| From: Takashi Iwai <tiwai@suse.de> |
| Date: Wed, 2 May 2018 08:48:46 +0200 |
| Subject: ALSA: pcm: Check PCM state at xfern compat ioctl |
| |
| commit f13876e2c33a657a71bcbb10f767c0951b165020 upstream. |
| |
| Since snd_pcm_ioctl_xfern_compat() has no PCM state check, it may go |
| further and hit the sanity check pcm_sanity_check() when the ioctl is |
| called right after open. It may eventually spew a kernel warning, as |
| triggered by syzbot, depending on kconfig. |
| |
| The lack of PCM state check there was just an oversight. Although |
| it's no real crash, the spurious kernel warning is annoying, so let's |
| add the proper check. |
| |
| Reported-by: syzbot+1dac3a4f6bc9c1c675d4@syzkaller.appspotmail.com |
| Signed-off-by: Takashi Iwai <tiwai@suse.de> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| sound/core/pcm_compat.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/sound/core/pcm_compat.c |
| +++ b/sound/core/pcm_compat.c |
| @@ -334,6 +334,8 @@ static int snd_pcm_ioctl_xfern_compat(st |
| return -ENOTTY; |
| if (substream->stream != dir) |
| return -EINVAL; |
| + if (substream->runtime->status->state == SNDRV_PCM_STATE_OPEN) |
| + return -EBADFD; |
| |
| if ((ch = substream->runtime->channels) > 128) |
| return -EINVAL; |
