ALSA: pcm: Add missing copy ops check before clearing buffer

BugLink: https://bugs.launchpad.net/bugs/1864774 [ this is a fix specific to 4.4.y and 4.9.y stable trees; 4.14.y and older already contain the right fix ] The stable 4.4.y and 4.9.y backports of the upstream commit add9d56d ("ALSA: pcm: Avoid possible info leaks from PCM stream buffers") dropped the check of substream->ops->copy_user as copy_user is a new member that isn't present in the older kernels. Although upstream drivers should work without this NULL check, it may cause a regression with a downstream driver that sets some inaccessible address to runtime->dma_area, leading to a crash at worst. Since such drivers must have ops->copy member on older kernels instead of ops->copy_user, this patch adds the missing check of ops->copy for fixing the regression. Reported-and-tested-by: Andreas Schneider <asn@cryptomilk.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

ALSA: pcm: Add missing copy ops check before clearing buffer
BugLink: https://bugs.launchpad.net/bugs/1864774 [ this is a fix specific to 4.4.y and 4.9.y stable trees; 4.14.y and older already contain the right fix ] The stable 4.4.y and 4.9.y backports of the upstream commit add9d56d ("ALSA: pcm: Avoid possible info leaks from PCM stream buffers") dropped the check of substream->ops->copy_user as copy_user is a new member that isn't present in the older kernels. Although upstream drivers should work without this NULL check, it may cause a regression with a downstream driver that sets some inaccessible address to runtime->dma_area, leading to a crash at worst. Since such drivers must have ops->copy member on older kernels instead of ops->copy_user, this patch adds the missing check of ops->copy for fixing the regression. Reported-and-tested-by: Andreas Schneider <asn@cryptomilk.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
a48c00f6 · Takashi Iwai · Khalid Elmously · d91009ce · a48c00f6
Commit a48c00f6 authored Jan 29, 2020 by Takashi Iwai Committed by Khalid Elmously Mar 15, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

sound/core/pcm_native.c sound/core/pcm_native.c +1 -1

No files found.
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
@@ -588,7 +588,7 @@ static int snd_pcm_hw_params(struct snd_pcm_substream *substream,
 		runtime->boundary *= 2;
 	/* clear the buffer for avoiding possible kernel info leaks */
-	if (runtime->dma_area)
+	if (runtime->dma_area && !substream->ops->copy)
 		memset(runtime->dma_area, 0, runtime->dma_bytes);
 	snd_pcm_timer_resolution_change(substream);