mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-11-01 02:21:16 +00:00
30d0db636f
commit 2a3f7221acddfe1caa9ff09b3a8158c39b2fdeac upstream. There is a small race window in the card disconnection code that allows the registration of another card with the very same card id. This leads to a warning in procfs creation as caught by syzkaller. The problem is that we delete snd_cards and snd_cards_lock entries at the very beginning of the disconnection procedure. This makes the slot available to be assigned for another card object while the disconnection procedure is being processed. Then it becomes possible to issue a procfs registration with the existing file name although we check the conflict beforehand. The fix is simply to move the snd_cards and snd_cards_lock clearances at the end of the disconnection procedure. The references to these entries are merely either from the global proc files like /proc/asound/cards or from the card registration / disconnection, so it should be fine to shift at the very end. Reported-by: syzbot+48df349490c36f9f54ab@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| aoa | ||
| arm | ||
| atmel | ||
| core | ||
| drivers | ||
| firewire | ||
| i2c | ||
| isa | ||
| mips | ||
| oss | ||
| parisc | ||
| pci | ||
| pcmcia | ||
| ppc | ||
| sh | ||
| soc | ||
| sparc | ||
| spi | ||
| synth | ||
| usb | ||
| ac97_bus.c | ||
| Kconfig | ||
| last.c | ||
| Makefile | ||
| sound_core.c | ||
| sound_firmware.c | ||