R0dn3yS/android_kernel_xiaomi_sm7250
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ANDROID: fix up abi issue with struct snd_pcm_runtime

Browse Source 
A portion of the fix for CVE-2022-1048, commit 9cb6c40a6e ("ALSA: pcm:
Fix races among concurrent hw_params and hw_free calls") and
40f4cffbe1 ("ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
mmap_lock"), caused an ABI break by adding a new field to struct
snd_pcm_runtime.  Because we have to keep this new addition, it is safe
to move it to the end of the structure because this is only ever created
by the sound core, and referenced as a pointer everywhere else.

This does require a .xml update also to handle the increased structure
size:

Leaf changes summary: 1 artifact changed
Changed leaf types summary: 1 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 0 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable

'struct snd_pcm_runtime at pcm.h:367:1' changed:
  type size changed from 6144 to 6464 (in bits)
  2 data member insertions:
    'mutex buffer_mutex', at offset 6144 (in bits) at pcm.h:454:1
    'atomic_t buffer_accessing', at offset 6400 (in bits) at pcm.h:455:1
  59 impacted interfaces

Bug: 161946584
Fixes: 9cb6c40a6e ("ALSA: pcm: Fix races among concurrent hw_params and hw_free calls")
Fixes: 40f4cffbe1 ("ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I525799616e06c1d2c5513821a3361e99dcb7e553
This commit is contained in:
Greg Kroah-Hartman 2022-03-28 17:30:06 +02:00
parent b4b59322a5
commit f3674eb0fb
2 changed files with 466 additions and 452 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

912
android/abi_gki_aarch64.xml
View File

File diff suppressed because it is too large Load Diff

6
include/sound/pcm.h
View File

@ -421,8 +421,6 @@ struct snd_pcm_runtime {
wait_queue_head_t sleep; /* poll sleep */
wait_queue_head_t tsleep; /* transfer sleep */
struct fasync_struct *fasync;
struct mutex buffer_mutex; /* protect for buffer changes */
atomic_t buffer_accessing; /* >0: in r/w operation, <0: blocked */
/* -- private section -- */
void *private_data;
@ -452,6 +450,10 @@ struct snd_pcm_runtime {
/* -- OSS things -- */
struct snd_pcm_oss_runtime oss;
#endif
#ifndef __GENKSYMS__
struct mutex buffer_mutex; /* protect for buffer changes */
atomic_t buffer_accessing; /* >0: in r/w operation, <0: blocked */
#endif
};
struct snd_pcm_group { /* keep linked substreams */