lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 15 Dec 2020 10:23:13 +0000
From:   Charles Keepax <ckeepax@...nsource.cirrus.com>
To:     Thomas Hebb <tommyhebb@...il.com>
CC:     <linux-kernel@...r.kernel.org>, Mark Brown <broonie@...nel.org>,
        <alsa-devel@...a-project.org>, Takashi Iwai <tiwai@...e.com>,
        <stable@...r.kernel.org>, Liam Girdwood <lgirdwood@...il.com>
Subject: Re: [PATCH] ASoC: dapm: remove widget from dirty list on free

On Sat, Dec 12, 2020 at 05:20:12PM -0800, Thomas Hebb wrote:
> A widget's "dirty" list_head, much like its "list" list_head, eventually
> chains back to a list_head on the snd_soc_card itself. This means that
> the list can stick around even after the widget (or all widgets) have
> been freed. Currently, however, widgets that are in the dirty list when
> freed remain there, corrupting the entire list and leading to memory
> errors and undefined behavior when the list is next accessed or
> modified.
> 
> I encountered this issue when a component failed to probe relatively
> late in snd_soc_bind_card(), causing it to bail out and call
> soc_cleanup_card_resources(), which eventually called
> snd_soc_dapm_free() with widgets that were still dirty from when they'd
> been added.
> 
> Fixes: db432b414e20 ("ASoC: Do DAPM power checks only for widgets changed since last run")
> Cc: stable@...r.kernel.org
> Signed-off-by: Thomas Hebb <tommyhebb@...il.com>
> ---
> 
>  sound/soc/soc-dapm.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
> index 7f87b449f950..148c095df27b 100644
> --- a/sound/soc/soc-dapm.c
> +++ b/sound/soc/soc-dapm.c
> @@ -2486,6 +2486,7 @@ void snd_soc_dapm_free_widget(struct snd_soc_dapm_widget *w)
>  	enum snd_soc_dapm_direction dir;
>  
>  	list_del(&w->list);
> +	list_del(&w->dirty);

I can't help but wonder if we should be taking the DAPM lock for
snd_soc_dapm_free_widgets. However your patch doesn't look like it
is making that any more scary and looks like we should be making
sure we remove the widget from the dirty list.

Reviewed-by: Charles Keepax <ckeepax@...nsource.cirrus.com>

Thanks,
Charles

Powered by blists - more mailing lists