linux/sound/core
Takashi Iwai f784beb75c ALSA: timer: Fix link corruption due to double start or stop
Although ALSA timer code got hardening for races, it still causes
use-after-free error.  This is however rather a corrupted linked list,
not actually the concurrent accesses.  Namely, when timer start is
triggered twice, list_add_tail() is called twice, too.  This ends
up with the link corruption and triggers KASAN error.

The simplest fix would be replacing list_add_tail() with
list_move_tail(), but fundamentally it's the problem that we don't
check the double start/stop correctly.  So, the right fix here is to
add the proper checks to snd_timer_start() and snd_timer_stop() (and
their variants).

BugLink: http://lkml.kernel.org/r/CACT4Y+ZyPRoMQjmawbvmCEDrkBD2BQuH7R09=eOkf5ESK8kJAw@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-02-01 12:23:29 +01:00
..
oss ALSA: pcm: Fix potential deadlock in OSS emulation 2016-02-01 12:23:29 +01:00
seq ALSA: seq: Fix yet another races among ALSA timer accesses 2016-02-01 12:23:29 +01:00
compress_offload.c ALSA: compress: Disable GET_CODEC_CAPS ioctl for some architectures 2016-01-25 20:27:33 +01:00
control_compat.c ALSA: control: Use standard printk helpers 2014-02-14 08:14:14 +01:00
control.c ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0 2016-01-18 14:40:07 +01:00
ctljack.c ALSA: jack: Fix endless loop at unique index detection 2015-06-26 06:59:57 +02:00
device.c Merge branch 'topic/hda-unbind' into for-next 2015-03-16 14:48:20 +01:00
hrtimer.c ALSA: hrtimer: Fix stall by hrtimer_cancel() 2016-01-18 14:33:30 +01:00
hwdep_compat.c [PATCH] hwdep_compat missed __user annotations 2006-10-10 15:37:21 -07:00
hwdep.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
info_oss.c ALSA: core: Clean up OSS proc file management 2015-04-24 17:31:08 +02:00
info.c ALSA: info: Drop kerneldoc comment from snd_info_create_entry() 2015-05-18 09:45:11 +02:00
init.c ALSA: hda_intel: add card number to irq description 2016-01-12 21:05:16 +01:00
isadma.c ALSA: core: Use standard printk helpers 2014-02-14 08:14:15 +01:00
jack.c ALSA: jack: Remove MODULE_*() macros 2015-05-21 11:32:51 +02:00
Kconfig ALSA: timer: fix SND_PCM_TIMER Kconfig text 2016-01-28 07:23:12 +01:00
Makefile ALSA: timer: add config item to export PCM timer disabling for expert 2015-10-16 14:31:38 +02:00
memalloc.c genalloc: rename of_get_named_gen_pool() to of_gen_pool_get() 2015-06-30 19:45:01 -07:00
memory.c ALSA: Include linux/uaccess.h and linux/bitopts.h instead of asm/* 2015-01-28 17:25:07 +01:00
misc.c ALSA: Allow pass NULL dev for snd_pci_quirk_lookup() 2014-10-08 12:08:38 +02:00
pcm_compat.c ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode 2016-01-18 14:39:00 +01:00
pcm_dmaengine.c ALSA: pcm_dmaengine: Properly synchronize DMA on shutdown 2015-11-16 08:28:52 +05:30
pcm_drm_eld.c ALSA: pcm: add DRM ELD helper 2015-05-22 16:01:44 +02:00
pcm_iec958.c ALSA: pcm: add IEC958 channel status helper 2015-05-22 16:01:47 +02:00
pcm_lib.c ALSA: Constify ratden/ratnum constraints 2015-10-28 11:42:22 +01:00
pcm_memory.c ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
pcm_misc.c ALSA: pcm: Add big-endian DSD sample formats and fix XMOS DSD sample format 2014-11-21 15:13:28 +01:00
pcm_native.c ALSA: pcm: constify action_ops structures 2015-11-30 11:39:13 +01:00
pcm_timer.c ALSA: pcm: Use standard printk helpers 2014-02-14 08:14:15 +01:00
pcm_trace.h ALSA: pcm: Replace PCM hwptr tracking with tracepoints 2014-11-04 14:09:14 +01:00
pcm.c ALSA: pcm: remove structure member of 'struct snd_pcm_hwptr_log *' type because this structure had been removed 2015-09-13 12:03:15 +02:00
rawmidi_compat.c [ALSA] Remove xxx_t typedefs: Raw MIDI 2006-01-03 12:17:35 +01:00
rawmidi.c ALSA: rawmidi: Remove kernel WARNING for NULL user-space buffer check 2016-02-01 12:22:59 +01:00
rtctimer.c ALSA: timer: Use standard printk helpers 2014-02-14 08:14:17 +01:00
sgbuf.c ALSA: core: Deletion of unnecessary checks before two function calls 2014-11-21 20:06:57 +01:00
sound_oss.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
sound.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
timer_compat.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
timer.c ALSA: timer: Fix link corruption due to double start or stop 2016-02-01 12:23:29 +01:00
vmaster.c ALSA: core: Use standard printk helpers 2014-02-14 08:14:15 +01:00