Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-24 13:11:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
c0317c0e87
linux/sound
History
Wang Wensheng c0317c0e87 ALSA: timer: Fix use-after-free problem 
When the timer instance was add into ack_list but was not currently in
process, the user could stop it via snd_timer_stop1() without delete it
from the ack_list. Then the user could free the timer instance and when
it was actually processed UAF occurred.

This issue could be reproduced via testcase snd_timer01 in ltp - running
several instances of that testcase at the same time.

What I actually met was that the ack_list of the timer broken and the
kernel went into deadloop with irqoff. That could be detected by
hardlockup detector on board or when we run it on qemu, we could use gdb
to dump the ack_list when the console has no response.

To fix this issue, we delete the timer instance from ack_list and
active_list unconditionally in snd_timer_stop1().

Signed-off-by: Wang Wensheng <wangwensheng4@huawei.com>
Suggested-by: Takashi Iwai <tiwai@suse.de>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20211103033517.80531-1-wangwensheng4@huawei.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-11-03 16:52:13 +01:00
..
ac97 bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
aoa Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
arm ALSA: pxa2xx: Use managed PCM buffer allocation 2021-08-04 08:08:21 +02:00
atmel
core ALSA: timer: Fix use-after-free problem 2021-11-03 16:52:13 +01:00
drivers ALSA: pcsp: Make hrtimer forwarding more robust 2021-09-28 10:58:08 +02:00
firewire ALSA: firewire-motu: remove TODO for interaction with userspace about control message 2021-10-29 10:01:43 +02:00
hda ASoC: Updates for v5.16 2021-11-01 16:58:27 +01:00
i2c ALSA: i2c: tea6330t: Remove redundant initialization of variable err 2021-06-12 09:32:14 +02:00
isa ALSA: gus: fix null pointer dereference on pointer block 2021-10-26 08:02:16 +02:00
mips ALSA: n64: check return value after calling platform_get_resource() 2021-06-12 09:31:13 +02:00
oss sound/oss/dmasound: Remove superfluous "break" 2021-05-27 08:24:23 +02:00
parisc parisc architecture updates for kernel 5.15: 2021-09-02 13:16:00 -07:00
pci ALSA: hda/realtek: Add quirk for Clevo PC70HS 2021-11-02 09:15:16 +01:00
pcmcia ALSA: vx: Manage vx_core object with devres 2021-07-19 16:17:09 +02:00
ppc ALSA: ppc: fix error return code in snd_pmac_probe() 2021-06-16 08:52:29 +02:00
sh
soc ASoC: Updates for v5.16 2021-11-01 16:58:27 +01:00
sparc ALSA: sparc: Fix assignment in if condition 2021-06-09 17:30:29 +02:00
spi
synth ALSA: emux: fix spelling mistakes 2021-07-05 19:34:22 +02:00
usb ALSA: usb-audio: Add quirk for Audient iD14 2021-11-02 17:19:26 +01:00
virtio ALSA: virtio: Replace zero-length array with flexible-array member 2021-09-30 13:47:57 +02:00
x86 ALSA: memalloc: Correctly name as WC 2021-08-04 08:07:58 +02:00
xen
ac97_bus.c
Kconfig
last.c
Makefile
sound_core.c