ALSA: line6: Fix racy initialization of LINE6 MIDI
stable inclusion from stable-5.10.40 commit f42cf1e7b86b4b93179c8891bdb276200bedfa15 bugzilla: 51882 CVE: NA -------------------------------- commit 05ca4476 upstream. The initialization of MIDI devices that are found on some LINE6 drivers are currently done in a racy way; namely, the MIDI buffer instance is allocated and initialized in each private_init callback while the communication with the interface is already started via line6_init_cap_control() call before that point. This may lead to Oops in line6_data_received() when a spurious event is received, as reported by syzkaller. This patch moves the MIDI initialization to line6_init_cap_control() as well instead of the too-lately-called private_init for avoiding the race. Also this reduces slightly more lines, so it's a win-win change. Reported-by:<syzbot+0d2b3feb0a2887862e06@syzkallerlkml..appspotmail.com> Link: https://lore.kernel.org/r/000000000000a4be9405c28520de@google.com Link: https://lore.kernel.org/r/20210517132725.GA50495@hyeyoo Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20210518083939.1927-1-tiwai@suse.de Signed-off-by:
Loading
Please sign in to comment