linux

korg/linux

mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 00:04:15 +08:00

History

robelin b4a90b543d ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object When using kernel with the following extra config, - CONFIG_KASAN=y - CONFIG_KASAN_GENERIC=y - CONFIG_KASAN_INLINE=y - CONFIG_KASAN_VMALLOC=y - CONFIG_FRAME_WARN=4096 kernel detects that snd_pcm_suspend_all() access a freed 'snd_soc_pcm_runtime' object when the system is suspended, which leads to a use-after-free bug: [ 52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270 [ 52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330 [ 52.047785] Call trace: [ 52.047787] dump_backtrace+0x0/0x3c0 [ 52.047794] show_stack+0x34/0x50 [ 52.047797] dump_stack_lvl+0x68/0x8c [ 52.047802] print_address_description.constprop.0+0x74/0x2c0 [ 52.047809] kasan_report+0x210/0x230 [ 52.047815] __asan_report_load1_noabort+0x3c/0x50 [ 52.047820] snd_pcm_suspend_all+0x1a8/0x270 [ 52.047824] snd_soc_suspend+0x19c/0x4e0 The snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before making any access. So we need to always set 'substream->runtime' to NULL everytime we kfree() it. Fixes: `a72706ed82` ("ASoC: codec2codec: remove ephemeral variables") Signed-off-by: robelin <robelin@nvidia.com> Signed-off-by: Sameer Pujar <spujar@nvidia.com> Link: https://patch.msgid.link/20240823144342.4123814-2-spujar@nvidia.com Signed-off-by: Mark Brown <broonie@kernel.org>		2024-08-23 23:07:55 +01:00
..
adi	ASoC: adi: Use -y instead of -objs in Makefile	2024-05-08 11:39:12 +09:00
amd	ASoC: allow module autoloading for table board_ids	2024-08-21 16:25:03 +01:00
apple	ASoC: apple: Use -y instead of -objs in Makefile	2024-05-08 11:39:14 +09:00
atmel	ASoC: atmel: atmel-classd: Re-add dai_link->platform to fix card init	2024-06-06 14:04:00 +01:00
au1x	ASoC: allow module autoloading for table db1200_pids	2024-08-21 16:25:02 +01:00
bcm	ASoC: bcm: Use -y instead of -objs in Makefile	2024-05-08 11:39:16 +09:00
cirrus	ASoC: cirrus: Use -y instead of -objs in Makefile	2024-05-08 11:39:17 +09:00
codecs	ASoC: cs-amp-lib: Ignore empty UEFI calibration entries	2024-08-22 17:52:26 +01:00
dwc
fsl	ASoC: fsl_micfil: Differentiate register access permission for platforms	2024-07-29 13:36:14 +01:00
generic	ASoC: simple-card: Use cleanup.h instead of devm_kfree()	2024-07-08 12:50:01 +01:00
google
hisilicon
img	ASoC: img: Use snd_soc_substream_to_rtd() for accessing private_data	2024-05-06 23:59:52 +09:00
intel	ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict	2024-08-23 11:02:53 +01:00
jz4740	ASoC: jz4740: Use -y instead of -objs in Makefile	2024-05-08 11:39:21 +09:00
kirkwood	ASoC: kirkwood: Use -y instead of -objs in Makefile	2024-05-08 11:39:21 +09:00
loongson	ASoC: loongson: Use -y instead of -objs in Makefile	2024-05-08 11:39:22 +09:00
mediatek	ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile	2024-08-14 21:56:34 +01:00
meson	ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT	2024-08-08 20:34:55 +01:00
mxs	ASoC: mxs: add missing MODULE_DESCRIPTION() macro	2024-06-03 15:59:19 +01:00
pxa	ASoC: pxa: Use -y instead of -objs in Makefile	2024-05-08 11:39:26 +09:00
qcom	ASoC: qcom: topology: Simplify with cleanup.h	2024-07-09 22:50:48 +01:00
rockchip	ASoC: Merge up fixes	2024-06-21 13:17:21 +01:00
samsung	ASoC: samsung: midas_wm1811: Fix error code in probe()	2024-06-11 17:14:00 +01:00
sh	ASoC: Constify DAI ops auto_selectable_formats	2024-06-17 18:29:02 +01:00
sof	ASoC: SOF: amd: Fix for acp init sequence	2024-08-16 13:04:31 +01:00
spear	ASoC: spear: Use -y instead of -objs in Makefile	2024-05-08 11:39:31 +09:00
sprd	ASoC: sprd: Use -y instead of -objs in Makefile	2024-05-08 11:39:32 +09:00
starfive
sti	ASoC: sti: add missing probe entry for player and reader	2024-07-29 13:36:56 +01:00
stm	ASoC: stm: Use -y instead of -objs in Makefile	2024-05-08 11:39:34 +09:00
sunxi	ASoC: sunxi: Use snd_soc_substream_to_rtd() for accessing private_data	2024-05-06 23:59:56 +09:00
tegra	ASoC: tegra: select CONFIG_SND_SIMPLE_CARD_UTILS	2024-07-22 13:04:50 +01:00
ti	Fixes for McASP and dmaengine_pcm	2024-06-12 18:26:15 +01:00
uniphier	ASoC: uniphier: Use -y instead of -objs in Makefile	2024-05-08 11:39:36 +09:00
ux500	ASoC: Add missing module descriptions	2024-05-09 08:37:35 +02:00
xilinx	ASoC: Add missing module descriptions	2024-05-09 08:37:35 +02:00
xtensa	ASoC: xtensa: Use -y instead of -objs in Makefile	2024-05-08 11:39:39 +09:00
Kconfig	ASoC: soc-card: Add KUnit test case for snd_soc_card_get_kcontrol	2024-04-02 15:54:49 +01:00
Makefile	ASoC: core: Use -y instead of -objs in Makefile	2024-05-08 11:39:11 +09:00
soc-ac97.c
soc-acpi.c
soc-card-test.c	ASoC: soc-card: soc-card-test: Fix some error handling in init()	2024-04-14 16:54:39 +09:00
soc-card.c	ASoC: soc-card: Use snd_ctl_find_id_mixer() instead of open-coding	2024-04-02 15:54:48 +01:00
soc-component.c	ASoC: soc-component: Add new snd_soc_component_get_kcontrol() helpers	2024-08-02 14:04:39 +01:00
soc-compress.c	ASoC: soc-compress: Fix and add DPCM locking	2024-03-18 14:41:51 +00:00
soc-core.c	ASoC: Constify passed data to core function	2024-06-18 14:19:54 +01:00
soc-dai.c	ASoC: Constify return of snd_soc_dai_get_pcm_stream()	2024-06-18 14:19:56 +01:00
soc-dapm.c	ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object	2024-08-23 23:07:55 +01:00
soc-devres.c
soc-generic-dmaengine-pcm.c	ALSA: dmaengine: Synchronize dma channel after drop()	2024-06-11 17:13:31 +01:00
soc-jack.c	ASoC: soc-jack: Get rid of legacy GPIO support	2024-03-26 17:13:45 +00:00
soc-link.c
soc-ops.c	ASoC: ops: Simplify with cleanup.h	2024-07-08 12:50:02 +01:00
soc-pcm.c	ASoC: Constify return of snd_soc_dai_get_pcm_stream()	2024-06-18 14:19:56 +01:00
soc-topology-test.c	ASoC: topology-test: Add missing module description	2024-05-08 20:51:10 +09:00
soc-topology.c	ASoC: topology: Unify code for creating standalone and widget enum control	2024-07-02 14:27:08 +01:00
soc-utils-test.c
soc-utils.c	ASoC: soc-utils: allow sample rate up to 768kHz for the dummy dai	2024-06-28 13:39:29 +01:00