Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/sound
History
Takashi Iwai 0fad971542 ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT 
snd_timer_user_tselect() reallocates the queue buffer dynamically, but
it forgot to reset its indices.  Since the read may happen
concurrently with ioctl and snd_timer_user_tselect() allocates the
buffer via kmalloc(), this may lead to the leak of uninitialized
kernel-space data, as spotted via KMSAN:

  BUG: KMSAN: use of unitialized memory in snd_timer_user_read+0x6c4/0xa10
  CPU: 0 PID: 1037 Comm: probe Not tainted 4.11.0-rc5+ #2739
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
  Call Trace:
   __dump_stack lib/dump_stack.c:16
   dump_stack+0x143/0x1b0 lib/dump_stack.c:52
   kmsan_report+0x12a/0x180 mm/kmsan/kmsan.c:1007
   kmsan_check_memory+0xc2/0x140 mm/kmsan/kmsan.c:1086
   copy_to_user ./arch/x86/include/asm/uaccess.h:725
   snd_timer_user_read+0x6c4/0xa10 sound/core/timer.c:2004
   do_loop_readv_writev fs/read_write.c:716
   __do_readv_writev+0x94c/0x1380 fs/read_write.c:864
   do_readv_writev fs/read_write.c:894
   vfs_readv fs/read_write.c:908
   do_readv+0x52a/0x5d0 fs/read_write.c:934
   SYSC_readv+0xb6/0xd0 fs/read_write.c:1021
   SyS_readv+0x87/0xb0 fs/read_write.c:1018

This patch adds the missing reset of queue indices.  Together with the
previous fix for the ioctl/read race, we cover the whole problem.

Change-Id: I5143563a56255d4063992e75f360972658b3eb21
Reported-by: Alexander Potapenko <glider@google.com>
Tested-by: Alexander Potapenko <glider@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-07-17 05:10:10 +00:00
..
aoa
arm ARM: cleanups of io includes 2012-03-29 18:02:10 -07:00
atmel
compress_offload Fixes for 1. fixes for comments recieved on alsa-devel 2013-02-25 11:41:23 -08:00
core ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT 2017-07-17 05:10:10 +00:00
drivers Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
firewire IEEE 1394 (FireWire) subsystem updates post v3.3: 2012-03-22 20:31:15 -07:00
i2c [media] tea575x: fix HW seek 2012-03-19 11:28:52 -03:00
isa ALSA: sound/isa/sscape.c: add missing resource-release code 2012-04-10 08:42:07 +02:00
mips
oss sound: sound/oss/msnd_pinnacle.c: add vfrees 2012-04-10 08:41:54 +02:00
parisc
pci sound fixes for 3.4 2012-05-16 14:29:45 -07:00
pcmcia
ppc
sh
soc ASoC: msm: qdsp6v2: set pointer to NULL after free. 2017-06-26 20:42:03 +03:00
sparc
spi
synth
usb ALSA: usb-audio: Fix double-free in error paths after snd_usb_add_audio_stream() call 2016-11-11 13:37:28 +11:00
ac97_bus.c
Kconfig
last.c ALSA: workaround: change the timing of alsa_sound_last_init() 2012-04-19 13:51:54 +02:00
Makefile
sound_core.c
sound_firmware.c