From: Greg Kroah-Hartman Date: Wed, 29 Jan 2020 10:09:05 +0000 (+0100) Subject: 4.9-stable patches X-Git-Tag: v4.14.169~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c8c0bf4753ae6f1b4414f785bbaa926a64720cca;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: alsa-pcm-add-missing-copy-ops-check-before-clearing-buffer.patch --- diff --git a/queue-4.9/alsa-pcm-add-missing-copy-ops-check-before-clearing-buffer.patch b/queue-4.9/alsa-pcm-add-missing-copy-ops-check-before-clearing-buffer.patch new file mode 100644 index 00000000000..cd5073fc509 --- /dev/null +++ b/queue-4.9/alsa-pcm-add-missing-copy-ops-check-before-clearing-buffer.patch @@ -0,0 +1,44 @@ +From tiwai@suse.de Wed Jan 29 10:53:42 2020 +From: Takashi Iwai +Date: Wed, 29 Jan 2020 10:40:41 +0100 +Subject: ALSA: pcm: Add missing copy ops check before clearing buffer +To: Greg Kroah-Hartman +Cc: Andreas Schneider , stable@vger.kernel.org, linux-kernel@vger.kernel.org +Message-ID: <20200129094041.12272-1-tiwai@suse.de> + +From: Takashi Iwai + +[ this is a fix specific to 4.4.y and 4.9.y stable trees; + 4.14.y and older already contain the right fix ] + +The stable 4.4.y and 4.9.y backports of the upstream commit +add9d56d7b37 ("ALSA: pcm: Avoid possible info leaks from PCM stream +buffers") dropped the check of substream->ops->copy_user as copy_user +is a new member that isn't present in the older kernels. +Although upstream drivers should work without this NULL check, it may +cause a regression with a downstream driver that sets some +inaccessible address to runtime->dma_area, leading to a crash at +worst. + +Since such drivers must have ops->copy member on older kernels instead +of ops->copy_user, this patch adds the missing check of ops->copy for +fixing the regression. + +Reported-and-tested-by: Andreas Schneider +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/core/pcm_native.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/core/pcm_native.c ++++ b/sound/core/pcm_native.c +@@ -588,7 +588,7 @@ static int snd_pcm_hw_params(struct snd_ + runtime->boundary *= 2; + + /* clear the buffer for avoiding possible kernel info leaks */ +- if (runtime->dma_area) ++ if (runtime->dma_area && !substream->ops->copy) + memset(runtime->dma_area, 0, runtime->dma_bytes); + + snd_pcm_timer_resolution_change(substream);