From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Stable@vger.kernel.org,
Arseniy Krasnov <avkrasnov@salutedevices.com>,
Jerome Brunet <jbrunet@baylibre.com>,
Mark Brown <broonie@kernel.org>
Subject: [PATCH 6.6 90/91] ASoC: meson: axg-card: fix use-after-free
Date: Mon, 16 Sep 2024 13:45:06 +0200 [thread overview]
Message-ID: <20240916114227.417431995@linuxfoundation.org> (raw)
In-Reply-To: <20240916114224.509743970@linuxfoundation.org>
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arseniy Krasnov <avkrasnov@salutedevices.com>
commit 4f9a71435953f941969a4f017e2357db62d85a86 upstream.
Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',
so move 'pad' pointer initialization after this function when memory is
already reallocated.
Kasan bug report:
==================================================================
BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc
Read of size 8 at addr ffff000000e8b260 by task modprobe/356
CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1
Call trace:
dump_backtrace+0x94/0xec
show_stack+0x18/0x24
dump_stack_lvl+0x78/0x90
print_report+0xfc/0x5c0
kasan_report+0xb8/0xfc
__asan_load8+0x9c/0xb8
axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]
meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]
platform_probe+0x8c/0xf4
really_probe+0x110/0x39c
__driver_probe_device+0xb8/0x18c
driver_probe_device+0x108/0x1d8
__driver_attach+0xd0/0x25c
bus_for_each_dev+0xe0/0x154
driver_attach+0x34/0x44
bus_add_driver+0x134/0x294
driver_register+0xa8/0x1e8
__platform_driver_register+0x44/0x54
axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]
do_one_initcall+0xdc/0x25c
do_init_module+0x10c/0x334
load_module+0x24c4/0x26cc
init_module_from_file+0xd4/0x128
__arm64_sys_finit_module+0x1f4/0x41c
invoke_syscall+0x60/0x188
el0_svc_common.constprop.0+0x78/0x13c
do_el0_svc+0x30/0x40
el0_svc+0x38/0x78
el0t_64_sync_handler+0x100/0x12c
el0t_64_sync+0x190/0x194
Fixes: 7864a79f37b5 ("ASoC: meson: add axg sound card support")
Cc: Stable@vger.kernel.org
Signed-off-by: Arseniy Krasnov <avkrasnov@salutedevices.com>
Reviewed-by: Jerome Brunet <jbrunet@baylibre.com>
Link: https://patch.msgid.link/20240911142425.598631-1-avkrasnov@salutedevices.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/meson/axg-card.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/sound/soc/meson/axg-card.c
+++ b/sound/soc/meson/axg-card.c
@@ -104,7 +104,7 @@ static int axg_card_add_tdm_loopback(str
int *index)
{
struct meson_card *priv = snd_soc_card_get_drvdata(card);
- struct snd_soc_dai_link *pad = &card->dai_link[*index];
+ struct snd_soc_dai_link *pad;
struct snd_soc_dai_link *lb;
struct snd_soc_dai_link_component *dlc;
int ret;
@@ -114,6 +114,7 @@ static int axg_card_add_tdm_loopback(str
if (ret)
return ret;
+ pad = &card->dai_link[*index];
lb = &card->dai_link[*index + 1];
lb->name = devm_kasprintf(card->dev, GFP_KERNEL, "%s-lb", pad->name);
next prev parent reply other threads:[~2024-09-16 12:11 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-16 11:43 [PATCH 6.6 00/91] 6.6.52-rc1 review Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 01/91] device property: Add cleanup.h based fwnode_handle_put() scope based cleanup Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 02/91] device property: Introduce device_for_each_child_node_scoped() Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 03/91] iio: adc: ad7124: Switch from of specific to fwnode based property handling Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 04/91] iio: adc: ad7124: fix DT configuration parsing Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 05/91] nvmem: core: add nvmem_dev_size() helper Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 06/91] nvmem: u-boot-env: use nvmem_add_one_cell() nvmem subsystem helper Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 07/91] nvmem: u-boot-env: use nvmem device helpers Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 08/91] nvmem: u-boot-env: improve coding style Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 09/91] nvmem: u-boot-env: error if NVMEM device is too small Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 10/91] ksmbd: override fsids for share path check Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 11/91] ksmbd: override fsids for smb2_query_info() Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 12/91] usbnet: ipheth: remove extraneous rx URB length check Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 13/91] usbnet: ipheth: drop RX URBs with no payload Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 14/91] usbnet: ipheth: do not stop RX on failing RX callback Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 15/91] usbnet: ipheth: fix carrier detection in modes 1 and 4 Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 16/91] net: ethernet: use ip_hdrlen() instead of bit shift Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 17/91] drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 18/91] drm: panel-orientation-quirks: Add quirk for Ayn Loki Max Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 19/91] net: phy: vitesse: repair vsc73xx autonegotiation Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 20/91] powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 21/91] wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 22/91] net: hns3: use correct release function during uninitialization Greg Kroah-Hartman
2024-09-16 11:43 ` [PATCH 6.6 23/91] btrfs: update target inodes ctime on unlink Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 24/91] Input: ads7846 - ratelimit the spi_sync error message Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 25/91] Input: synaptics - enable SMBus for HP Elitebook 840 G2 Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 26/91] HID: multitouch: Add support for GT7868Q Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 27/91] scripts: kconfig: merge_config: config files: add a trailing newline Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 28/91] platform/surface: aggregator_registry: Add Support for Surface Pro 10 Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 29/91] platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 30/91] drm/msm/adreno: Fix error return if missing firmware-name Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 31/91] Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 32/91] s390/mm: Prevent lowcore vs identity mapping overlap Greg Kroah-Hartman
2024-09-17 11:06 ` Alexander Gordeev
2024-09-17 11:15 ` Greg Kroah-Hartman
2024-09-17 15:17 ` Alexander Gordeev
2024-09-18 6:17 ` Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 33/91] smb/server: fix return value of smb2_open() Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 34/91] NFSv4: Fix clearing of layout segments in layoutreturn Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 35/91] NFS: Avoid unnecessary rescanning of the per-server delegation list Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 36/91] platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 37/91] platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 38/91] mptcp: pm: Fix uaf in __timer_delete_sync Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 39/91] selftests: mptcp: join: restrict fullmesh endp on 1st sf Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 40/91] arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 41/91] arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog " Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 42/91] minmax: reduce min/max macro expansion in atomisp driver Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 43/91] net: tighten bad gso csum offset check in virtio_net_hdr Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 44/91] dm-integrity: fix a race condition when accessing recalc_sector Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 45/91] x86/hyperv: fix kexec crash due to VP assist page corruption Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 46/91] mm: avoid leaving partial pfn mappings around in error case Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 47/91] net: xilinx: axienet: Fix race in axienet_stop Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 48/91] arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 49/91] drm/amd/display: Disable error correction if its not supported Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 50/91] drm/amd/display: Fix FEC_READY write on DP LT Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 51/91] eeprom: digsy_mtc: Fix 93xx46 driver probe failure Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 52/91] cxl/core: Fix incorrect vendor debug UUID define Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 53/91] selftests/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected() Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 54/91] hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 55/91] ice: Fix lldp packets dropping after changing the number of channels Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 56/91] ice: fix accounting for filters shared by multiple VSIs Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 57/91] ice: fix VSI lists confusion when adding VLANs Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 58/91] igb: Always call igb_xdp_ring_update_tail() under Tx lock Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 59/91] net/mlx5: Update the list of the PCI supported devices Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 60/91] net/mlx5e: Add missing link modes to ptys2ethtool_map Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 61/91] IB/mlx5: Rename 400G_8X speed to comply to naming convention Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 62/91] net/mlx5e: Add missing link mode to ptys2ext_ethtool_map Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 63/91] net/mlx5: Explicitly set scheduling element and TSAR type Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 64/91] net/mlx5: Add missing masks and QoS bit masks for scheduling elements Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 65/91] net/mlx5: Correct TASR typo into TSAR Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 66/91] net/mlx5: Verify support for scheduling element and TSAR type Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 67/91] net/mlx5: Fix bridge mode operations when there are no VFs Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 68/91] fou: fix initialization of grc Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 69/91] octeontx2-af: Modify SMQ flush sequence to drop packets Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 70/91] net: ftgmac100: Enable TX interrupt to avoid TX timeout Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 71/91] selftests: net: csum: Fix checksums for packets with non-zero padding Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 72/91] netfilter: nft_socket: fix sk refcount leaks Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 73/91] netfilter: nft_socket: make cgroupsv2 matching work with namespaces Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 74/91] net: dsa: felix: ignore pending status of TAS module when its disabled Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 75/91] net: dpaa: Pad packets to ETH_ZLEN Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 76/91] tracing/osnoise: Fix build when timerlat is not enabled Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 77/91] spi: nxp-fspi: fix the KASAN report out-of-bounds bug Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 78/91] soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 79/91] drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 80/91] dma-buf: heaps: Fix off-by-one in CMA heap fault handler Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 81/91] drm/nouveau/fb: restore init() for ramgp102 Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 82/91] drm/amdgpu/atomfirmware: Silence UBSAN warning Greg Kroah-Hartman
2024-09-16 11:44 ` [PATCH 6.6 83/91] drm/amd/amdgpu: apply command submission parser for JPEG v1 Greg Kroah-Hartman
2024-09-16 11:45 ` [PATCH 6.6 84/91] spi: geni-qcom: Undo runtime PM changes at driver exit time Greg Kroah-Hartman
2024-09-16 11:45 ` [PATCH 6.6 85/91] spi: geni-qcom: Fix incorrect free_irq() sequence Greg Kroah-Hartman
2024-09-16 11:45 ` [PATCH 6.6 86/91] drm/i915/guc: prevent a possible int overflow in wq offsets Greg Kroah-Hartman
2024-09-16 11:45 ` [PATCH 6.6 87/91] ASoC: codecs: avoid possible garbage value in peb2466_reg_read() Greg Kroah-Hartman
2024-09-16 11:45 ` [PATCH 6.6 88/91] cifs: Fix signature miscalculation Greg Kroah-Hartman
2024-09-16 11:45 ` [PATCH 6.6 89/91] pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID Greg Kroah-Hartman
2024-09-16 11:45 ` Greg Kroah-Hartman [this message]
2024-09-16 11:45 ` [PATCH 6.6 91/91] riscv: dts: starfive: add assigned-clock* to limit frquency Greg Kroah-Hartman
2024-09-16 14:10 ` [PATCH 6.6 00/91] 6.6.52-rc1 review Takeshi Ogasawara
2024-09-16 16:29 ` Harshit Mogalapalli
2024-09-16 18:12 ` Peter Schneider
2024-09-17 9:56 ` Mark Brown
2024-09-17 10:30 ` Naresh Kamboju
2024-09-18 6:17 ` Greg Kroah-Hartman
2024-09-17 15:19 ` Jon Hunter
2024-09-17 21:44 ` Florian Fainelli
2024-09-17 22:35 ` Ron Economos
2024-09-18 10:03 ` Kexy Biscuit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240916114227.417431995@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=avkrasnov@salutedevices.com \
--cc=broonie@kernel.org \
--cc=jbrunet@baylibre.com \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).