• Takashi Iwai's avatar
    ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation · ad811550
    Takashi Iwai authored
    commit e15dc99d upstream.
    
    The commit 02a5d692 ("ALSA: pcm: Avoid potential races between OSS
    ioctls and read/write") split the PCM preparation code to a locked
    version, and it added a sanity check of runtime->oss.prepare flag
    along with the change.  This leaded to an endless loop when the stream
    gets XRUN: namely, snd_pcm_oss_write3() and co call
    snd_pcm_oss_prepare() without setting runtime->oss.prepare flag and
    the loop continues until the PCM state reaches to another one.
    
    As the function is supposed to execute the preparation
    unconditionally, drop the invalid state check there.
    
    The bug was triggered by syzkaller.
    
    Fixes: 02a5d692 ("ALSA: pcm: Avoid potential races between OSS ioctls and read/write")
    Reported-by: syzbot+150189c103427d31a053@syzkaller.appspotmail.com
    Reported-by: syzbot+7e3f31a52646f939c052@syzkaller.appspotmail.com
    Reported-by: syzbot+4f2016cf5185da7759dc@syzkaller.appspotmail.com
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    ad811550
pcm_oss.c 88.3 KB