]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit
projects / mirror_ubuntu-zesty-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 693ecef) | patch
ALSA: timer: Fix race between read and ioctl
authorTakashi Iwai <tiwai@suse.de>
Wed, 21 Jun 2017 16:56:01 +0000 (18:56 +0200)
committerThadeu Lima de Souza Cascardo <cascardo@canonical.com>
Wed, 28 Jun 2017 14:24:18 +0000 (11:24 -0300)
commit3e454fc944cea75a183e3d623d32f01bff316da1
treec5d6d42c7d030bb9fd7e43e2ba8d5c8e147d5117tree
parent693ecef42fe838354b98bc26bf0227245b24fcfccommit | diff
ALSA: timer: Fix race between read and ioctl

The read from ALSA timer device, the function snd_timer_user_tread(),
may access to an uninitialized struct snd_timer_user fields when the
read is concurrently performed while the ioctl like
snd_timer_user_tselect() is invoked.  We have already fixed the races
among ioctls via a mutex, but we seem to have forgotten the race
between read vs ioctl.

This patch simply applies (more exactly extends the already applied
range of) tu->ioctl_lock in snd_timer_user_tread() for closing the
race window.

Reported-by: Alexander Potapenko <glider@google.com>
Tested-by: Alexander Potapenko <glider@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
CVE-2017-1000380

(cherry-picked from commit d11662f4f798b50d8c8743f433842c3e40fe3378)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
sound/core/timer.c diff | blob | blame | history
ubuntu-zesty-kernel mirror