summaryrefslogtreecommitdiff
path: root/firmware
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2016-01-30 23:09:08 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2016-02-17 12:34:37 -0800
commit88e6a43f83dbe543be0f520cf4adae9b1056900a (patch)
treee14402e489c65222cddaa729d3fbf3845335c72b /firmware
parent3a43ddb85acf2bfb892cf29dd7a7ee3f8427d1fb (diff)
downloadlwn-88e6a43f83dbe543be0f520cf4adae9b1056900a.tar.gz
lwn-88e6a43f83dbe543be0f520cf4adae9b1056900a.zip
ALSA: timer: Fix link corruption due to double start or stop
commit f784beb75ce82f4136f8a0960d3ee872f7109e09 upstream. Although ALSA timer code got hardening for races, it still causes use-after-free error. This is however rather a corrupted linked list, not actually the concurrent accesses. Namely, when timer start is triggered twice, list_add_tail() is called twice, too. This ends up with the link corruption and triggers KASAN error. The simplest fix would be replacing list_add_tail() with list_move_tail(), but fundamentally it's the problem that we don't check the double start/stop correctly. So, the right fix here is to add the proper checks to snd_timer_start() and snd_timer_stop() (and their variants). BugLink: http://lkml.kernel.org/r/CACT4Y+ZyPRoMQjmawbvmCEDrkBD2BQuH7R09=eOkf5ESK8kJAw@mail.gmail.com Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'firmware')
0 files changed, 0 insertions, 0 deletions