linux-sg2042/sound/core
Takashi Iwai 4842e98f26 ALSA: seq: Fix race at creating a queue
When a sequencer queue is created in snd_seq_queue_alloc(),it adds the
new queue element to the public list before referencing it.  Thus the
queue might be deleted before the call of snd_seq_queue_use(), and it
results in the use-after-free error, as spotted by syzkaller.

The fix is to reference the queue object at the right time.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-02-08 12:42:37 +01:00
..
oss ALSA: oss: don't opencode IS_REACHABLE() 2016-11-12 10:12:00 +01:00
seq ALSA: seq: Fix race at creating a queue 2017-02-08 12:42:37 +01:00
Kconfig ALSA: timer: remove legacy rtctimer 2016-04-25 10:41:46 +02:00
Makefile ALSA: timer: remove legacy rtctimer 2016-04-25 10:41:46 +02:00
compress_offload.c ALSA: compress: fix some missing and misplaced \n in messages 2016-09-16 19:24:13 +02:00
control.c Merge branch 'for-next' into for-linus 2016-07-25 17:01:14 +02:00
control_compat.c ALSA: ctl: change return value in compatibility layer so that it's the same value in core implementation 2016-03-17 14:11:36 +01:00
ctljack.c ALSA: jack: Fix endless loop at unique index detection 2015-06-26 06:59:57 +02:00
device.c Merge branch 'topic/hda-unbind' into for-next 2015-03-16 14:48:20 +01:00
hrtimer.c ktime: Get rid of the union 2016-12-25 17:21:22 +01:00
hwdep.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
hwdep_compat.c [PATCH] hwdep_compat missed __user annotations 2006-10-10 15:37:21 -07:00
info.c ALSA: info: Return error for invalid read/write 2016-11-08 14:37:26 +01:00
info_oss.c ALSA: core: Clean up OSS proc file management 2015-04-24 17:31:08 +02:00
init.c ALSA: hda_intel: add card number to irq description 2016-01-12 21:05:16 +01:00
isadma.c ALSA: core: Use standard printk helpers 2014-02-14 08:14:15 +01:00
jack.c ALSA: jack: Allow building the jack layer without input device 2016-02-23 09:03:07 +01:00
memalloc.c genalloc: rename of_get_named_gen_pool() to of_gen_pool_get() 2015-06-30 19:45:01 -07:00
memory.c ALSA: Include linux/uaccess.h and linux/bitopts.h instead of asm/* 2015-01-28 17:25:07 +01:00
misc.c printk/sound: handle more message headers 2016-12-12 18:55:09 -08:00
pcm.c ALSA: pcm: Free chmap at PCM free callback, too 2016-07-08 09:15:44 +02:00
pcm_compat.c ALSA: pcm: Fix ioctls for X32 ABI 2016-02-28 17:44:35 +01:00
pcm_dmaengine.c ASoC: dmaengine_pcm: Add support for packed transfers 2016-04-27 17:34:11 +01:00
pcm_drm_eld.c ALSA: pcm: add DRM ELD helper 2015-05-22 16:01:44 +02:00
pcm_iec958.c ALSA: pcm: Allow 32 bit sample format in IEC958 channel status helper 2016-04-06 14:33:38 -07:00
pcm_lib.c ALSA: pcm: Bail out when chmap is already present 2016-05-10 17:05:16 +02:00
pcm_memory.c ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
pcm_misc.c ALSA: pcm: Add snd_pcm_rate_range_to_bits() 2016-02-05 18:49:00 +00:00
pcm_native.c ALSA: pcm: Fix avail to return error if stream is suspended 2016-09-06 12:10:29 +02:00
pcm_timer.c ALSA: pcm: Use standard printk helpers 2014-02-14 08:14:15 +01:00
pcm_trace.h ALSA: pcm: Replace PCM hwptr tracking with tracepoints 2014-11-04 14:09:14 +01:00
rawmidi.c ALSA: rawmidi: don't opencode IS_REACHABLE() 2016-11-12 10:11:52 +01:00
rawmidi_compat.c ALSA: rawmidi: Fix ioctls X32 ABI 2016-02-28 17:44:51 +01:00
sgbuf.c ALSA: core: Deletion of unnecessary checks before two function calls 2014-11-21 20:06:57 +01:00
sound.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
sound_oss.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
timer.c ALSA: timer: Fix zero-division by continue of uninitialized instance 2016-09-08 10:45:05 +02:00
timer_compat.c ALSA: timer: fix gparams ioctl compatibility for different architectures 2016-03-23 08:06:16 +01:00
vmaster.c ALSA: core: Use standard printk helpers 2014-02-14 08:14:15 +01:00