korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-01 08:04:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
4f9a714359
linux/sound/soc
History
Arseniy Krasnov 4f9a714359
ASoC: meson: axg-card: fix 'use-after-free' 
Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',
so move 'pad' pointer initialization after this function when memory is
already reallocated.

Kasan bug report:

==================================================================
BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc
Read of size 8 at addr ffff000000e8b260 by task modprobe/356

CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1
Call trace:
 dump_backtrace+0x94/0xec
 show_stack+0x18/0x24
 dump_stack_lvl+0x78/0x90
 print_report+0xfc/0x5c0
 kasan_report+0xb8/0xfc
 __asan_load8+0x9c/0xb8
 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]
 meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]
 platform_probe+0x8c/0xf4
 really_probe+0x110/0x39c
 __driver_probe_device+0xb8/0x18c
 driver_probe_device+0x108/0x1d8
 __driver_attach+0xd0/0x25c
 bus_for_each_dev+0xe0/0x154
 driver_attach+0x34/0x44
 bus_add_driver+0x134/0x294
 driver_register+0xa8/0x1e8
 __platform_driver_register+0x44/0x54
 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]
 do_one_initcall+0xdc/0x25c
 do_init_module+0x10c/0x334
 load_module+0x24c4/0x26cc
 init_module_from_file+0xd4/0x128
 __arm64_sys_finit_module+0x1f4/0x41c
 invoke_syscall+0x60/0x188
 el0_svc_common.constprop.0+0x78/0x13c
 do_el0_svc+0x30/0x40
 el0_svc+0x38/0x78
 el0t_64_sync_handler+0x100/0x12c
 el0t_64_sync+0x190/0x194

Fixes: 7864a79f37 ("ASoC: meson: add axg sound card support")
Cc: Stable@vger.kernel.org
Signed-off-by: Arseniy Krasnov <avkrasnov@salutedevices.com>
Reviewed-by: Jerome Brunet <jbrunet@baylibre.com>
Link: https://patch.msgid.link/20240911142425.598631-1-avkrasnov@salutedevices.com
Signed-off-by: Mark Brown <broonie@kernel.org>
2024-09-11 16:16:34 +01:00
..
adi ASoC: adi: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:12 +09:00
amd ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) 2024-08-29 14:08:18 +01:00
apple ASoC: apple: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:14 +09:00
atmel ASoC: atmel: atmel-classd: Re-add dai_link->platform to fix card init 2024-06-06 14:04:00 +01:00
au1x ASoC: allow module autoloading for table db1200_pids 2024-08-21 16:25:02 +01:00
bcm ASoC: bcm: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:16 +09:00
cirrus ASoC: cirrus: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:17 +09:00
codecs ASoC: codecs: avoid possible garbage value in peb2466_reg_read() 2024-09-11 13:59:26 +01:00
dwc
fsl ASoC: fsl_micfil: Differentiate register access permission for platforms 2024-07-29 13:36:14 +01:00
generic ASoC: simple-card: Use cleanup.h instead of devm_kfree() 2024-07-08 12:50:01 +01:00
google ASoC: google: fix module autoloading 2024-08-26 15:52:07 +01:00
hisilicon
img ASoC: img: Use snd_soc_substream_to_rtd() for accessing private_data 2024-05-06 23:59:52 +09:00
intel ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item 2024-09-06 12:27:18 +01:00
jz4740 ASoC: jz4740: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:21 +09:00
kirkwood ASoC: kirkwood: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:21 +09:00
loongson ASoC: loongson: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:22 +09:00
mediatek ASoC: mediatek: mt8188-mt6359: Modify key 2024-08-28 21:41:43 +01:00
meson ASoC: meson: axg-card: fix 'use-after-free' 2024-09-11 16:16:34 +01:00
mxs ASoC: mxs: add missing MODULE_DESCRIPTION() macro 2024-06-03 15:59:19 +01:00
pxa ASoC: pxa: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:26 +09:00
qcom ASoC: qcom: topology: Simplify with cleanup.h 2024-07-09 22:50:48 +01:00
rockchip ASoC: Merge up fixes 2024-06-21 13:17:21 +01:00
samsung ASoC: samsung: midas_wm1811: Fix error code in probe() 2024-06-11 17:14:00 +01:00
sh ASoC: Constify DAI ops auto_selectable_formats 2024-06-17 18:29:02 +01:00
sof ASoc: SOF: topology: Clear SOF link platform name upon unload 2024-08-28 13:01:44 +01:00
spear ASoC: spear: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:31 +09:00
sprd ASoC: sprd: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:32 +09:00
starfive
sti ASoC: sti: add missing probe entry for player and reader 2024-07-29 13:36:56 +01:00
stm ASoC: stm: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:34 +09:00
sunxi ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode 2024-08-29 15:57:07 +01:00
tegra ASoC: tegra: Fix CBB error during probe() 2024-08-23 23:07:55 +01:00
ti Fixes for McASP and dmaengine_pcm 2024-06-12 18:26:15 +01:00
uniphier ASoC: uniphier: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:36 +09:00
ux500 ASoC: Add missing module descriptions 2024-05-09 08:37:35 +02:00
xilinx ASoC: Add missing module descriptions 2024-05-09 08:37:35 +02:00
xtensa ASoC: xtensa: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:39 +09:00
Kconfig ASoC: soc-card: Add KUnit test case for snd_soc_card_get_kcontrol 2024-04-02 15:54:49 +01:00
Makefile ASoC: core: Use *-y instead of *-objs in Makefile 2024-05-08 11:39:11 +09:00
soc-ac97.c
soc-acpi.c
soc-card-test.c ASoC: soc-card: soc-card-test: Fix some error handling in init() 2024-04-14 16:54:39 +09:00
soc-card.c ASoC: soc-card: Use snd_ctl_find_id_mixer() instead of open-coding 2024-04-02 15:54:48 +01:00
soc-component.c ASoC: soc-component: Add new snd_soc_component_get_kcontrol() helpers 2024-08-02 14:04:39 +01:00
soc-compress.c ASoC: soc-compress: Fix and add DPCM locking 2024-03-18 14:41:51 +00:00
soc-core.c ASoC: Constify passed data to core function 2024-06-18 14:19:54 +01:00
soc-dai.c ASoC: Constify return of snd_soc_dai_get_pcm_stream() 2024-06-18 14:19:56 +01:00
soc-dapm.c ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object 2024-08-23 23:07:55 +01:00
soc-devres.c
soc-generic-dmaengine-pcm.c ALSA: dmaengine: Synchronize dma channel after drop() 2024-06-11 17:13:31 +01:00
soc-jack.c ASoC: soc-jack: Get rid of legacy GPIO support 2024-03-26 17:13:45 +00:00
soc-link.c
soc-ops.c ASoC: ops: Simplify with cleanup.h 2024-07-08 12:50:02 +01:00
soc-pcm.c ASoC: Constify return of snd_soc_dai_get_pcm_stream() 2024-06-18 14:19:56 +01:00
soc-topology-test.c ASoC: topology-test: Add missing module description 2024-05-08 20:51:10 +09:00
soc-topology.c ASoC: topology: Unify code for creating standalone and widget enum control 2024-07-02 14:27:08 +01:00
soc-utils-test.c
soc-utils.c ASoC: soc-utils: allow sample rate up to 768kHz for the dummy dai 2024-06-28 13:39:29 +01:00