]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commit
projects / mirror_ubuntu-focal-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1cc4c5e) | patch
ALSA: usb-audio: Fix potential use-after-free of streams
authorTakashi Iwai <tiwai@suse.de>
Tue, 16 Jun 2020 12:09:21 +0000 (14:09 +0200)
committerKhalid Elmously <khalid.elmously@canonical.com>
Sat, 8 Aug 2020 05:53:12 +0000 (01:53 -0400)
commit715155c306a81cba6d873c0c2e8c7988c8fd4098
treeb1da7d80c07083837d63604e059fa762e3cc6330tree
parent1cc4c5ef54cc5a6569457e9686e855f5977b7bbdcommit | diff
ALSA: usb-audio: Fix potential use-after-free of streams

BugLink: https://bugs.launchpad.net/bugs/1885942
[ Upstream commit ff58bbc7b9704a5869204176f804eff57307fef0 ]

With the recent full-duplex support of implicit feedback streams, an
endpoint can be still running after closing the capture stream as long
as the playback stream with the sync-endpoint is running.  In such a
state, the URBs are still be handled and they may call retire_data_urb
callback, which tries to transfer the data from the PCM buffer.  Since
the PCM stream gets closed, this may lead to use-after-free.

This patch adds the proper clearance of the callback at stopping the
capture stream for addressing the possible UAF above.

Fixes: 10ce77e4817f ("ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback")
Link: https://lore.kernel.org/r/20200616120921.12249-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
sound/usb/pcm.c diff | blob | blame | history
Ubuntu Focal Linux kernel mirror