| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Jun 2018 12:13:26 +0100
From: Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
To: broonie@...nel.org, alsa-devel@...a-project.org
Cc: linux-arm-msm@...r.kernel.org, lgirdwood@...il.com,
bgoswami@...eaurora.org, tiwai@...e.com, perex@...ex.cz,
linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
rohkumar@....qualcomm.com,
Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
Subject: [PATCH v2] ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
dapm_kcontrol_data is freed as part of dapm_kcontrol_free(), leaving the
paths pointer dangling in the list.
This leads to system crash when we try to unload and reload sound card.
I hit this bug during ADSP crash/reboot test case on Dragon board DB410c.
Without this patch, on SLAB Poisoning enabled build, kernel crashes with
"BUG kmalloc-128 (Tainted: G W ): Poison overwritten"
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
---
Changes since v1:
-remove unnecessary very long bug trace.
sound/soc/soc-dapm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
index 1e9a36389667..36a39ba30226 100644
--- a/sound/soc/soc-dapm.c
+++ b/sound/soc/soc-dapm.c
@@ -433,6 +433,8 @@ static int dapm_kcontrol_data_alloc(struct snd_soc_dapm_widget *widget,
static void dapm_kcontrol_free(struct snd_kcontrol *kctl)
{
struct dapm_kcontrol_data *data = snd_kcontrol_chip(kctl);
+
+ list_del(&data->paths);
kfree(data->wlist);
kfree(data);
}
--
2.16.2
Powered by blists - more mailing lists