linux/sound/core
Takashi Iwai 2eabc5ec8a ALSA: seq: Fix race of get-subscription call vs port-delete ioctls
The snd_seq_ioctl_get_subscription() retrieves the port subscriber
information as a pointer, while the object isn't protected, hence it
may be deleted before the actual reference.  This race was spotted by
syzkaller and may lead to a UAF.

The fix is simply copying the data in the lookup function that
performs in the rwsem to protect against the deletion.

Reported-by: syzbot+9437020c82413d00222d@syzkaller.appspotmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-04-09 18:54:13 +02:00
..
oss ALSA: pcm: Drop unused snd_pcm_substream.file field 2019-01-24 14:40:25 +01:00
seq ALSA: seq: Fix race of get-subscription call vs port-delete ioctls 2019-04-09 18:54:13 +02:00
compress_offload.c ALSA: compress: Remove superfluous snd_info_register() calls 2019-02-06 18:11:54 +01:00
control_compat.c ALSA: control: fix a redundant-copy issue 2018-05-13 09:27:57 +02:00
control.c ALSA: control: Consolidate helpers for adding and replacing ctl elements 2018-11-24 20:04:10 +01:00
ctljack.c ALSA: declare snd_kcontrol_new structures as const 2017-05-30 10:29:25 +02:00
device.c ALSA: core: Assure control device to be registered at last 2018-05-17 08:21:23 +02:00
hrtimer.c Merge branch 'for-next' into for-linus 2017-11-13 15:43:13 +01:00
hwdep_compat.c
hwdep.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-01-31 09:25:20 -08:00
info_oss.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
info.c ALSA: info: Move card id proc creation into info.c 2019-02-06 18:11:58 +01:00
init.c ALSA: info: Move card id proc creation into info.c 2019-02-06 18:11:58 +01:00
isadma.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
jack.c ALSA: fix kernel-doc build warning 2017-10-30 08:10:07 +01:00
Kconfig docs: Fix some broken references 2018-06-15 18:10:01 -03:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
memalloc.c ALSA: Replace snd_malloc_pages() and snd_free_pages() with standard helpers, take#2 2019-03-27 17:15:01 +01:00
memory.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
misc.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
pcm_compat.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
pcm_dmaengine.c ASoC: dmaengine_pcm: Add support for packed transfers 2016-04-27 17:34:11 +01:00
pcm_drm_eld.c ALSA: pcm: use helper function to refer parameter as read-only 2017-05-17 07:24:39 +02:00
pcm_iec958.c ALSA: pcm: Allow 32 bit sample format in IEC958 channel status helper 2016-04-06 14:33:38 -07:00
pcm_lib.c ALSA: pcm: Comment why read blocks when PCM is not running 2019-02-13 08:01:05 +01:00
pcm_local.h ALSA: pcm: Unify snd_pcm_group initialization 2019-01-21 16:39:35 +01:00
pcm_memory.c ALSA: pcm: Define snd_pcm_lib_preallocate_*() as returning void 2019-02-08 14:24:12 +01:00
pcm_misc.c ALSA: pcm: add SNDRV_PCM_FORMAT_{S,U}20 2017-11-29 09:26:33 +01:00
pcm_native.c ALSA: PCM: check if ops are defined before suspending PCM 2019-02-11 17:04:25 +01:00
pcm_param_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_timer.c ALSA: pcm: include pcm_local.h and remove some extraneous tabs 2017-05-30 18:04:47 +02:00
pcm_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm.c ALSA: Replace snd_malloc_pages() and snd_free_pages() with standard helpers, take#2 2019-03-27 17:15:01 +01:00
rawmidi_compat.c ALSA: rawmidi: Fix missing input substream checks in compat ioctls 2018-04-19 18:16:15 +02:00
rawmidi.c ALSA: rawmidi: A lightweight function to discard pending bytes 2018-10-04 20:13:17 +02:00
seq_device.c ALSA: seq: Cancel pending autoload work at unbinding device 2017-09-12 12:41:20 +02:00
sgbuf.c ALSA: memalloc: Add non-cached buffer type 2018-08-28 13:56:47 +02:00
sound_oss.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
sound.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
timer_compat.c ALSA: timer: Remove kernel warning at compat ioctl error paths 2017-11-21 16:36:11 +01:00
timer.c ALSA: timer: Revert active callback sync check at close 2019-04-09 12:29:34 +02:00
vmaster.c - Introduce arithmetic overflow test helper functions (Rasmus) 2018-06-06 17:27:14 -07:00