leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fe1b26c93d
linux/sound/core
History
Takashi Iwai fe1b26c93d ALSA: timer: Make snd_timer_close() really kill pending actions 
snd_timer_close() is supposed to close the timer instance and sync
with the deactivation of pending actions.  However, there are still
some overlooked cases:

- It calls snd_timer_stop() at the beginning, but some other might
  re-trigger the timer right after that.

- snd_timer_stop() calls del_timer_sync() only when all belonging
  instances are closed.  If multiple instances were assigned to a
  timer object and one is closed, the timer is still running.  Then
  the pending action assigned to this timer might be left.

Actually either of the above is the likely cause of the reported
syzkaller UAF.

This patch plug these holes by introducing SNDRV_TIMER_IFLG_DEAD
flag.  This is set at the beginning of snd_timer_close(), and the flag
is checked at snd_timer_start*() and else, so that no longer new
action is left after snd_timer_close().

Reported-by: syzbot+d5136d4d3240cbe45a2a@syzkaller.appspotmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-03-27 17:02:40 +01:00
..
oss ALSA: pcm: Drop unused snd_pcm_substream.file field 2019-01-24 14:40:25 +01:00
seq Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
compress_offload.c ALSA: compress: Remove superfluous snd_info_register() calls 2019-02-06 18:11:54 +01:00
control_compat.c ALSA: control: fix a redundant-copy issue 2018-05-13 09:27:57 +02:00
control.c ALSA: control: Consolidate helpers for adding and replacing ctl elements 2018-11-24 20:04:10 +01:00
ctljack.c ALSA: declare snd_kcontrol_new structures as const 2017-05-30 10:29:25 +02:00
device.c ALSA: core: Assure control device to be registered at last 2018-05-17 08:21:23 +02:00
hrtimer.c Merge branch 'for-next' into for-linus 2017-11-13 15:43:13 +01:00
hwdep_compat.c
hwdep.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-01-31 09:25:20 -08:00
info_oss.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
info.c ALSA: info: Move card id proc creation into info.c 2019-02-06 18:11:58 +01:00
init.c ALSA: info: Move card id proc creation into info.c 2019-02-06 18:11:58 +01:00
isadma.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
jack.c ALSA: fix kernel-doc build warning 2017-10-30 08:10:07 +01:00
Kconfig docs: Fix some broken references 2018-06-15 18:10:01 -03:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
memalloc.c ALSA: core: Don't allow NULL device for memory allocation 2019-02-05 11:05:26 +01:00
memory.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
misc.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
pcm_compat.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
pcm_dmaengine.c ASoC: dmaengine_pcm: Add support for packed transfers 2016-04-27 17:34:11 +01:00
pcm_drm_eld.c ALSA: pcm: use helper function to refer parameter as read-only 2017-05-17 07:24:39 +02:00
pcm_iec958.c ALSA: pcm: Allow 32 bit sample format in IEC958 channel status helper 2016-04-06 14:33:38 -07:00
pcm_lib.c ALSA: pcm: Comment why read blocks when PCM is not running 2019-02-13 08:01:05 +01:00
pcm_local.h ALSA: pcm: Unify snd_pcm_group initialization 2019-01-21 16:39:35 +01:00
pcm_memory.c ALSA: pcm: Define snd_pcm_lib_preallocate_*() as returning void 2019-02-08 14:24:12 +01:00
pcm_misc.c ALSA: pcm: add SNDRV_PCM_FORMAT_{S,U}20 2017-11-29 09:26:33 +01:00
pcm_native.c ALSA: PCM: check if ops are defined before suspending PCM 2019-02-11 17:04:25 +01:00
pcm_param_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_timer.c ALSA: pcm: include pcm_local.h and remove some extraneous tabs 2017-05-30 18:04:47 +02:00
pcm_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm.c ALSA: pcm: Remove superfluous snd_info_register() calls 2019-02-06 18:11:54 +01:00
rawmidi_compat.c ALSA: rawmidi: Fix missing input substream checks in compat ioctls 2018-04-19 18:16:15 +02:00
rawmidi.c ALSA: rawmidi: A lightweight function to discard pending bytes 2018-10-04 20:13:17 +02:00
seq_device.c ALSA: seq: Cancel pending autoload work at unbinding device 2017-09-12 12:41:20 +02:00
sgbuf.c ALSA: memalloc: Add non-cached buffer type 2018-08-28 13:56:47 +02:00
sound_oss.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
sound.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
timer_compat.c ALSA: timer: Remove kernel warning at compat ioctl error paths 2017-11-21 16:36:11 +01:00
timer.c ALSA: timer: Make snd_timer_close() really kill pending actions 2019-03-27 17:02:40 +01:00
vmaster.c - Introduce arithmetic overflow test helper functions (Rasmus) 2018-06-06 17:27:14 -07:00