Commit f5bc918
ALSA: timer: Fix race between read and ioctl
commit d11662f4f798b50d8c8743f433842c3e40fe3378 upstream.
The read from ALSA timer device, the function snd_timer_user_tread(),
may access to an uninitialized struct snd_timer_user fields when the
read is concurrently performed while the ioctl like
snd_timer_user_tselect() is invoked. We have already fixed the races
among ioctls via a mutex, but we seem to have forgotten the race
between read vs ioctl.
This patch simply applies (more exactly extends the already applied
range of) tu->ioctl_lock in snd_timer_user_tread() for closing the
race window.
Reported-by: Alexander Potapenko <glider@google.com>
Tested-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>1 parent 5dffc1b commit f5bc918
1 file changed
Lines changed: 4 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1958 | 1958 | | |
1959 | 1959 | | |
1960 | 1960 | | |
| 1961 | + | |
1961 | 1962 | | |
1962 | 1963 | | |
1963 | 1964 | | |
| |||
1973 | 1974 | | |
1974 | 1975 | | |
1975 | 1976 | | |
| 1977 | + | |
1976 | 1978 | | |
| 1979 | + | |
1977 | 1980 | | |
1978 | 1981 | | |
1979 | 1982 | | |
| |||
1993 | 1996 | | |
1994 | 1997 | | |
1995 | 1998 | | |
1996 | | - | |
1997 | 1999 | | |
1998 | 2000 | | |
1999 | 2001 | | |
| |||
2003 | 2005 | | |
2004 | 2006 | | |
2005 | 2007 | | |
2006 | | - | |
2007 | 2008 | | |
2008 | 2009 | | |
2009 | 2010 | | |
| |||
2013 | 2014 | | |
2014 | 2015 | | |
2015 | 2016 | | |
| 2017 | + | |
2016 | 2018 | | |
2017 | 2019 | | |
2018 | 2020 | | |
| |||
0 commit comments