linux-brain

History

Takashi Iwai 4a830a37d3 ALSA: seq: Fix racy deletion of subscriber commit 97367c97226aab8b298ada954ce12659ee3ad2a4 upstream. It turned out that the current implementation of the port subscription is racy. The subscription contains two linked lists, and we have to add to or delete from both lists. Since both connection and disconnection procedures perform the same order for those two lists (i.e. src list, then dest list), when a deletion happens during a connection procedure, the src list may be deleted before the dest list addition completes, and this may lead to a use-after-free or an Oops, even though the access to both lists are protected via mutex. The simple workaround for this race is to change the access order for the disconnection, namely, dest list, then src list. This assures that the connection has been established when disconnecting, and also the concurrent deletion can be avoided. Reported-and-tested-by: folkert <folkert@vanheusden.com> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20210801182754.GP890690@belle.intranet.vanheusden.com Link: https://lore.kernel.org/r/20210803114312.2536-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2021-08-12 13:20:54 +02:00
..
oss	ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()	2021-01-27 11:47:39 +01:00
Kconfig	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
seq.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_clientmgr.c	ALSA: seq: Fix concurrent access to queue current tick/time	2020-02-28 17:22:27 +01:00
seq_clientmgr.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_compat.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_dummy.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_fifo.c	ALSA: seq: Fix potential concurrent access to the deleted pool	2019-08-25 09:31:10 +02:00
seq_fifo.h	ALSA: seq: Fix potential concurrent access to the deleted pool	2019-08-25 09:31:10 +02:00
seq_info.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_info.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_lock.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_lock.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
seq_memory.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_memory.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_midi.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_midi_emul.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_midi_event.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_ports.c	ALSA: seq: Fix racy deletion of subscriber	2021-08-12 13:20:54 +02:00
seq_ports.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_prioq.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_prioq.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_queue.c	ALSA: seq: Fix concurrent access to queue current tick/time	2020-02-28 17:22:27 +01:00
seq_queue.h	ALSA: seq: Use bool for snd_seq_queue internal flags	2021-01-06 14:48:38 +01:00
seq_system.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_system.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
seq_timer.c	ALSA: seq: Fix concurrent access to queue current tick/time	2020-02-28 17:22:27 +01:00
seq_timer.h	ALSA: seq: Fix concurrent access to queue current tick/time	2020-02-28 17:22:27 +01:00
seq_virmidi.c	ALSA: seq: virmidi: Fix running status after receiving sysex	2020-03-25 08:25:52 +01:00