[alsa-devel] [PATCH] snd/hda: fix use-after-free after module unload
Takashi Iwai
tiwai at suse.de
Mon Jul 11 12:42:27 CEST 2016
On Sat, 09 Jul 2016 16:38:57 +0200,
Peter Wu wrote:
>
> register_vga_switcheroo() sets the PM ops from the hda structure which
> is freed later in azx_free. Make sure that these ops are cleared.
>
> Caught by KASAN.
>
> Fixes: 246efa4a072f ("snd/hda: add runtime suspend/resume on optimus support (v4)")
> Signed-off-by: Peter Wu <peter at lekensteyn.nl>
> ---
> sound/pci/hda/hda_intel.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
> index 94089fc..a339066 100644
> --- a/sound/pci/hda/hda_intel.c
> +++ b/sound/pci/hda/hda_intel.c
> @@ -1219,6 +1219,7 @@ static int azx_free(struct azx *chip)
> snd_hda_unlock_devices(&chip->bus);
> if (hda->vga_switcheroo_registered)
> vga_switcheroo_unregister_client(chip->pci);
> + vga_switcheroo_fini_domain_pm_ops(chip->card->dev);
The domain pm ops is set only when hda->vga_switcheroo_registered flag
is set. So the call should be in the previous if block.
Also, the indentation looks wrong. Please use the correct
indentation.
Could you resubmit with these fixes?
thanks,
Takashi
More information about the Alsa-devel
mailing list