Merge series "ASoC: topology: fix use-after-free when removing components"...
Merge series "ASoC: topology: fix use-after-free when removing components" from Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>: This patchset fixes a memory allocation issue and removes a 100% reproducible use-after-free report thrown by KASAN in automated module removal tests across multiple platforms. All the credit goes to Bard Liao for root-causing the issue. DAIs may be registered at the same time as a component, or when the topology is loaded. This two-step registration causes the memory for topology-based DAIs to allocated last, and conversely to be released first by devres, before the component is released and the DAIs removed from the component DAI list with snd_soc_unregister_dais(). When we remove a component, by the time we walk through its dai list to unregister all dais, the dais allocated by the topology have been freed already by devres and the list is corrupted with pointers that are no longer valid. The suggestion is to add an explicit devm_ based registration for topology-based dais, so that each dai is cleanly removed from the component dai list in the release operation before devres releases the allocated memory. Pierre-Louis Bossart (2): ASoC: soc-devres: add devm_snd_soc_register_dai() ASoC: soc-topology: use devm_snd_soc_register_dai() include/sound/soc.h | 4 ++++ sound/soc/soc-devres.c | 37 +++++++++++++++++++++++++++++++++++++ sound/soc/soc-topology.c | 3 +-- 3 files changed, 42 insertions(+), 2 deletions(-) -- 2.20.1
Please register or sign in to comment