Skip to content

GitLab

Switch branch/tag
History Find file
Clone
ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
Takashi Iwai authored 
commit ba3021b2

 upstream.

snd_timer_user_tselect() reallocates the queue buffer dynamically, but
it forgot to reset its indices.  Since the read may happen
concurrently with ioctl and snd_timer_user_tselect() allocates the
buffer via kmalloc(), this may lead to the leak of uninitialized
kernel-space data, as spotted via KMSAN:

  BUG: KMSAN: use of unitialized memory in snd_timer_user_read+0x6c4/0xa10
  CPU: 0 PID: 1037 Comm: probe Not tainted 4.11.0-rc5+ #2739
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
  Call Trace:
   __dump_stack lib/dump_stack.c:16
   dump_stack+0x143/0x1b0 lib/dump_stack.c:52
   kmsan_report+0x12a/0x180 mm/kmsan/kmsan.c:1007
   kmsan_check_memory+0xc2/0x140 mm/kmsan/kmsan.c:1086
   copy_to_user ./arch/x86/include/asm/uaccess.h:725
   snd_timer_user_read+0x6c4/0xa10 sound/core/timer.c:2004
   do_loop_readv_writev fs/read_write.c:716
   __do_readv_writev+0x94c/0x1380 fs/read_write.c:864
   do_readv_writev fs/read_write.c:894
   vfs_readv fs/read_write.c:908
   do_readv+0x52a/0x5d0 fs/read_write.c:934
   SYSC_readv+0xb6/0xd0 fs/read_write.c:1021
   SyS_readv+0x87/0xb0 fs/read_write.c:1018

This patch adds the missing reset of queue indices.  Together with the
previous fix for the ioctl/read race, we cover the whole problem.
Reported-by: default avatarAlexander Potapenko <glider@google.com>
Tested-by: default avatarAlexander Potapenko <glider@google.com>
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
6d4bee66
Name Last commit Last update
Documentation Revert "ACPI / button: Remove lid_init_state=method mode"
arch x86/microcode/intel: Clear patch pointer before jettisoning the initrd
block block: Avoid that blk_exit_rl() triggers a use-after-free
certs certs: Add a secondary system keyring that can be added to dynamically
crypto crypto: gcm - wait for crypto op not signal safe
drivers drm/nouveau/tmr: fully separate alarm execution/pending lists
firmware WHENCE: use https://linuxtv.org for LinuxTV URLs
fs Btrfs: fix delalloc accounting leak caused by u32 overflow
include srcu: Allow use of Classic SRCU from both process and interrupt context
init initramfs: avoid "label at end of compound statement" error
ipc Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
kernel srcu: Allow use of Classic SRCU from both process and interrupt context
lib bpf, arm64: fix jit branch offset related to ldimm64
mm slub/memcg: cure the brainless abuse of sysfs attributes
net net: bridge: fix a null pointer dereference in br_afspec
samples statx: Include a mask for stx_attributes in struct statx
scripts Merge tag 'kbuild-fixes-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
security KEYS: encrypted: avoid encrypting/decrypting stack buffers
sound ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
tools perf annotate s390: Implement jump types for perf annotate
usr kbuild: initramfs cleanup, set target from Kconfig
virt KVM: arm/arm64: vgic-v3: Do not use Active+Pending state for a HW interrupt
.cocciconfig scripts: add Linux .cocciconfig for coccinelle
.get_maintainer.ignore Add hch to .get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile
README
README
Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7