linux

iv/linux

History

Takashi Iwai d15d662e89 ALSA: seq: Fix racy pool initializations ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. Meanwhile user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound accesses since the function tries to vmalloc / vfree the buffer. A simple fix is to just wrap the snd_seq_pool_init() call with the recently introduced client->ioctl_mutex; as the calls for snd_seq_pool_init() from other side are always protected with this mutex, we can avoid the race. Reported-by: 范龙飞 <long7573@126.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>		2018-02-14 10:39:08 +01:00
..
ac97	ALSA: ac97: kconfig: Remove select of undefined symbol AC97	2018-02-12 08:16:39 +01:00
aoa
arm
atmel
core	ALSA: seq: Fix racy pool initializations	2018-02-14 10:39:08 +01:00
drivers	Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2018-01-29 16:50:58 -08:00
firewire	vfs: do bulk POLL* -> EPOLL* replacement	2018-02-11 14:34:03 -08:00
hda	Merge branch 'topic/hdac-hdmi' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into asoc-intel	2018-01-12 21:19:05 +00:00
i2c
isa
mips
oss	vfs: do bulk POLL* -> EPOLL* replacement	2018-02-11 14:34:03 -08:00
parisc
pci	ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform	2018-02-07 06:24:17 +01:00
pcmcia
ppc
sh
soc	ASoC: Updates for v4.16	2018-02-07 12:11:09 -08:00
sparc
spi
synth
usb	Merge branch 'topic/fixes' into for-linus	2018-02-12 09:36:26 +01:00
x86
ac97_bus.c
Kconfig
last.c
Makefile
sound_core.c	sound: Remove leftover msnd init declarations	2018-01-11 17:10:34 +01:00