From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 15 Jun 2020 20:31:08 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v5.4.47~79
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=13306850cf78e90c0f13c59da365d39a085f8a89;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	alsa-pcm-disallow-linking-stream-to-itself.patch
---

diff --git a/queue-4.4/alsa-pcm-disallow-linking-stream-to-itself.patch b/queue-4.4/alsa-pcm-disallow-linking-stream-to-itself.patch
new file mode 100644
index 00000000000..3dc27532a50
--- /dev/null
+++ b/queue-4.4/alsa-pcm-disallow-linking-stream-to-itself.patch
@@ -0,0 +1,42 @@
+From 951e2736f4b11b58dc44d41964fa17c3527d882a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20Miros=C5=82aw?= <mirq-linux@rere.qmqm.pl>
+Date: Mon, 8 Jun 2020 18:50:39 +0200
+Subject: ALSA: pcm: disallow linking stream to itself
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Michał Mirosław <mirq-linux@rere.qmqm.pl>
+
+commit 951e2736f4b11b58dc44d41964fa17c3527d882a upstream.
+
+Prevent SNDRV_PCM_IOCTL_LINK linking stream to itself - the code
+can't handle it. Fixed commit is not where bug was introduced, but
+changes the context significantly.
+
+Cc: stable@vger.kernel.org
+Fixes: 0888c321de70 ("pcm_native: switch to fdget()/fdput()")
+Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
+Link: https://lore.kernel.org/r/89c4a2487609a0ed6af3ecf01cc972bdc59a7a2d.1591634956.git.mirq-linux@rere.qmqm.pl
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ sound/core/pcm_native.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/sound/core/pcm_native.c
++++ b/sound/core/pcm_native.c
+@@ -1836,6 +1836,11 @@ static int snd_pcm_link(struct snd_pcm_s
+ 	}
+ 	pcm_file = f.file->private_data;
+ 	substream1 = pcm_file->substream;
++	if (substream == substream1) {
++		res = -EINVAL;
++		goto _badf;
++	}
++
+ 	group = kmalloc(sizeof(*group), GFP_KERNEL);
+ 	if (!group) {
+ 		res = -ENOMEM;
diff --git a/queue-4.4/series b/queue-4.4/series
index 98e9021d55e..ae3ec01cbe1 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -18,3 +18,4 @@ acpi-pm-avoid-using-power-resources-if-there-are-none-for-d0.patch
 cgroup-blkcg-prepare-some-symbols-for-module-and-config_cgroup-usages.patch
 nilfs2-fix-null-pointer-dereference-at-nilfs_segctor_do_construct.patch
 spi-bcm2835aux-fix-controller-unregister-order.patch
+alsa-pcm-disallow-linking-stream-to-itself.patch