git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Takashi Iwai <tiwai@suse.de>
	Mon, 5 Mar 2018 21:06:09 +0000 (22:06 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 18 Mar 2018 10:17:50 +0000 (11:17 +0100)
commit	51606ddec9b34dfa3aa5616edce81509b1d7e0b5
tree	9606bb8bf404285699dee569b95998ae1ac7d923	tree
parent	2b1d533fb743a2bb32fc4eaafa2d4fd21d909d34	commit \| diff

ALSA: seq: More protection for concurrent write and ioctl races

commit 7bd80091567789f1c0cb70eb4737aac8bcd2b6b9 upstream.

This patch is an attempt for further hardening against races between
the concurrent write and ioctls. The previous fix d15d662e89fc
("ALSA: seq: Fix racy pool initializations") covered the race of the
pool initialization at writer and the pool resize ioctl by the
client->ioctl_mutex (CVE-2018-1000004). However, basically this mutex
should be applied more widely to the whole write operation for
avoiding the unexpected pool operations by another thread.

The only change outside snd_seq_write() is the additional mutex
argument to helper functions, so that we can unlock / relock the given
mutex temporarily during schedule() call for blocking write.

Fixes: d15d662e89fc ("ALSA: seq: Fix racy pool initializations")
Reported-by: 范龙飞 <long7573@126.com>
Reported-by: Nicolai Stange <nstange@suse.de>
Reviewed-and-tested-by: Nicolai Stange <nstange@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

sound/core/seq/seq_clientmgr.c		diff \| blob \| blame \| history
sound/core/seq/seq_fifo.c		diff \| blob \| blame \| history
sound/core/seq/seq_memory.c		diff \| blob \| blame \| history
sound/core/seq/seq_memory.h		diff \| blob \| blame \| history