Takashi Iwai tiwai@suse.de writes:
This patch is an attempt for further hardening against races between the concurrent write and ioctls. The previous fix d15d662e89fc ("ALSA: seq: Fix racy pool initializations") covered the race of the pool initialization at writer and the pool resize ioctl by the client->ioctl_mutex (CVE-2018-1000004). However, basically this mutex should be applied more widely to the whole write operation for avoiding the unexpected pool operations by another thread.
The only change outside snd_seq_write() is the additional mutex argument to helper functions, so that we can unlock / relock the given mutex temporarily during schedule() call for blocking write.
Fixes: d15d662e89fc ("ALSA: seq: Fix racy pool initializations") Reported-by: 范龙飞 long7573@126.com Reported-by: Nicolai Stange nstange@suse.de Cc: stable@vger.kernel.org Signed-off-by: Takashi Iwai tiwai@suse.de
Reviewed-and-tested-by: Nicolai Stange nstange@suse.de