forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/sound/core
History
Clemens Ladisch 28b4c9130b ALSA: rawmidi: fix oops (use after free) when unloading a driver module 
commit aa73aec6c3 upstream.

When a driver module is unloaded and the last still open file is a raw
MIDI device, the card and its devices will be actually freed in the
snd_card_file_remove() call when that file is closed.  Afterwards, rmidi
and rmidi->card point into freed memory, so the module pointer is likely
to be garbage.
(This was introduced by commit 9a1b64caac.)

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Reported-by: Krzysztof Foltman <wdev@foltman.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-10-28 21:43:53 -07:00
..
oss Merge branch 'topic/oss' into for-linus 2009-09-10 15:32:58 +02:00
seq ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open() 2010-09-20 13:17:50 -07:00
control.c ALSA: prevent heap corruption in snd_ctl_new() 2010-10-28 21:43:53 -07:00
control_compat.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
device.c ALSA: Print function symbol in the error messages 2008-10-16 16:17:30 +02:00
hrtimer.c ALSA: hrtimer - Fix lock-up 2009-12-18 14:03:29 -08:00
hwdep.c ALSA: hwdep - Make open callback optional 2009-02-05 09:10:20 +01:00
hwdep_compat.c [PATCH] hwdep_compat missed __user annotations 2006-10-10 15:37:21 -07:00
info.c Merge branch 'topic/dummy' into for-linus 2009-09-10 15:32:51 +02:00
info_oss.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
init.c ALSA: Remove struct snd_monitor_file from public sound/core.h 2009-09-07 15:50:18 +02:00
isadma.c [ALSA] Remove sound/driver.h 2008-01-31 17:29:48 +01:00
jack.c ALSA: use card device as parent for jack input-devices 2009-06-10 19:50:33 +02:00
Kconfig ALSA: Fix SG-buffer DMA with non-coherent architectures 2009-07-08 14:20:20 +02:00
Makefile ALSA: Fix SG-buffer DMA with non-coherent architectures 2009-07-08 14:20:20 +02:00
memalloc.c ALSA: Fix SG-buffer DMA with non-coherent architectures 2009-07-08 14:20:20 +02:00
memory.c [ALSA] Remove sound/driver.h 2008-01-31 17:29:48 +01:00
misc.c ALSA: Add debug module option 2009-08-27 17:42:08 +02:00
pcm.c ALSA: sound: Move dereference after NULL test and drop unnecessary NULL tests 2009-10-30 12:01:27 +01:00
pcm_compat.c ALSA: sound/core: use memdup_user() 2009-04-14 12:39:12 +02:00
pcm_lib.c Merge branch 'topic/pcm-drain-nonblock' into for-linus 2009-09-10 15:33:00 +02:00
pcm_memory.c ALSA: Fix SG-buffer DMA with non-coherent architectures 2009-07-08 14:20:20 +02:00
pcm_misc.c sound: add missing pcm kernel-doc 2008-10-18 11:05:36 +02:00
pcm_native.c ALSA: emu10k1 - delay the PCM interrupts (add pcm_irq_delay parameter) 2010-08-26 16:41:34 -07:00
pcm_timer.c ALSA: Remove unneeded snd_pcm_substream.timer_lock 2009-03-09 14:02:00 +01:00
rawmidi.c ALSA: rawmidi: fix oops (use after free) when unloading a driver module 2010-10-28 21:43:53 -07:00
rawmidi_compat.c
rtctimer.c ALSA: hda - Convert from takslet_hi_schedule() to tasklet_schedule() 2008-12-18 12:17:55 +01:00
sgbuf.c ALSA: Fix vunmap and free order in snd_free_sgbuf_pages() 2009-03-18 08:04:01 +01:00
sound.c Check fops_get() return value 2009-01-06 15:59:11 -08:00
sound_oss.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
timer.c ALSA: sound/core: use memdup_user() 2009-04-14 12:39:12 +02:00
timer_compat.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
vmaster.c ALSA: Add new TLV types for dBwith min/max 2009-06-17 10:56:53 +02:00