git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit

author	Takashi Iwai <tiwai@suse.de>
	Tue, 18 May 2021 08:39:39 +0000 (10:39 +0200)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Thu, 15 Jul 2021 17:22:06 +0000 (19:22 +0200)
commit	d9cb3d34bd1182b1b6c1851b529a0acbc855e82c
tree	9dded48373e3ea6541d3c790bac0c5c11ab2b73e	tree
parent	2ab9718018f014127116336b0e7c31f941018abc	commit \| diff

ALSA: line6: Fix racy initialization of LINE6 MIDI

BugLink: https://bugs.launchpad.net/bugs/1931896
commit 05ca447630334c323c9e2b788b61133ab75d60d3 upstream.

The initialization of MIDI devices that are found on some LINE6
drivers are currently done in a racy way; namely, the MIDI buffer
instance is allocated and initialized in each private_init callback
while the communication with the interface is already started via
line6_init_cap_control() call before that point. This may lead to
Oops in line6_data_received() when a spurious event is received, as
reported by syzkaller.

This patch moves the MIDI initialization to line6_init_cap_control()
as well instead of the too-lately-called private_init for avoiding the
race. Also this reduces slightly more lines, so it's a win-win
change.

Reported-by: syzbot+0d2b3feb0a2887862e06@syzkallerlkml..appspotmail.com
Link: https://lore.kernel.org/r/000000000000a4be9405c28520de@google.com
Link: https://lore.kernel.org/r/20210517132725.GA50495@hyeyoo
Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210518083939.1927-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>

sound/usb/line6/driver.c		diff \| blob \| blame \| history
sound/usb/line6/pod.c		diff \| blob \| blame \| history
sound/usb/line6/variax.c		diff \| blob \| blame \| history