* Re: [PATCH] snd/hda: fix use-after-free after module unload [not found] <20160709143857.12044-1-peter@lekensteyn.nl> @ 2016-07-11 10:42 ` Takashi Iwai 2016-07-11 17:32 ` Peter Wu 2016-07-11 17:51 ` [PATCH v2] " Peter Wu 0 siblings, 2 replies; 4+ messages in thread From: Takashi Iwai @ 2016-07-11 10:42 UTC (permalink / raw) To: Peter Wu; +Cc: alsa-devel On Sat, 09 Jul 2016 16:38:57 +0200, Peter Wu wrote: > > register_vga_switcheroo() sets the PM ops from the hda structure which > is freed later in azx_free. Make sure that these ops are cleared. > > Caught by KASAN. > > Fixes: 246efa4a072f ("snd/hda: add runtime suspend/resume on optimus support (v4)") > Signed-off-by: Peter Wu <peter@lekensteyn.nl> > --- > sound/pci/hda/hda_intel.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c > index 94089fc..a339066 100644 > --- a/sound/pci/hda/hda_intel.c > +++ b/sound/pci/hda/hda_intel.c > @@ -1219,6 +1219,7 @@ static int azx_free(struct azx *chip) > snd_hda_unlock_devices(&chip->bus); > if (hda->vga_switcheroo_registered) > vga_switcheroo_unregister_client(chip->pci); > + vga_switcheroo_fini_domain_pm_ops(chip->card->dev); The domain pm ops is set only when hda->vga_switcheroo_registered flag is set. So the call should be in the previous if block. Also, the indentation looks wrong. Please use the correct indentation. Could you resubmit with these fixes? thanks, Takashi ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] snd/hda: fix use-after-free after module unload 2016-07-11 10:42 ` [PATCH] snd/hda: fix use-after-free after module unload Takashi Iwai @ 2016-07-11 17:32 ` Peter Wu 2016-07-11 17:51 ` [PATCH v2] " Peter Wu 1 sibling, 0 replies; 4+ messages in thread From: Peter Wu @ 2016-07-11 17:32 UTC (permalink / raw) To: Takashi Iwai; +Cc: alsa-devel On Mon, Jul 11, 2016 at 12:42:27PM +0200, Takashi Iwai wrote: > On Sat, 09 Jul 2016 16:38:57 +0200, > Peter Wu wrote: > > > > register_vga_switcheroo() sets the PM ops from the hda structure which > > is freed later in azx_free. Make sure that these ops are cleared. > > > > Caught by KASAN. > > > > Fixes: 246efa4a072f ("snd/hda: add runtime suspend/resume on optimus support (v4)") > > Signed-off-by: Peter Wu <peter@lekensteyn.nl> > > --- > > sound/pci/hda/hda_intel.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c > > index 94089fc..a339066 100644 > > --- a/sound/pci/hda/hda_intel.c > > +++ b/sound/pci/hda/hda_intel.c > > @@ -1219,6 +1219,7 @@ static int azx_free(struct azx *chip) > > snd_hda_unlock_devices(&chip->bus); > > if (hda->vga_switcheroo_registered) > > vga_switcheroo_unregister_client(chip->pci); > > + vga_switcheroo_fini_domain_pm_ops(chip->card->dev); > > The domain pm ops is set only when hda->vga_switcheroo_registered flag > is set. So the call should be in the previous if block. Yes that would be cleaner, will do that. > Also, the indentation looks wrong. Please use the correct > indentation. Noticed too late that the editor config was wrong on the testing machine. > Could you resubmit with these fixes? I will, thanks for the feedback! -- Kind regards, Peter Wu https://lekensteyn.nl ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2] snd/hda: fix use-after-free after module unload 2016-07-11 10:42 ` [PATCH] snd/hda: fix use-after-free after module unload Takashi Iwai 2016-07-11 17:32 ` Peter Wu @ 2016-07-11 17:51 ` Peter Wu 2016-07-11 18:10 ` Takashi Iwai 1 sibling, 1 reply; 4+ messages in thread From: Peter Wu @ 2016-07-11 17:51 UTC (permalink / raw) To: Takashi Iwai; +Cc: alsa-devel register_vga_switcheroo() sets the PM ops from the hda structure which is freed later in azx_free. Make sure that these ops are cleared. Caught by KASAN, initially noticed due to a general protection fault. Fixes: 246efa4a072f ("snd/hda: add runtime suspend/resume on optimus support (v4)") Signed-off-by: Peter Wu <peter@lekensteyn.nl> --- Maybe Cc stable? --- sound/pci/hda/hda_intel.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c index 94089fc..4aeed98 100644 --- a/sound/pci/hda/hda_intel.c +++ b/sound/pci/hda/hda_intel.c @@ -1217,8 +1217,10 @@ static int azx_free(struct azx *chip) if (use_vga_switcheroo(hda)) { if (chip->disabled && hda->probe_continued) snd_hda_unlock_devices(&chip->bus); - if (hda->vga_switcheroo_registered) + if (hda->vga_switcheroo_registered) { vga_switcheroo_unregister_client(chip->pci); + vga_switcheroo_fini_domain_pm_ops(chip->card->dev); + } } if (bus->chip_init) { -- 2.9.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2] snd/hda: fix use-after-free after module unload 2016-07-11 17:51 ` [PATCH v2] " Peter Wu @ 2016-07-11 18:10 ` Takashi Iwai 0 siblings, 0 replies; 4+ messages in thread From: Takashi Iwai @ 2016-07-11 18:10 UTC (permalink / raw) To: Peter Wu; +Cc: alsa-devel On Mon, 11 Jul 2016 19:51:06 +0200, Peter Wu wrote: > > register_vga_switcheroo() sets the PM ops from the hda structure which > is freed later in azx_free. Make sure that these ops are cleared. > > Caught by KASAN, initially noticed due to a general protection fault. > > Fixes: 246efa4a072f ("snd/hda: add runtime suspend/resume on optimus support (v4)") > Signed-off-by: Peter Wu <peter@lekensteyn.nl> > --- > Maybe Cc stable? Yes, I applied with Cc to stable now. thanks, Takashi ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-07-11 18:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20160709143857.12044-1-peter@lekensteyn.nl>
2016-07-11 10:42 ` [PATCH] snd/hda: fix use-after-free after module unload Takashi Iwai
2016-07-11 17:32 ` Peter Wu
2016-07-11 17:51 ` [PATCH v2] " Peter Wu
2016-07-11 18:10 ` Takashi Iwai
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.