lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Nov 2016 11:25:01 +0100 From: Takashi Iwai <tiwai@...e.de> To: Shuah Khan <shuahkhan@...il.com> Cc: alsa-devel@...a-project.org, shuahkh@....samsung.com, LKML <linux-kernel@...r.kernel.org> Subject: Re: BUG: KASAN: use-after-free in snd_usb_audio_free On Sat, 12 Nov 2016 00:34:38 +0100, Shuah Khan wrote: > > Hi Takashi, > > I am seeing the following use-after-free error when I disconnect an > USB speaker. I saw this on 4.9-rc4 and 4.8.7. There might be race > condition between the disconnect and pcm close perhaps. Thanks, this looks like a new discovery. Could you check whether the patch below works? Takashi --- diff --git a/sound/usb/card.c b/sound/usb/card.c index 9e5276d6dda0..2ddc034673a8 100644 --- a/sound/usb/card.c +++ b/sound/usb/card.c @@ -315,7 +315,8 @@ static int snd_usb_audio_free(struct snd_usb_audio *chip) snd_usb_endpoint_free(ep); mutex_destroy(&chip->mutex); - dev_set_drvdata(&chip->dev->dev, NULL); + if (!atomic_read(&chip->shutdown)) + dev_set_drvdata(&chip->dev->dev, NULL); kfree(chip); return 0; }
Powered by blists - more mailing lists