From: Michał Mirosław <mirq-linux@xxxxxxxxxxxx> commit 951e2736f4b11b58dc44d41964fa17c3527d882a upstream. Prevent SNDRV_PCM_IOCTL_LINK linking stream to itself - the code can't handle it. Fixed commit is not where bug was introduced, but changes the context significantly. Cc: stable@xxxxxxxxxxxxxxx Fixes: 0888c321de70 ("pcm_native: switch to fdget()/fdput()") Signed-off-by: Michał Mirosław <mirq-linux@xxxxxxxxxxxx> Link: https://lore.kernel.org/r/89c4a2487609a0ed6af3ecf01cc972bdc59a7a2d.1591634956.git.mirq-linux@xxxxxxxxxxxx Signed-off-by: Takashi Iwai <tiwai@xxxxxxx> --- Backported to 4.19.y. It can be used for older branches, too. sound/core/pcm_native.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c index 14b1ee29509d..071e09c3d855 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -1950,6 +1950,11 @@ static int snd_pcm_link(struct snd_pcm_substream *substream, int fd) } pcm_file = f.file->private_data; substream1 = pcm_file->substream; + if (substream == substream1) { + res = -EINVAL; + goto _badf; + } + group = kmalloc(sizeof(*group), GFP_KERNEL); if (!group) { res = -ENOMEM; -- 2.16.4