Home Home > GIT Browse > openSUSE-15.1
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-01-10 20:41:49 +0100
committerTakashi Iwai <tiwai@suse.de>2019-01-11 08:35:12 +0100
commitb6ef5d3b41296663901e4cedd2bf3c6f92376a54 (patch)
tree9b531f4d4f8a4bb74db94eb8197eef40832c3eb8
parenta40a3952b1a8ff48fb4d240bd1d4053941da002e (diff)
ALSA: rawmidi: Initialize allocated buffers (bsc#1121278).
-rw-r--r--patches.drivers/ALSA-rawmidi-Initialize-allocated-buffers.patch46
-rw-r--r--series.conf1
2 files changed, 47 insertions, 0 deletions
diff --git a/patches.drivers/ALSA-rawmidi-Initialize-allocated-buffers.patch b/patches.drivers/ALSA-rawmidi-Initialize-allocated-buffers.patch
new file mode 100644
index 0000000000..59977ca425
--- /dev/null
+++ b/patches.drivers/ALSA-rawmidi-Initialize-allocated-buffers.patch
@@ -0,0 +1,46 @@
+From 5a7b44a8df822e0667fc76ed7130252523993bda Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 3 Sep 2018 15:16:43 +0200
+Subject: [PATCH] ALSA: rawmidi: Initialize allocated buffers
+Git-commit: 5a7b44a8df822e0667fc76ed7130252523993bda
+Patch-mainline: v4.19-rc3
+References: bsc#1121278
+
+syzbot reported the uninitialized value exposure in certain situations
+using virmidi loop. It's likely a very small race at writing and
+reading, and the influence is almost negligible. But it's safer to
+paper over this just by replacing the existing kvmalloc() with
+kvzalloc().
+
+Reported-by: syzbot+194dffdb8b22fc5d207a@syzkaller.appspotmail.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ sound/core/rawmidi.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c
+index 69517e18ef07..08d5662039e3 100644
+--- a/sound/core/rawmidi.c
++++ b/sound/core/rawmidi.c
+@@ -129,7 +129,7 @@ static int snd_rawmidi_runtime_create(struct snd_rawmidi_substream *substream)
+ runtime->avail = 0;
+ else
+ runtime->avail = runtime->buffer_size;
+- runtime->buffer = kvmalloc(runtime->buffer_size, GFP_KERNEL);
++ runtime->buffer = kvzalloc(runtime->buffer_size, GFP_KERNEL);
+ if (!runtime->buffer) {
+ kfree(runtime);
+ return -ENOMEM;
+@@ -655,7 +655,7 @@ static int resize_runtime_buffer(struct snd_rawmidi_runtime *runtime,
+ if (params->avail_min < 1 || params->avail_min > params->buffer_size)
+ return -EINVAL;
+ if (params->buffer_size != runtime->buffer_size) {
+- newbuf = kvmalloc(params->buffer_size, GFP_KERNEL);
++ newbuf = kvzalloc(params->buffer_size, GFP_KERNEL);
+ if (!newbuf)
+ return -ENOMEM;
+ spin_lock_irq(&runtime->lock);
+--
+2.20.1
+
diff --git a/series.conf b/series.conf
index 20d4fc9cd7..6c84eaf7c9 100644
--- a/series.conf
+++ b/series.conf
@@ -38740,6 +38740,7 @@
patches.drm/8863-drm-i915-dsc-fix-pps-register-definition-macros-for-2nd-vdsc-engine
patches.drm/8864-drm-i915-dp_mst-fix-enabling-pipe-clock-for-all-streams
patches.drivers/ALSA-hda-Fix-cancel_work_sync-stall-from-jackpoll-wo.patch
+ patches.drivers/ALSA-rawmidi-Initialize-allocated-buffers.patch
patches.drivers/ACPI-LPSS-Force-LPSS-quirks-on-boot.patch
patches.arch/acpi-bus-only-call-dmi_check_system-on-x86.patch
patches.fixes/fsnotify-fix-ignore-mask-logic-in-fsnotify.patch