alsa-pcm-avoid-possible-info-leaks-from-pcm-stream-buffers.patch - pub/scm/linux/kernel/git/gregkh/queue-3.18 - Git at Google

 From add9d56d7b3781532208afbff5509d7382fb6efe Mon Sep 17 00:00:00 2001
 From: Takashi Iwai <tiwai@suse.de>
 Date: Wed, 11 Dec 2019 16:57:42 +0100
 Subject: ALSA: pcm: Avoid possible info leaks from PCM stream buffers

 From: Takashi Iwai <tiwai@suse.de>

 commit add9d56d7b3781532208afbff5509d7382fb6efe upstream.

 The current PCM code doesn't initialize explicitly the buffers
 allocated for PCM streams, hence it might leak some uninitialized
 kernel data or previous stream contents by mmapping or reading the
 buffer before actually starting the stream.

 Since this is a common problem, this patch simply adds the clearance
 of the buffer data at hw_params callback.  Although this does only
 zero-clear no matter which format is used, which doesn't mean the
 silence for some formats, but it should be OK because the intention is
 just to clear the previous data on the buffer.

 Reported-by: Lionel Koenig <lionel.koenig@gmail.com>
 Cc: <stable@vger.kernel.org>
 Link: https://lore.kernel.org/r/[email protected]
 Signed-off-by: Takashi Iwai <tiwai@suse.de>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  sound/core/pcm_native.c |    4 ++++
  1 file changed, 4 insertions(+)

 --- a/sound/core/pcm_native.c
 +++ b/sound/core/pcm_native.c
 @@ -559,6 +559,10 @@ static int snd_pcm_hw_params(struct snd_
  	while (runtime->boundary * 2 <= LONG_MAX - runtime->buffer_size)
  		runtime->boundary *= 2;

 +	/* clear the buffer for avoiding possible kernel info leaks */
 +	if (runtime->dma_area && !substream->ops->copy_user)
 +		memset(runtime->dma_area, 0, runtime->dma_bytes);
 +
  	snd_pcm_timer_resolution_change(substream);
  	snd_pcm_set_state(substream, SNDRV_PCM_STATE_SETUP);
	From add9d56d7b3781532208afbff5509d7382fb6efe Mon Sep 17 00:00:00 2001
	From: Takashi Iwai <tiwai@suse.de>
	Date: Wed, 11 Dec 2019 16:57:42 +0100
	Subject: ALSA: pcm: Avoid possible info leaks from PCM stream buffers

	From: Takashi Iwai <tiwai@suse.de>

	commit add9d56d7b3781532208afbff5509d7382fb6efe upstream.

	The current PCM code doesn't initialize explicitly the buffers
	allocated for PCM streams, hence it might leak some uninitialized
	kernel data or previous stream contents by mmapping or reading the
	buffer before actually starting the stream.

	Since this is a common problem, this patch simply adds the clearance
	of the buffer data at hw_params callback. Although this does only
	zero-clear no matter which format is used, which doesn't mean the
	silence for some formats, but it should be OK because the intention is
	just to clear the previous data on the buffer.

	Reported-by: Lionel Koenig <lionel.koenig@gmail.com>
	Cc: <stable@vger.kernel.org>
	Link: https://lore.kernel.org/r/[email protected]
	Signed-off-by: Takashi Iwai <tiwai@suse.de>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	sound/core/pcm_native.c \| 4 ++++
	1 file changed, 4 insertions(+)

	--- a/sound/core/pcm_native.c
	+++ b/sound/core/pcm_native.c
	@@ -559,6 +559,10 @@ static int snd_pcm_hw_params(struct snd_
	while (runtime->boundary * 2 <= LONG_MAX - runtime->buffer_size)
	runtime->boundary *= 2;

	+ /* clear the buffer for avoiding possible kernel info leaks */
	+ if (runtime->dma_area && !substream->ops->copy_user)
	+ memset(runtime->dma_area, 0, runtime->dma_bytes);
	+
	snd_pcm_timer_resolution_change(substream);
	snd_pcm_set_state(substream, SNDRV_PCM_STATE_SETUP);