kernel_optimize_test/sound/core
Nicolas Boichat 43c54b8c7c ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode
This reverts one hunk of
commit ef44a1ec6e ("ALSA: sound/core: use memdup_user()"), which
replaced a number of kmalloc followed by memcpy with memdup calls.

In this case, we are copying from a struct snd_pcm_hw_params32 to
a struct snd_pcm_hw_params, but the latter is 4 bytes longer than
the 32-bit version, so we need to separate kmalloc and copy calls.

This actually leads to an out-of-bounds memory access later on
in sound/soc/soc-pcm.c:soc_pcm_hw_params() (detected using KASan).

Fixes: ef44a1ec6e ('ALSA: sound/core: use memdup_user()')
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-01-18 14:39:00 +01:00
..
oss ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc 2015-12-20 22:31:02 +01:00
seq ALSA: seq: Fix race at timer setup and close 2016-01-12 17:50:41 +01:00
compress_offload.c ALSA: compress: add support for 32bit calls in a 64bit kernel 2015-12-07 10:44:48 +01:00
control_compat.c
control.c ALSA: ctl: fix to handle several elements added by one operation for userspace element 2015-04-13 10:31:49 +02:00
ctljack.c ALSA: jack: Fix endless loop at unique index detection 2015-06-26 06:59:57 +02:00
device.c Merge branch 'topic/hda-unbind' into for-next 2015-03-16 14:48:20 +01:00
hrtimer.c ALSA: hrtimer: Fix stall by hrtimer_cancel() 2016-01-18 14:33:30 +01:00
hwdep_compat.c
hwdep.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
info_oss.c ALSA: core: Clean up OSS proc file management 2015-04-24 17:31:08 +02:00
info.c ALSA: info: Drop kerneldoc comment from snd_info_create_entry() 2015-05-18 09:45:11 +02:00
init.c ALSA: hda_intel: add card number to irq description 2016-01-12 21:05:16 +01:00
isadma.c
jack.c ALSA: jack: Remove MODULE_*() macros 2015-05-21 11:32:51 +02:00
Kconfig ALSA: timer: add config item to export PCM timer disabling for expert 2015-10-16 14:31:38 +02:00
Makefile ALSA: timer: add config item to export PCM timer disabling for expert 2015-10-16 14:31:38 +02:00
memalloc.c genalloc: rename of_get_named_gen_pool() to of_gen_pool_get() 2015-06-30 19:45:01 -07:00
memory.c ALSA: Include linux/uaccess.h and linux/bitopts.h instead of asm/* 2015-01-28 17:25:07 +01:00
misc.c ALSA: Allow pass NULL dev for snd_pci_quirk_lookup() 2014-10-08 12:08:38 +02:00
pcm_compat.c ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode 2016-01-18 14:39:00 +01:00
pcm_dmaengine.c ALSA: Fix spelling typo in Documentation/DocBook/alsa-driver-api.xml 2015-03-04 12:12:59 +01:00
pcm_drm_eld.c ALSA: pcm: add DRM ELD helper 2015-05-22 16:01:44 +02:00
pcm_iec958.c ALSA: pcm: add IEC958 channel status helper 2015-05-22 16:01:47 +02:00
pcm_lib.c ALSA: Constify ratden/ratnum constraints 2015-10-28 11:42:22 +01:00
pcm_memory.c ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
pcm_misc.c ALSA: pcm: Add big-endian DSD sample formats and fix XMOS DSD sample format 2014-11-21 15:13:28 +01:00
pcm_native.c ALSA: pcm: constify action_ops structures 2015-11-30 11:39:13 +01:00
pcm_timer.c
pcm_trace.h ALSA: pcm: Replace PCM hwptr tracking with tracepoints 2014-11-04 14:09:14 +01:00
pcm.c ALSA: pcm: remove structure member of 'struct snd_pcm_hwptr_log *' type because this structure had been removed 2015-09-13 12:03:15 +02:00
rawmidi_compat.c
rawmidi.c ALSA: core: Drop superfluous error/debug messages after malloc failures 2015-03-10 15:42:14 +01:00
rtctimer.c
sgbuf.c ALSA: core: Deletion of unnecessary checks before two function calls 2014-11-21 20:06:57 +01:00
sound_oss.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
sound.c ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
timer_compat.c
timer.c ALSA: timer: Code cleanup 2016-01-15 15:50:34 +01:00
vmaster.c