On Wed, Jan 31, 2018 at 06:06:09PM +0000, Ben Hutchings wrote: > From: Takashi Iwai <tiwai@xxxxxxx> > > commit b3defb791b26ea0683a93a4f49c77ec45ec96f10 upstream. > > The ALSA sequencer ioctls have no protection against racy calls while > the concurrent operations may lead to interfere with each other. As > reported recently, for example, the concurrent calls of setting client > pool with a combination of write calls may lead to either the > unkillable dead-lock or UAF. > > As a slightly big hammer solution, this patch introduces the mutex to > make each ioctl exclusive. Although this may reduce performance via > parallel ioctl calls, usually it's not demanded for sequencer usages, > hence it should be negligible. > > Reported-by: Luo Quan <a4651386@xxxxxxx> > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> > Reviewed-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: Takashi Iwai <tiwai@xxxxxxx> > [bwh: Backported to 4.4: ioctl dispatch is done from snd_seq_do_ioctl(); > take the mutex and add ret variable there.] Thanks for the backport, now applied. greg k-h