superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/sound/core
History
Takashi Iwai 901ac0ff15 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger 
Currently the runtime.oss.trigger field may be accessed concurrently
without protection, which may lead to the data race.  And, in this
case, it may lead to more severe problem because it's a bit field; as
writing the data, it may overwrite other bit fields as well, which
confuses the operation completely, as spotted by fuzzing.

Fix it by covering runtime.oss.trigger bit fled also with the existing
params_lock mutex in both snd_pcm_oss_get_trigger() and
snd_pcm_oss_poll().

Reported-and-tested-by: Jaeyoung Chung <jjy600901@snu.ac.kr>
Closes: https://lore.kernel.org/20260423145330.210035-1-jjy600901@snu.ac.kr
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20260424112205.123703-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
 		2026-04-27 13:49:58 +02:00
..
oss ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger 2026-04-27 13:49:58 +02:00
seq ALSA: seq_oss: return full count for successful SEQ_FULLSIZE writes 2026-03-27 14:40:24 +01:00
.kunitconfig ALSA: core: add kunitconfig 2024-03-17 09:36:45 +01:00
Kconfig ALSA: Do not build obsolete API 2025-12-07 13:15:59 +01:00
Makefile ALSA: control: Verify put() result when in debug mode 2026-02-28 09:32:39 +01:00
compress_offload.c ALSA: compress: Pay attention if drivers error out retrieving pointers 2026-04-02 11:10:28 +02:00
control.c ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() 2026-04-14 15:31:10 +02:00
control_compat.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
control_led.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
control_trace.h ALSA: control: Verify put() result when in debug mode 2026-02-28 09:32:39 +01:00
ctljack.c ALSA: jack: Improve string handling in jack_kctl_name_gen 2026-01-27 09:58:37 +01:00
device.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
hrtimer.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
hwdep.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
hwdep_compat.c ALSA: compat_ioctl: avoid compat_alloc_user_space 2020-09-21 10:37:07 +02:00
info.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
info_oss.c ALSA: info: Use guard() for locking 2024-02-28 15:01:21 +01:00
init.c ALSA: control: Verify put() result when in debug mode 2026-02-28 09:32:39 +01:00
isadma.c sound updates for 6.0-rc1 2022-08-06 10:19:51 -07:00
jack.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
memalloc.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
memory.c ALSA: Align the syntax of iov_iter helpers with standard ones 2024-12-30 12:50:04 +01:00
misc.c ALSA: core: Fix potential data race at fasync handling 2026-04-20 17:59:19 +02:00
pcm.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
pcm_compat.c ALSA: pcm: Use pcm_lib_apply_appl_ptr() in x32 sync_ptr 2026-03-27 14:40:24 +01:00
pcm_dmaengine.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
pcm_drm_eld.c ALSA: pcm: Harden the spk_alloc assumption check 2025-11-21 10:35:04 +01:00
pcm_iec958.c ALSA: iec958: Split status creation and fill 2021-06-08 17:05:41 +02:00
pcm_lib.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
pcm_local.h ALSA: pcm: Revert "ALSA: pcm: rewrite snd_pcm_playback_silence()" 2023-05-05 18:23:48 +02:00
pcm_memory.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
pcm_misc.c ALSA: core: Add SPDX license id to files 2026-02-18 08:52:08 +01:00
pcm_native.c Merge branch 'for-linus' into for-next 2026-04-01 14:43:00 +02:00
pcm_param_trace.h
pcm_timer.c ALSA: pcm_timer: use snd_pcm_direction_name() 2024-08-01 12:50:13 +02:00
pcm_trace.h tracing/treewide: Remove second parameter of __assign_str() 2024-05-22 20:14:47 -04:00
rawmidi.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
rawmidi_compat.c ALSA: rawmidi: Replace with __packed attribute 2023-10-26 09:42:55 +02:00
seq_device.c ALSA: seq: Refuse to probe seq drivers with non-bus probe or remove 2025-12-14 11:08:10 +01:00
sound.c ALSA: core: Validate compress device numbers without dynamic minors 2026-03-28 10:55:35 +01:00
sound_kunit.c ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() 2024-11-27 08:06:31 +01:00
sound_oss.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
timer.c ALSA: timer: keep a list of open masters for slave lookup 2026-03-17 09:16:24 +01:00
timer_compat.c ALSA: timer: Use guard() for locking 2024-02-28 15:01:20 +01:00
ump.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
ump_convert.c ALSA: ump: Explicitly reset RPN with Null RPN 2024-07-31 15:08:39 +02:00
vmaster.c Convert 'alloc_flex' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00