[alsa-devel] [PATCH] snd/hda: fix use-after-free after module unload
Peter Wu
peter at lekensteyn.nl
Mon Jul 11 19:32:05 CEST 2016
On Mon, Jul 11, 2016 at 12:42:27PM +0200, Takashi Iwai wrote:
> On Sat, 09 Jul 2016 16:38:57 +0200,
> Peter Wu wrote:
> >
> > register_vga_switcheroo() sets the PM ops from the hda structure which
> > is freed later in azx_free. Make sure that these ops are cleared.
> >
> > Caught by KASAN.
> >
> > Fixes: 246efa4a072f ("snd/hda: add runtime suspend/resume on optimus support (v4)")
> > Signed-off-by: Peter Wu <peter at lekensteyn.nl>
> > ---
> > sound/pci/hda/hda_intel.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
> > index 94089fc..a339066 100644
> > --- a/sound/pci/hda/hda_intel.c
> > +++ b/sound/pci/hda/hda_intel.c
> > @@ -1219,6 +1219,7 @@ static int azx_free(struct azx *chip)
> > snd_hda_unlock_devices(&chip->bus);
> > if (hda->vga_switcheroo_registered)
> > vga_switcheroo_unregister_client(chip->pci);
> > + vga_switcheroo_fini_domain_pm_ops(chip->card->dev);
>
> The domain pm ops is set only when hda->vga_switcheroo_registered flag
> is set. So the call should be in the previous if block.
Yes that would be cleaner, will do that.
> Also, the indentation looks wrong. Please use the correct
> indentation.
Noticed too late that the editor config was wrong on the testing
machine.
> Could you resubmit with these fixes?
I will, thanks for the feedback!
--
Kind regards,
Peter Wu
https://lekensteyn.nl
More information about the Alsa-devel
mailing list