projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0d7252d) | patch
ALSA: seq: More protection for concurrent write and ioctl races
authorTakashi Iwai <tiwai@suse.de>
Mon, 5 Mar 2018 21:06:09 +0000 (22:06 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 18 Mar 2018 10:18:51 +0000 (11:18 +0100)
commitec0011620b81d701151b10e108e6cd9e374f8759
tree8c3078277b7a5805ddf3aed5a6e9547293899a57tree | snapshot
parent0d7252d33dcb8e79d3d46da96e43ce3d56f29c2ecommit | diff
ALSA: seq: More protection for concurrent write and ioctl races

commit 7bd80091567789f1c0cb70eb4737aac8bcd2b6b9 upstream.

This patch is an attempt for further hardening against races between
the concurrent write and ioctls.  The previous fix d15d662e89fc
("ALSA: seq: Fix racy pool initializations") covered the race of the
pool initialization at writer and the pool resize ioctl by the
client->ioctl_mutex (CVE-2018-1000004).  However, basically this mutex
should be applied more widely to the whole write operation for
avoiding the unexpected pool operations by another thread.

The only change outside snd_seq_write() is the additional mutex
argument to helper functions, so that we can unlock / relock the given
mutex temporarily during schedule() call for blocking write.

Fixes: d15d662e89fc ("ALSA: seq: Fix racy pool initializations")
Reported-by: 范龙飞 <long7573@126.com>
Reported-by: Nicolai Stange <nstange@suse.de>
Reviewed-and-tested-by: Nicolai Stange <nstange@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
sound/core/seq/seq_clientmgr.c diff | blob | history
sound/core/seq/seq_fifo.c diff | blob | history
sound/core/seq/seq_memory.c diff | blob | history
sound/core/seq/seq_memory.h diff | blob | history