA: compress: fix partial_drain completion state 2020-07-16 08:16:39 +02:00
control.c ALSA: ctl: allow TLV read operation for callback type of element in locked case 2020-02-24 08:36:24 +01:00
control_compat.c
ctljack.c
device.c
hrtimer.c
hwdep.c ALSA: hwdep: fix a left shifting 1 by 31 UB bug 2020-06-03 08:21:22 +02:00
hwdep_compat.c
info.c ALSA: info: Drop WARN_ON() from buffer NULL sanity check 2020-07-29 10:18:30 +02:00
info_oss.c
init.c
isadma.c
jack.c
memalloc.c
memory.c
misc.c
pcm.c
pcm_compat.c
pcm_dmaengine.c
pcm_drm_eld.c
pcm_iec958.c
pcm_lib.c ALSA: pcm: fix incorrect hw_base increase 2020-05-27 17:46:39 +02:00
pcm_local.h
pcm_memory.c
pcm_misc.c
pcm_native.c ALSA: pcm: fix snd_pcm_link() lockdep splat 2020-06-17 16:40:27 +02:00
pcm_param_trace.h
pcm_timer.c
pcm_trace.h
rawmidi.c ALSA: rawmidi: Fix racy buffer resize under concurrent accesses 2020-05-20 08:20:30 +02:00
rawmidi_compat.c
seq_device.c
sgbuf.c
sound.c
sound_oss.c
timer.c ALSA: timer: Limit max amount of slave instances 2019-12-31 16:44:47 +01:00
timer_compat.c
vmaster.c