UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/sound/soc/meson
History
Arseniy Krasnov e43364f578 ASoC: meson: axg-card: fix 'use-after-free' 
commit 4f9a71435953f941969a4f017e2357db62d85a86 upstream.

Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',
so move 'pad' pointer initialization after this function when memory is
already reallocated.

Kasan bug report:

==================================================================
BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc
Read of size 8 at addr ffff000000e8b260 by task modprobe/356

CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1
Call trace:
 dump_backtrace+0x94/0xec
 show_stack+0x18/0x24
 dump_stack_lvl+0x78/0x90
 print_report+0xfc/0x5c0
 kasan_report+0xb8/0xfc
 __asan_load8+0x9c/0xb8
 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]
 meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]
 platform_probe+0x8c/0xf4
 really_probe+0x110/0x39c
 __driver_probe_device+0xb8/0x18c
 driver_probe_device+0x108/0x1d8
 __driver_attach+0xd0/0x25c
 bus_for_each_dev+0xe0/0x154
 driver_attach+0x34/0x44
 bus_add_driver+0x134/0x294
 driver_register+0xa8/0x1e8
 __platform_driver_register+0x44/0x54
 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]
 do_one_initcall+0xdc/0x25c
 do_init_module+0x10c/0x334
 load_module+0x24c4/0x26cc
 init_module_from_file+0xd4/0x128
 __arm64_sys_finit_module+0x1f4/0x41c
 invoke_syscall+0x60/0x188
 el0_svc_common.constprop.0+0x78/0x13c
 do_el0_svc+0x30/0x40
 el0_svc+0x38/0x78
 el0t_64_sync_handler+0x100/0x12c
 el0t_64_sync+0x190/0x194

Fixes: 7864a79f37 ("ASoC: meson: add axg sound card support")
Cc: Stable@vger.kernel.org
Signed-off-by: Arseniy Krasnov <avkrasnov@salutedevices.com>
Reviewed-by: Jerome Brunet <jbrunet@baylibre.com>
Link: https://patch.msgid.link/20240911142425.598631-1-avkrasnov@salutedevices.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-09-18 19:24:10 +02:00
..
Kconfig ASoC: meson: cards: select SND_DYNAMIC_MINORS 2024-05-17 12:02:05 +02:00
Makefile ASoC: meson: g12a: add internal DAC glue driver 2020-02-21 16:39:04 +00:00
aiu-acodec-ctrl.c ASoC: meson: merge DAI call back functions into ops 2023-08-14 13:10:20 +01:00
aiu-codec-ctrl.c ASoC: meson: merge DAI call back functions into ops 2023-08-14 13:10:20 +01:00
aiu-encoder-i2s.c ASoC: meson: Rename set_fmt_new back to set_fmt 2022-06-06 12:34:06 +01:00
aiu-encoder-spdif.c ASoC: meson: aiu: Fix spelling mistake "Unsupport" -> "Unsupported" 2021-09-27 13:01:07 +01:00
aiu-fifo-i2s.c ASoC: meson: merge DAI call back functions into ops 2023-08-14 13:10:20 +01:00
aiu-fifo-spdif.c ASoC: meson: merge DAI call back functions into ops 2023-08-14 13:10:20 +01:00
aiu-fifo.c ASoC: meson: use helper function 2023-01-31 11:05:03 +00:00
aiu-fifo.h ASoC: meson: aiu: add i2s and spdif support 2020-02-13 20:57:22 +00:00
aiu.c ASoC: meson: aiu: fix function pointer type mismatch 2024-03-26 18:19:48 -04:00
aiu.h ASoC: meson: aiu: fix function pointer type mismatch 2024-03-26 18:19:48 -04:00
axg-card.c ASoC: meson: axg-card: fix 'use-after-free' 2024-09-18 19:24:10 +02:00
axg-fifo.c ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT 2024-08-14 13:58:52 +02:00
axg-fifo.h ASoC: meson: axg-fifo: use FIELD helpers 2024-05-17 12:02:04 +02:00
axg-frddr.c ASoC: meson: axg-fifo: use FIELD helpers 2024-05-17 12:02:04 +02:00
axg-pdm.c ASoC: meson: merge DAI call back functions into ops 2023-08-14 13:10:20 +01:00
axg-spdifin.c ASoC: meson: spdifin: start hw on dai probe 2023-09-11 01:23:53 +01:00
axg-spdifout.c ASoC: meson: Migrate to new style legacy DAI naming flag 2022-06-27 13:16:28 +01:00
axg-tdm-formatter.c ASoC: meson: axg-tdm-formatter: fix channel slot allocation 2023-08-10 00:22:55 +01:00
axg-tdm-formatter.h ASoC: meson: axg-tdm-formatters: fix sclk inversion 2020-07-30 19:45:01 +01:00
axg-tdm-interface.c ASoC: meson: axg-tdm-interface: manage formatters in trigger 2024-05-17 12:02:04 +02:00
axg-tdm.h ASoC: meson: axg-tdm: fix sample clock inversion 2019-06-13 19:44:02 +01:00
axg-tdmin.c ASoC: meson: use helper function 2023-01-31 11:05:03 +00:00
axg-tdmout.c ASoC: meson: use helper function 2023-01-31 11:05:03 +00:00
axg-toddr.c ASoC: meson: axg-fifo: use FIELD helpers 2024-05-17 12:02:04 +02:00
g12a-toacodec.c ASoC: meson: g12a-toacodec: Fix event generation 2024-01-10 17:16:51 +01:00
g12a-tohdmitx.c ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux 2024-01-10 17:16:51 +01:00
gx-card.c ASoC: meson: use snd_soc_{of_}get_dlc() 2023-06-20 12:49:25 +01:00
meson-card-utils.c ASoC: meson: use snd_soc_{of_}get_dlc() 2023-06-20 12:49:25 +01:00
meson-card.h ASoC: meson: use snd_soc_{of_}get_dlc() 2023-06-20 12:49:25 +01:00
meson-codec-glue.c ASoC: meson: switch to use c2c_params instead of params 2023-04-05 12:16:37 +01:00
meson-codec-glue.h ASoC: meson: g12a: extract codec-to-codec utils 2020-02-13 20:57:20 +00:00
t9015.c ASoC: meson: t9015: fix function pointer type mismatch 2024-03-26 18:19:48 -04:00