git.baikalelectronics.ru Git - kernel.git/commit

author	Takashi Iwai <tiwai@suse.de>
	Tue, 4 Aug 2020 18:58:15 +0000 (20:58 +0200)
committer	Takashi Iwai <tiwai@suse.de>
	Wed, 5 Aug 2020 06:27:39 +0000 (08:27 +0200)
commit	3b6d7cc67e079d92b23f9c13416f31509b1abf7c
tree	ba9fb7af0995bfefbef4c4ad7cb23a3ad0a45546	tree \| snapshot
parent	de2fdb852ecc602e7ffab124d80d4a74d31b21bd	commit \| diff

ALSA: seq: oss: Serialize ioctls

Some ioctls via OSS sequencer API may race and lead to UAF when the
port create and delete are performed concurrently, as spotted by a
couple of syzkaller cases. This patch is an attempt to address it by
serializing the ioctls with the existing register_mutex.

Basically OSS sequencer API is an obsoleted interface and was designed
without much consideration of the concurrency. There are very few
applications with it, and the concurrent performance isn't asked,
hence this "big hammer" approach should be good enough.

Reported-by: syzbot+1a54a94bd32716796edd@syzkaller.appspotmail.com
Reported-by: syzbot+9d2abfef257f3e2d4713@syzkaller.appspotmail.com
Suggested-by: Hillf Danton <hdanton@sina.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200804185815.2453-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>