OpenCloudOS-Kernel/sound
Takashi Iwai 1f9b52756c ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
commit 92ee3c60ec upstream.

Currently we have neither proper check nor protection against the
concurrent calls of PCM hw_params and hw_free ioctls, which may result
in a UAF.  Since the existing PCM stream lock can't be used for
protecting the whole ioctl operations, we need a new mutex to protect
those racy calls.

This patch introduced a new mutex, runtime->buffer_mutex, and applies
it to both hw_params and hw_free ioctl code paths.  Along with it, the
both functions are slightly modified (the mmap_count check is moved
into the state-check block) for code simplicity.

Reported-by: Hu Jiahui <kirin.say@gmail.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20220322170720.3529-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
[OP: backport to 5.4: adjusted context]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: samuelliao <samuelliao@tencent.com>
2024-06-11 20:41:27 +08:00
..
ac97 ALSA: ac97: Fix double free of ac97_codec_device 2019-07-23 14:16:11 +02:00
aoa ALSA: aoa: onyx: always initialize register read value 2019-07-29 09:21:39 +02:00
arm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
atmel treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
core ALSA: pcm: Fix races among concurrent hw_params and hw_free calls 2024-06-11 20:41:27 +08:00
drivers ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
firewire ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
hda HDA driver support for Phytium desktop 2024-06-11 20:40:53 +08:00
i2c ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() 2019-07-26 14:25:37 +02:00
isa ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
mips treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 176 2019-05-30 11:29:19 -07:00
oss sound: dmasound_atari: Mark expected switch fall-through 2019-07-30 09:36:13 +02:00
parisc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 176 2019-05-30 11:29:19 -07:00
pci HDA driver support for Phytium desktop 2024-06-11 20:40:53 +08:00
pcmcia treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
ppc ALSA: ps3: Remove Unneeded variable: "ret" 2019-07-10 11:53:31 +02:00
sh tkernel: add base tlinux kernel interfaces 2024-06-11 20:09:33 +08:00
soc I2S driver support for Phytium CPUs 2024-06-11 20:41:05 +08:00
sparc ALSA: sparc: Mark expected switch fall-throughs 2019-07-30 09:37:01 +02:00
spi treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
synth treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
usb ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
x86 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 285 2019-06-05 17:36:37 +02:00
xen ASoC: Updates for v5.3 2019-07-08 14:45:34 +02:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile
ac97_bus.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
last.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
sound_core.c sound: fix a memory leak bug 2019-08-08 08:18:32 +02:00