ALSA: pcm: Check PCM state at xfern compat ioctl

[ Upstream commit f13876e2c33a657a71bcbb10f767c0951b165020 ] Since snd_pcm_ioctl_xfern_compat() has no PCM state check, it may go further and hit the sanity check pcm_sanity_check() when the ioctl is called right after open. It may eventually spew a kernel warning, as triggered by syzbot, depending on kconfig. The lack of PCM state check there was just an oversight. Although it's no real crash, the spurious kernel warning is annoying, so let's add the proper check. Reported-by: syzbot+1dac3a4f6bc9c1c675d4@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
author: Takashi Iwai <tiwai@suse.de> 2018-05-02 08:48:46 +0200
committer: Sasha Levin <alexander.levin@microsoft.com> 2018-05-22 21:36:39 -0400
commit: 1d139fd4a10bc8d4352e9805fb4a5bbe4e1f1409 (patch)
tree: fcf24161b0f4babcfb3313655f0511867da34d72
parent: 0dbe56d6ae778cae9be71f9ee0b6caf5aeb406e3 (diff)
download: linux-stable-1d139fd4a10bc8d4352e9805fb4a5bbe4e1f1409.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c
index 1f64ab0c2a95..7ae080bae15c 100644
--- a/sound/core/pcm_compat.c
+++ b/sound/core/pcm_compat.c
@@ -426,6 +426,8 @@ static int snd_pcm_ioctl_xfern_compat(struct snd_pcm_substream *substream,
 		return -ENOTTY;
 	if (substream->stream != dir)
 		return -EINVAL;
+	if (substream->runtime->status->state == SNDRV_PCM_STATE_OPEN)
+		return -EBADFD;
 
 	if ((ch = substream->runtime->channels) > 128)
 		return -EINVAL;
author	Takashi Iwai <tiwai@suse.de>	2018-05-02 08:48:46 +0200
committer	Sasha Levin <alexander.levin@microsoft.com>	2018-05-22 21:36:39 -0400
commit	1d139fd4a10bc8d4352e9805fb4a5bbe4e1f1409 (patch)
tree	fcf24161b0f4babcfb3313655f0511867da34d72
parent	0dbe56d6ae778cae9be71f9ee0b6caf5aeb406e3 (diff)
download	linux-stable-1d139fd4a10bc8d4352e9805fb4a5bbe4e1f1409.tar.gz