iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d85739367c
linux/sound/core
History
Takashi Iwai d85739367c ALSA: seq: Don't allow resizing pool in use 
This is a fix for a (sort of) fallout in the recent commit
d15d662e89 ("ALSA: seq: Fix racy pool initializations") for
CVE-2018-1000004.
As the pool resize deletes the existing cells, it may lead to a race
when another thread is writing concurrently, eventually resulting a
UAF.

A simple workaround is not to allow the pool resizing when the pool is
in use.  It's an invalid behavior in anyway.

Fixes: d15d662e89 ("ALSA: seq: Fix racy pool initializations")
Reported-by: 范龙飞 <long7573@126.com>
Reported-by: Nicolai Stange <nstange@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-03-08 08:59:26 +01:00
..
oss vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
seq ALSA: seq: Don't allow resizing pool in use 2018-03-08 08:59:26 +01:00
compress_offload.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
control_compat.c ALSA: Get rid of card power_lock 2017-08-30 20:44:29 +02:00
control.c ALSA: control: Fix memory corruption risk in snd_ctl_elem_read 2018-02-28 08:15:56 +01:00
ctljack.c ALSA: declare snd_kcontrol_new structures as const 2017-05-30 10:29:25 +02:00
device.c ALSA: core: Use %pS printk format for direct addresses 2017-09-07 10:36:02 +02:00
hrtimer.c Merge branch 'for-next' into for-linus 2017-11-13 15:43:13 +01:00
hwdep_compat.c
hwdep.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-01-31 09:25:20 -08:00
info_oss.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
info.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
init.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
isadma.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
jack.c ALSA: fix kernel-doc build warning 2017-10-30 08:10:07 +01:00
Kconfig ALSA: seq: Allow the modular sequencer registration 2017-06-12 08:43:33 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
memalloc.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
memory.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
misc.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
pcm_compat.c ALSA: pcm: Fix structure definition for X32 ABI 2017-09-22 11:23:48 +02:00
pcm_dmaengine.c ASoC: dmaengine_pcm: Add support for packed transfers 2016-04-27 17:34:11 +01:00
pcm_drm_eld.c ALSA: pcm: use helper function to refer parameter as read-only 2017-05-17 07:24:39 +02:00
pcm_iec958.c ALSA: pcm: Allow 32 bit sample format in IEC958 channel status helper 2016-04-06 14:33:38 -07:00
pcm_lib.c Merge branch 'for-linus' into for-next 2018-01-15 16:45:15 +01:00
pcm_local.h ALSA: pcm: unify codes to operate application-side position on PCM buffer 2017-06-12 08:49:22 +02:00
pcm_memory.c ALSA: pcm: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:18:58 +02:00
pcm_misc.c ALSA: pcm: add SNDRV_PCM_FORMAT_{S,U}20 2017-11-29 09:26:33 +01:00
pcm_native.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pcm_param_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_timer.c ALSA: pcm: include pcm_local.h and remove some extraneous tabs 2017-05-30 18:04:47 +02:00
pcm_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm.c ALSA: pcm: prevent UAF in snd_pcm_info 2017-12-05 23:28:08 +01:00
rawmidi_compat.c ALSA: rawmidi: Fix ioctls X32 ABI 2016-02-28 17:44:51 +01:00
rawmidi.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
seq_device.c ALSA: seq: Cancel pending autoload work at unbinding device 2017-09-12 12:41:20 +02:00
sgbuf.c ALSA: core: Deletion of unnecessary checks before two function calls 2014-11-21 20:06:57 +01:00
sound_oss.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
sound.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
timer_compat.c ALSA: timer: Remove kernel warning at compat ioctl error paths 2017-11-21 16:36:11 +01:00
timer.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
vmaster.c ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization 2017-11-22 12:34:56 +01:00