From: Takashi Iwai Date: Mon, 19 Feb 2018 16:16:01 +0000 (+0100) Subject: ALSA: seq: Fix regression by incorrect ioctl_mutex usages X-Git-Tag: v4.1.12-124.31.3~381 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=7806b57b7186cfa05ef2dce9964bc82900438adf;p=users%2Fjedix%2Flinux-maple.git ALSA: seq: Fix regression by incorrect ioctl_mutex usages This is the revised backport of the upstream commit b3defb791b26ea0683a93a4f49c77ec45ec96f10 We had another backport (e.g. 623e5c8ae32b in 4.4.115), but it applies the new mutex also to the code paths that are invoked via faked kernel-to-kernel ioctls. As reported recently, this leads to a deadlock at suspend (or other scenarios triggering the kernel sequencer client). This patch addresses the issue by taking the mutex only in the code paths invoked by user-space, just like the original fix patch does. Reported-and-tested-by: Andres Bertens Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman Orabug: 29005188 CVE: CVE-2018-1000004 (cherry picked from commit 8e8992a93d66adb640631a6778a5110f01118202) Signed-off-by: Dan Duval Reviewed-by: Jack Vogel Signed-off-by: Brian Maly --- diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c index 85a48e78263b..c7a1bad8932c 100644 --- a/sound/core/seq/seq_clientmgr.c +++ b/sound/core/seq/seq_clientmgr.c @@ -2224,11 +2224,15 @@ static int snd_seq_do_ioctl(struct snd_seq_client *client, unsigned int cmd, static long snd_seq_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { struct snd_seq_client *client = file->private_data; + long ret; if (snd_BUG_ON(!client)) return -ENXIO; - return snd_seq_do_ioctl(client, cmd, (void __user *) arg); + mutex_lock(&client->ioctl_mutex); + ret = snd_seq_do_ioctl(client, cmd, (void __user *) arg); + mutex_unlock(&client->ioctl_mutex); + return ret; } #ifdef CONFIG_COMPAT