www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Takashi Iwai <tiwai@suse.de>
	Tue, 9 Jan 2018 22:11:03 +0000 (23:11 +0100)
committer	Brian Maly <brian.maly@oracle.com>
	Wed, 15 Aug 2018 21:23:34 +0000 (17:23 -0400)
commit	7914cec67e200dfff60253c0fb429c82f681c718
tree	f9ca1c6e675ac0211e230fe3bc7201fd61f1ceb9	tree
parent	4d052e735b9ff705989a5ecb2b50f92076aaefc0	commit \| diff

ALSA: seq: Make ioctls race-free

commit b3defb791b26ea0683a93a4f49c77ec45ec96f10 upstream.

The ALSA sequencer ioctls have no protection against racy calls while
the concurrent operations may lead to interfere with each other. As
reported recently, for example, the concurrent calls of setting client
pool with a combination of write calls may lead to either the
unkillable dead-lock or UAF.

As a slightly big hammer solution, this patch introduces the mutex to
make each ioctl exclusive. Although this may reduce performance via
parallel ioctl calls, usually it's not demanded for sequencer usages,
hence it should be negligible.

Reported-by: Luo Quan <a4651386@163.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit c3162384aed4cfe3f1a1f40041f3ba8cd7704d88)
Signed-off-by: Brian Maly <brian.maly@oracle.com>
Conflicts:
sound/core/seq/seq_clientmgr.c

Orabug: 28459728
CVE: CVE-2018-7566

Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Allen Pais <allen.pais@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>

sound/core/seq/seq_clientmgr.c		diff \| blob \| history
sound/core/seq/seq_clientmgr.h		diff \| blob \| history