kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/ALSA-line6-Fix-racy-initialization-of-LINE6-MIDI.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   ebc4f0cb715d533804b3e9d66899a0470ba951f2
  2.   patches.suse
  3.   ALSA-line6-Fix-racy-initialization-of-LINE6-MIDI.patch
Blob History Raw
Takashi Iwai a844a9 
From 05ca447630334c323c9e2b788b61133ab75d60d3 Mon Sep 17 00:00:00 2001
Takashi Iwai a844a9 
From: Takashi Iwai <tiwai@suse.de>
Takashi Iwai a844a9 
Date: Tue, 18 May 2021 10:39:39 +0200
Takashi Iwai a844a9 
Subject: [PATCH] ALSA: line6: Fix racy initialization of LINE6 MIDI
Takashi Iwai a844a9 
Git-commit: 05ca447630334c323c9e2b788b61133ab75d60d3
Takashi Iwai a844a9 
Patch-mainline: v5.13-rc3
Takashi Iwai a844a9 
References: git-fixes
Takashi Iwai a844a9
Takashi Iwai a844a9 
The initialization of MIDI devices that are found on some LINE6
Takashi Iwai a844a9 
drivers are currently done in a racy way; namely, the MIDI buffer
Takashi Iwai a844a9 
instance is allocated and initialized in each private_init callback
Takashi Iwai a844a9 
while the communication with the interface is already started via
Takashi Iwai a844a9 
line6_init_cap_control() call before that point.  This may lead to
Takashi Iwai a844a9 
Oops in line6_data_received() when a spurious event is received, as
Takashi Iwai a844a9 
reported by syzkaller.
Takashi Iwai a844a9
Takashi Iwai a844a9 
This patch moves the MIDI initialization to line6_init_cap_control()
Takashi Iwai a844a9 
as well instead of the too-lately-called private_init for avoiding the
Takashi Iwai a844a9 
race.  Also this reduces slightly more lines, so it's a win-win
Takashi Iwai a844a9 
change.
Takashi Iwai a844a9
Takashi Iwai a844a9 
Reported-by: syzbot+0d2b3feb0a2887862e06@syzkallerlkml..appspotmail.com
Takashi Iwai a844a9 
Link: https://lore.kernel.org/r/000000000000a4be9405c28520de@google.com
Takashi Iwai a844a9 
Link: https://lore.kernel.org/r/20210517132725.GA50495@hyeyoo
Takashi Iwai a844a9 
Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Takashi Iwai a844a9 
Cc: <stable@vger.kernel.org>
Takashi Iwai a844a9 
Link: https://lore.kernel.org/r/20210518083939.1927-1-tiwai@suse.de
Takashi Iwai a844a9 
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Takashi Iwai a844a9
Takashi Iwai a844a9 
---
Takashi Iwai a844a9 
 sound/usb/line6/driver.c | 4 ++++
Takashi Iwai a844a9 
 sound/usb/line6/pod.c    | 5 -----
Takashi Iwai a844a9 
 sound/usb/line6/variax.c | 6 ------
Takashi Iwai a844a9 
 3 files changed, 4 insertions(+), 11 deletions(-)
Takashi Iwai a844a9
Takashi Iwai a844a9 
diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c
Takashi Iwai a844a9 
index a030dd65eb28..9602929b7de9 100644
Takashi Iwai a844a9 
--- a/sound/usb/line6/driver.c
Takashi Iwai a844a9 
+++ b/sound/usb/line6/driver.c
Takashi Iwai a844a9 
@@ -699,6 +699,10 @@ static int line6_init_cap_control(struct usb_line6 *line6)
Takashi Iwai a844a9 
 		line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL);
Takashi Iwai a844a9 
 		if (!line6->buffer_message)
Takashi Iwai a844a9 
 			return -ENOMEM;
Takashi Iwai a844a9 
+
Takashi Iwai a844a9 
+		ret = line6_init_midi(line6);
Takashi Iwai a844a9 
+		if (ret < 0)
Takashi Iwai a844a9 
+			return ret;
Takashi Iwai a844a9 
 	} else {
Takashi Iwai a844a9 
 		ret = line6_hwdep_init(line6);
Takashi Iwai a844a9 
 		if (ret < 0)
Takashi Iwai a844a9 
diff --git a/sound/usb/line6/pod.c b/sound/usb/line6/pod.c
Takashi Iwai a844a9 
index cd44cb5f1310..16e644330c4d 100644
Takashi Iwai a844a9 
--- a/sound/usb/line6/pod.c
Takashi Iwai a844a9 
+++ b/sound/usb/line6/pod.c
Takashi Iwai a844a9 
@@ -376,11 +376,6 @@ static int pod_init(struct usb_line6 *line6,
Takashi Iwai a844a9 
 	if (err < 0)
Takashi Iwai a844a9 
 		return err;
Takashi Iwai a844a9
Takashi Iwai a844a9 
-	/* initialize MIDI subsystem: */
Takashi Iwai a844a9 
-	err = line6_init_midi(line6);
Takashi Iwai a844a9 
-	if (err < 0)
Takashi Iwai a844a9 
-		return err;
Takashi Iwai a844a9 
-
Takashi Iwai a844a9 
 	/* initialize PCM subsystem: */
Takashi Iwai a844a9 
 	err = line6_init_pcm(line6, &pod_pcm_properties);
Takashi Iwai a844a9 
 	if (err < 0)
Takashi Iwai a844a9 
diff --git a/sound/usb/line6/variax.c b/sound/usb/line6/variax.c
Takashi Iwai a844a9 
index ed158f04de80..c2245aa93b08 100644
Takashi Iwai a844a9 
--- a/sound/usb/line6/variax.c
Takashi Iwai a844a9 
+++ b/sound/usb/line6/variax.c
Takashi Iwai a844a9 
@@ -159,7 +159,6 @@ static int variax_init(struct usb_line6 *line6,
Takashi Iwai a844a9 
 		       const struct usb_device_id *id)
Takashi Iwai a844a9 
 {
Takashi Iwai a844a9 
 	struct usb_line6_variax *variax = line6_to_variax(line6);
Takashi Iwai a844a9 
-	int err;
Takashi Iwai a844a9
Takashi Iwai a844a9 
 	line6->process_message = line6_variax_process_message;
Takashi Iwai a844a9 
 	line6->disconnect = line6_variax_disconnect;
Takashi Iwai a844a9 
@@ -172,11 +171,6 @@ static int variax_init(struct usb_line6 *line6,
Takashi Iwai a844a9 
 	if (variax->buffer_activate == NULL)
Takashi Iwai a844a9 
 		return -ENOMEM;
Takashi Iwai a844a9
Takashi Iwai a844a9 
-	/* initialize MIDI subsystem: */
Takashi Iwai a844a9 
-	err = line6_init_midi(&variax->line6);
Takashi Iwai a844a9 
-	if (err < 0)
Takashi Iwai a844a9 
-		return err;
Takashi Iwai a844a9 
-
Takashi Iwai a844a9 
 	/* initiate startup procedure: */
Takashi Iwai a844a9 
 	schedule_delayed_work(&line6->startup_work,
Takashi Iwai a844a9 
 			      msecs_to_jiffies(VARIAX_STARTUP_DELAY1));
Takashi Iwai a844a9 
--
Takashi Iwai a844a9 
2.26.2
Takashi Iwai a844a9
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.