On Tue, Dec 05, 2017 at 09:19:32AM -0800, Nick Desaulniers wrote:
- stable
On Tue, Dec 5, 2017 at 9:16 AM, Nick Desaulniers ndesaulniers@google.com wrote:
From: Robb Glasser rglasser@google.com
When the device descriptor is closed, the `substream->runtime` pointer is freed. But another thread may be in the ioctl handler, case SNDRV_CTL_IOCTL_PCM_INFO. This case calls snd_pcm_info_user() which calls snd_pcm_info() which accesses the now freed `substream->runtime`.
Signed-off-by: Robb Glasser rglasser@google.com Signed-off-by: Nick Desaulniers ndesaulniers@google.com
sound/core/pcm.c | 2 ++ 1 file changed, 2 insertions(+)
<formletter>
This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html for how to do this properly.
</formletter>