From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
syzbot+d102fa5b35335a7e544e@syzkaller.appspotmail.com,
Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.de>
Subject: [PATCH 4.4 15/23] ALSA: timer: Fix master timer notification
Date: Tue, 8 Jun 2021 20:27:07 +0200 [thread overview]
Message-ID: <20210608175927.029876951@linuxfoundation.org> (raw)
In-Reply-To: <20210608175926.524658689@linuxfoundation.org>
From: Takashi Iwai <tiwai@suse.de>
commit 9c1fe96bded935369f8340c2ac2e9e189f697d5d upstream.
snd_timer_notify1() calls the notification to each slave for a master
event, but it passes a wrong event number. It should be +10 offset,
corresponding to SNDRV_TIMER_EVENT_MXXX, but it's incorrectly with
+100 offset. Casually this was spotted by UBSAN check via syzkaller.
Reported-by: syzbot+d102fa5b35335a7e544e@syzkaller.appspotmail.com
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/000000000000e5560e05c3bd1d63@google.com
Link: https://lore.kernel.org/r/20210602113823.23777-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/timer.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -432,9 +432,10 @@ static void snd_timer_notify1(struct snd
return;
if (timer->hw.flags & SNDRV_TIMER_HW_SLAVE)
return;
+ event += 10; /* convert to SNDRV_TIMER_EVENT_MXXX */
list_for_each_entry(ts, &ti->slave_active_head, active_list)
if (ts->ccallback)
- ts->ccallback(ts, event + 100, &tstamp, resolution);
+ ts->ccallback(ts, event, &tstamp, resolution);
}
/* start/continue a master timer */
next prev parent reply other threads:[~2021-06-08 18:28 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-08 18:26 [PATCH 4.4 00/23] 4.4.272-rc1 review Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.4 01/23] efi: cper: fix snprintf() use in cper_dimm_err_location() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.4 02/23] vfio/pci: Fix error return code in vfio_ecap_init() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.4 03/23] vfio/platform: fix module_put call in error flow Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.4 04/23] ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.4 05/23] HID: pidff: fix error return code in hid_pidff_init() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.4 06/23] netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.4 07/23] ieee802154: fix error return code in ieee802154_add_iface() Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 08/23] ieee802154: fix error return code in ieee802154_llsec_getparams() Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 09/23] Bluetooth: fix the erroneous flush_work() order Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 10/23] Bluetooth: use correct lock to prevent UAF of hdev object Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 11/23] net: caif: added cfserl_release function Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 12/23] net: caif: add proper error handling Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 13/23] net: caif: fix memory leak in caif_device_notify Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 14/23] net: caif: fix memory leak in cfusbl_device_notify Greg Kroah-Hartman
2021-06-08 18:27 ` Greg Kroah-Hartman [this message]
2021-06-08 18:27 ` [PATCH 4.4 16/23] ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 17/23] pid: take a reference when initializing `cad_pid` Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 18/23] ocfs2: fix data corruption by fallocate Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 19/23] nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 20/23] btrfs: fixup error handling in fixup_inode_link_counts Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 21/23] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 22/23] arm64: Remove unimplemented syscall log message Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.4 23/23] xen-pciback: redo VF placement in the virtual topology Greg Kroah-Hartman
2021-06-08 23:02 ` [PATCH 4.4 00/23] 4.4.272-rc1 review Pavel Machek
2021-06-09 2:56 ` Shuah Khan
2021-06-09 9:38 ` Jon Hunter
2021-06-09 12:07 ` Naresh Kamboju
2021-06-09 18:47 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210608175927.029876951@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=perex@perex.cz \
--cc=stable@vger.kernel.org \
--cc=syzbot+d102fa5b35335a7e544e@syzkaller.appspotmail.com \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).