iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b726e3634e
linux/sound/core
History
Takashi Iwai 97367c9722 ALSA: seq: Fix racy deletion of subscriber 
It turned out that the current implementation of the port subscription
is racy.  The subscription contains two linked lists, and we have to
add to or delete from both lists.  Since both connection and
disconnection procedures perform the same order for those two lists
(i.e. src list, then dest list), when a deletion happens during a
connection procedure, the src list may be deleted before the dest list
addition completes, and this may lead to a use-after-free or an Oops,
even though the access to both lists are protected via mutex.

The simple workaround for this race is to change the access order for
the disconnection, namely, dest list, then src list.  This assures
that the connection has been established when disconnecting, and also
the concurrent deletion can be avoided.

Reported-and-tested-by: folkert <folkert@vanheusden.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210801182754.GP890690@belle.intranet.vanheusden.com
Link: https://lore.kernel.org/r/20210803114312.2536-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-08-03 13:43:40 +02:00
..
oss ALSA: oss: Fix assignment in if condition 2021-06-09 17:30:25 +02:00
seq ALSA: seq: Fix racy deletion of subscriber 2021-08-03 13:43:40 +02:00
compress_offload.c ALSA: Convert strlcpy to strscpy when return value is unused 2021-01-08 09:30:05 +01:00
control_compat.c ALSA: control: Drop superfluous snd_power_wait() calls 2021-05-25 08:48:49 +02:00
control_led.c ALSA: control_led - fix initialization in the mode show callback 2021-06-14 09:50:34 +02:00
control.c ALSA: control: Minor optimization for SNDRV_CTL_IOCTL_POWER_STATE 2021-05-25 08:49:06 +02:00
ctljack.c ALSA: Convert strlcpy to strscpy when return value is unused 2021-01-08 09:30:05 +01:00
device.c ALSA: core: Add snd_device_get_state() helper 2020-03-23 18:09:19 +01:00
hrtimer.c ALSA: timer: Replace tasklet with work 2020-09-09 18:32:52 +02:00
hwdep_compat.c ALSA: compat_ioctl: avoid compat_alloc_user_space 2020-09-21 10:37:07 +02:00
hwdep.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
info_oss.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
info.c ALSA: info: Drop WARN_ON() from buffer NULL sanity check 2020-07-17 10:59:38 +02:00
init.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
isadma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
jack.c ALSA: jack: implement software jack injection via debugfs 2021-02-02 10:37:07 +01:00
Kconfig ALSA: control - add generic LED trigger module as the new control layer 2021-03-30 15:33:58 +02:00
Makefile ALSA: control - add generic LED trigger module as the new control layer 2021-03-30 15:33:58 +02:00
memalloc_local.h ALSA: core: Move mmap handler into memalloc ops 2021-06-10 10:15:21 +02:00
memalloc.c ALSA: memalloc: Fix regression with SNDRV_DMA_TYPE_CONTINUOUS 2021-08-02 09:03:22 +02:00
memory.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
misc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
pcm_compat.c ALSA: pcm: Fix assignment in if condition 2021-06-09 17:30:24 +02:00
pcm_dmaengine.c ASoC: dmaengine_pcm: add peripheral configuration 2021-02-05 17:16:41 +00:00
pcm_drm_eld.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
pcm_iec958.c ALSA: iec958: Split status creation and fill 2021-06-08 17:05:41 +02:00
pcm_lib.c ALSA: pcm: add snd_pcm_period_elapsed() variant without acquiring lock of PCM substream 2021-06-10 09:49:54 +02:00
pcm_local.h ALSA: core: Abstract memory alloc helpers 2021-06-10 10:15:21 +02:00
pcm_memory.c ALSA: core: Abstract memory alloc helpers 2021-06-10 10:15:21 +02:00
pcm_misc.c ALSA: pcm: Fix assignment in if condition 2021-06-09 17:30:24 +02:00
pcm_native.c ALSA: pcm - fix mmap capability check for the snd-dummy driver 2021-07-30 20:20:38 +02:00
pcm_param_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_timer.c ALSA: timer: Constify snd_timer_hardware definitions 2020-01-03 09:24:07 +01:00
pcm_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm.c ALSA: pcm: use DEVICE_ATTR_RO macro 2021-05-25 09:00:04 +02:00
rawmidi_compat.c ALSA: rawmidi: Add framing mode 2021-05-17 16:02:44 +02:00
rawmidi.c ALSA: rawmidi: fix incorrect array bounds check on clock_names 2021-05-19 16:20:25 +02:00
seq_device.c ALSA: core: avoid -Wempty-body warnings 2021-03-22 12:26:00 +01:00
sgbuf.c ALSA: core: Abstract memory alloc helpers 2021-06-10 10:15:21 +02:00
sound_oss.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
sound.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
timer_compat.c ALSA: Convert strlcpy to strscpy when return value is unused 2021-01-08 09:30:05 +01:00
timer.c ALSA: timer: Fix master timer notification 2021-06-03 09:39:58 +02:00
vmaster.c ALSA: Replace the word "slave" in vmaster API 2020-07-20 10:10:47 +02:00