| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Apr 2024 15:20:20 +0000
From: Chris Wulff <Chris.Wulff@...mp.com>
To: "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>
CC: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Felipe Balbi
<felipe.balbi@...ux.intel.com>,
Ruslan Bilovol <ruslan.bilovol@...il.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>,
Chris Wulff
<chris.wulff@...mp.com>
Subject: [PATCH] usb: gadget: u_audio: Clear uac pointer when freed.
This prevents use of a stale pointer if functions are called after
g_cleanup that shouldn't be. This doesn't fix any races, but converts
a possibly silent kernel memory corruption into an obvious NULL pointer
dereference report.
Fixes: eb9fecb9e69b ("usb: gadget: f_uac2: split out audio core")
Signed-off-by: Chris Wulff <chris.wulff@...mp.com>
---
v1: Split from https://lore.kernel.org/linux-usb/CO1PR17MB54190B898057616EEB3F9E51E10E2@CO1PR17MB5419.namprd17.prod.outlook.com/
drivers/usb/gadget/function/u_audio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/gadget/function/u_audio.c b/drivers/usb/gadget/function/u_audio.c
index c8e8154c59f5..ec1dceb08729 100644
--- a/drivers/usb/gadget/function/u_audio.c
+++ b/drivers/usb/gadget/function/u_audio.c
@@ -1419,6 +1419,8 @@ void g_audio_cleanup(struct g_audio *g_audio)
return;
uac = g_audio->uac;
+ g_audio->uac = NULL;
+
card = uac->card;
if (card)
snd_card_free_when_closed(card);
--
2.34.1
Powered by blists - more mailing lists