mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,239,113 Commits 103 Branches 4,994 Tags 5.4 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Go to file
Duoming Zhou e955e8a7f3 ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs 
commit 051e0840ff upstream.

The dreamcastcard->timer could schedule the spu_dma_work and the
spu_dma_work could also arm the dreamcastcard->timer.

When the snd_pcm_substream is closing, the aica_channel will be
deallocated. But it could still be dereferenced in the worker
thread. The reason is that del_timer() will return directly
regardless of whether the timer handler is running or not and
the worker could be rescheduled in the timer handler. As a result,
the UAF bug will happen. The racy situation is shown below:

      (Thread 1)                 |      (Thread 2)
snd_aicapcm_pcm_close()          |
 ...                             |  run_spu_dma() //worker
                                 |    mod_timer()
  flush_work()                   |
  del_timer()                    |  aica_period_elapsed() //timer
  kfree(dreamcastcard->channel)  |    schedule_work()
                                 |  run_spu_dma() //worker
  ...                            |    dreamcastcard->channel-> //USE

In order to mitigate this bug and other possible corner cases,
call mod_timer() conditionally in run_spu_dma(), then implement
PCM sync_stop op to cancel both the timer and worker. The sync_stop
op will be called from PCM core appropriately when needed.

Fixes: 198de43d75 ("[ALSA] Add ALSA support for the SEGA Dreamcast PCM device")
Suggested-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Message-ID: <20240326094238.95442-1-duoming@zju.edu.cn>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-04-03 15:11:54 +02:00
Documentation x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT 2024-04-03 15:11:42 +02:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
arch hexagon: vmlinux.lds.S: handle attributes section 2024-04-03 15:11:49 +02:00
block block: Do not force full zone append completion in req_bio_endio() 2024-04-03 15:11:50 +02:00
certs This update includes the following changes: 2023-11-02 16:15:30 -10:00
crypto Revert "crypto: pkcs7 - remove sha1 support" 2024-04-03 15:11:35 +02:00
drivers vfio/pds: Make sure migration file isn't accessed after reset 2024-04-03 15:11:53 +02:00
fs exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() 2024-04-03 15:11:49 +02:00
include mtd: spinand: Add support for 5-byte IDs 2024-04-03 15:11:52 +02:00
init init: open /initrd.image with O_LARGEFILE 2024-04-03 15:11:47 +02:00
io_uring io_uring/waitid: always remove waitid entry for cancel all 2024-04-03 15:11:28 +02:00
ipc Many singleton patches against the MM code. The patch series which are 2023-11-02 19:38:47 -10:00
kernel prctl: generalize PR_SET_MDWE support check to be per-arch 2024-04-03 15:11:47 +02:00
lib pci_iounmap(): Fix MMIO mapping leak 2024-04-03 15:11:07 +02:00
mm mm: cachestat: fix two shmem bugs 2024-04-03 15:11:49 +02:00
net Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync 2024-04-03 15:11:52 +02:00
rust rust: Ignore preserve-most functions 2024-01-25 15:45:09 -08:00
samples eventfd: simplify eventfd_signal() 2024-04-03 15:11:23 +02:00
scripts kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 2024-04-03 15:11:22 +02:00
security landlock: Warn once if a Landlock action is requested while disabled 2024-04-03 15:11:19 +02:00
sound ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs 2024-04-03 15:11:54 +02:00
tools selftests/mm: fix ARM related issue with fork after pthread_create 2024-04-03 15:11:49 +02:00
usr arch: Remove Itanium (IA-64) architecture 2023-09-11 08:13:17 +00:00
virt eventfd: simplify eventfd_signal() 2024-04-03 15:11:23 +02:00
.clang-format iommu: Add for_each_group_device() 2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: rpm-pkg: generate kernel.spec in rpmbuild/SPECS/ 2023-10-03 20:49:09 +09:00
.mailmap 12 hotfixes. 2 are cc:stable and the remainder either address post-6.7 2024-01-05 13:46:18 -08:00
.rustfmt.toml rust: add `.rustfmt.toml` 2022-09-28 09:02:20 +02:00
COPYING
CREDITS 12 hotfixes. 2 are cc:stable and the remainder either address post-6.7 2024-01-05 13:46:18 -08:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS 12 hotfixes. 2 are cc:stable and the remainder either address post-6.7 2024-01-05 13:46:18 -08:00
Makefile Linux 6.7.11 2024-03-26 18:22:50 -04:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.