From: Takashi Iwai <tiwai@suse.de>
To: Ma Ke <make_ruc2021@163.com>
Cc: perex@perex.cz, tiwai@suse.com, cujomalainey@chromium.org,
maciej.szmigiero@oracle.com, clecigne@google.com,
alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ALSA: control: do not access controls without possession of r_w lock
Date: Tue, 12 Sep 2023 10:50:22 +0200 [thread overview]
Message-ID: <87o7i77p2p.wl-tiwai@suse.de> (raw)
In-Reply-To: <20230912084530.3307329-1-make_ruc2021@163.com>
On Tue, 12 Sep 2023 10:45:30 +0200,
Ma Ke wrote:
>
> we should not access any of its memory when we don't ensure possession of
> a read/write lock. Otherwise we risk a use after free access, which allows
> local users to cause a denial of service and obtain sensitive information
> from kernel memory.
This function is called always under card->controls_rwsem.
So it should be OK as is.
thanks,
Takashi
>
> Signed-off-by: Ma Ke <make_ruc2021@163.com>
> ---
> sound/core/control.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/sound/core/control.c b/sound/core/control.c
> index 59c8658966d4..98782cc68ee1 100644
> --- a/sound/core/control.c
> +++ b/sound/core/control.c
> @@ -590,7 +590,8 @@ static int __snd_ctl_remove(struct snd_card *card,
> remove_hash_entries(card, kcontrol);
>
> card->controls_count -= kcontrol->count;
> - for (idx = 0; idx < kcontrol->count; idx++)
> + count = kcontrol->count;
> + for (idx = 0; idx < count; idx++)
> snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_REMOVE, kcontrol, idx);
> snd_ctl_free_one(kcontrol);
> return 0;
> --
> 2.37.2
>
next prev parent reply other threads:[~2023-09-12 8:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-12 8:45 [PATCH] ALSA: control: do not access controls without possession of r_w lock Ma Ke
2023-09-12 8:50 ` Takashi Iwai [this message]
2023-09-12 19:53 ` kernel test robot
2023-09-25 2:25 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87o7i77p2p.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=alsa-devel@alsa-project.org \
--cc=clecigne@google.com \
--cc=cujomalainey@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maciej.szmigiero@oracle.com \
--cc=make_ruc2021@163.com \
--cc=perex@perex.cz \
--cc=tiwai@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox