torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code
8629eea901
linux/sound/core/oss
History
Takashi Iwai 93a81ca065 ALSA: pcm: Fix race of buffer access at PCM OSS layer 
The PCM OSS layer tries to clear the buffer with the silence data at
initialization (or reconfiguration) of a stream with the explicit call
of snd_pcm_format_set_silence() with runtime->dma_area.  But this may
lead to a UAF because the accessed runtime->dma_area might be freed
concurrently, as it's performed outside the PCM ops.

For avoiding it, move the code into the PCM core and perform it inside
the buffer access lock, so that it won't be changed during the
operation.

Reported-by: syzbot+32d4647f551007595173@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/68164d8e.050a0220.11da1b.0019.GAE@google.com
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20250516080817.20068-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2025-05-16 10:09:02 +02:00
..
copy.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
io.c ALSA: pcm: Build OSS writev/readv helpers conditionally 2017-06-02 19:38:26 +02:00
linear.c ALSA: pcm: oss: Avoid potential buffer overflows 2019-12-04 15:51:30 +01:00
Makefile ALSA: core: Use *-y instead of *-objs in Makefile 2024-05-08 18:17:32 +02:00
mixer_oss.c ASoC: Fixes for v6.12 2024-10-02 21:29:16 +02:00
mulaw.c ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check 2020-09-01 15:18:33 +02:00
pcm_oss.c ALSA: pcm: Fix race of buffer access at PCM OSS layer 2025-05-16 10:09:02 +02:00
pcm_plugin.c ALSA: oss: Fix PCM OSS buffer allocation overflow 2022-03-18 14:01:07 +01:00
pcm_plugin.h ALSA: oss: Remove unused declarations 2024-08-16 12:28:12 +02:00
rate.c ALSA: Fix typos in comments across various files 2024-09-30 09:52:31 +02:00
route.c ALSA: pcm: oss: Avoid potential buffer overflows 2019-12-04 15:51:30 +01:00