* [PATCH] ASoC: fix a use after free case
@ 2018-09-21 14:59 Guennadi Liakhovetski
0 siblings, 0 replies; only message in thread
From: Guennadi Liakhovetski @ 2018-09-21 14:59 UTC (permalink / raw)
To: alsa-devel; +Cc: Liam Girdwood
Unloading ASoC modules as used by the SOF driver leads to an object
being used after it's been freed. Fix this be clearing a reference to
it and making sure to check for its presence. This fixes issue #144.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
---
sound/soc/soc-core.c | 6 +++---
sound/soc/soc-topology.c | 5 +++++
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
index 9cfe10d8040c..dce9d53ff283 100644
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -942,9 +942,9 @@ static void soc_remove_dai(struct snd_soc_dai *dai, int order)
{
int err;
- if (dai && dai->probed &&
- dai->driver->remove_order == order) {
- if (dai->driver->remove) {
+ if (dai && dai->probed) {
+ if (dai->driver && dai->driver->remove_order == order &&
+ dai->driver->remove) {
err = dai->driver->remove(dai);
if (err < 0)
dev_err(dai->dev,
diff --git a/sound/soc/soc-topology.c b/sound/soc/soc-topology.c
index 66e77e020745..6d438ec8c0ec 100644
--- a/sound/soc/soc-topology.c
+++ b/sound/soc/soc-topology.c
@@ -502,6 +502,7 @@ static void remove_dai(struct snd_soc_component *comp,
{
struct snd_soc_dai_driver *dai_drv =
container_of(dobj, struct snd_soc_dai_driver, dobj);
+ struct snd_soc_dai *dai;
if (pass != SOC_TPLG_PASS_PCM_DAI)
return;
@@ -509,6 +510,10 @@ static void remove_dai(struct snd_soc_component *comp,
if (dobj->ops && dobj->ops->dai_unload)
dobj->ops->dai_unload(comp, dobj);
+ list_for_each_entry(dai, &comp->dai_list, list)
+ if (dai->driver == dai_drv)
+ dai->driver = NULL;
+
kfree(dai_drv->name);
list_del(&dobj->list);
kfree(dai_drv);
--
2.17.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2018-09-21 14:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-09-21 14:59 [PATCH] ASoC: fix a use after free case Guennadi Liakhovetski
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.