Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-08 14:13:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e19bf49e90
linux-stable/sound/soc/meson
History
Arseniy Krasnov e1a199ec31 ASoC: meson: axg-card: fix 'use-after-free' 
commit 4f9a714359 upstream.

Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',
so move 'pad' pointer initialization after this function when memory is
already reallocated.

Kasan bug report:

==================================================================
BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc
Read of size 8 at addr ffff000000e8b260 by task modprobe/356

CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1
Call trace:
 dump_backtrace+0x94/0xec
 show_stack+0x18/0x24
 dump_stack_lvl+0x78/0x90
 print_report+0xfc/0x5c0
 kasan_report+0xb8/0xfc
 __asan_load8+0x9c/0xb8
 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]
 meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]
 platform_probe+0x8c/0xf4
 really_probe+0x110/0x39c
 __driver_probe_device+0xb8/0x18c
 driver_probe_device+0x108/0x1d8
 __driver_attach+0xd0/0x25c
 bus_for_each_dev+0xe0/0x154
 driver_attach+0x34/0x44
 bus_add_driver+0x134/0x294
 driver_register+0xa8/0x1e8
 __platform_driver_register+0x44/0x54
 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]
 do_one_initcall+0xdc/0x25c
 do_init_module+0x10c/0x334
 load_module+0x24c4/0x26cc
 init_module_from_file+0xd4/0x128
 __arm64_sys_finit_module+0x1f4/0x41c
 invoke_syscall+0x60/0x188
 el0_svc_common.constprop.0+0x78/0x13c
 do_el0_svc+0x30/0x40
 el0_svc+0x38/0x78
 el0t_64_sync_handler+0x100/0x12c
 el0t_64_sync+0x190/0x194

Fixes: 7864a79f37 ("ASoC: meson: add axg sound card support")
Cc: Stable@vger.kernel.org
Signed-off-by: Arseniy Krasnov <avkrasnov@salutedevices.com>
Reviewed-by: Jerome Brunet <jbrunet@baylibre.com>
Link: https://patch.msgid.link/20240911142425.598631-1-avkrasnov@salutedevices.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-09-18 19:23:06 +02:00
..
aiu-acodec-ctrl.c ASoC: meson: Remove now redundant non_legacy_dai_naming flag 2022-06-27 13:16:48 +01:00
aiu-codec-ctrl.c ASoC: meson: Remove now redundant non_legacy_dai_naming flag 2022-06-27 13:16:48 +01:00
aiu-encoder-i2s.c ASoC: meson: Rename set_fmt_new back to set_fmt 2022-06-06 12:34:06 +01:00
aiu-encoder-spdif.c ASoC: meson: aiu: Fix spelling mistake "Unsupport" -> "Unsupported" 2021-09-27 13:01:07 +01:00
aiu-fifo-i2s.c ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s 2021-12-14 17:15:32 +00:00
aiu-fifo-spdif.c ASoC: meson: Use managed DMA buffer allocation 2020-12-28 12:24:46 +00:00
aiu-fifo.c ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() 2021-12-14 17:15:29 +00:00
aiu-fifo.h ASoC: meson: aiu: add i2s and spdif support 2020-02-13 20:57:22 +00:00
aiu.c ASoC: meson: aiu: fix function pointer type mismatch 2024-03-26 18:20:48 -04:00
aiu.h ASoC: meson: aiu: fix function pointer type mismatch 2024-03-26 18:20:48 -04:00
axg-card.c ASoC: meson: axg-card: fix 'use-after-free' 2024-09-18 19:23:06 +02:00
axg-fifo.c ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT 2024-08-14 13:52:54 +02:00
axg-fifo.h ASoC: meson: axg-fifo: use FIELD helpers 2024-05-17 11:55:59 +02:00
axg-frddr.c ASoC: meson: axg-fifo: use FIELD helpers 2024-05-17 11:55:59 +02:00
axg-pdm.c ASoC: meson: Migrate to new style legacy DAI naming flag 2022-06-27 13:16:28 +01:00
axg-spdifin.c ASoC: meson: spdifin: start hw on dai probe 2023-10-06 14:56:35 +02:00
axg-spdifout.c ASoC: meson: Migrate to new style legacy DAI naming flag 2022-06-27 13:16:28 +01:00
axg-tdm-formatter.c ASoC: meson: axg-tdm-formatter: fix channel slot allocation 2023-08-23 17:52:37 +02:00
axg-tdm-formatter.h ASoC: meson: axg-tdm-formatters: fix sclk inversion 2020-07-30 19:45:01 +01:00
axg-tdm-interface.c ASoC: meson: axg-tdm-interface: manage formatters in trigger 2024-05-17 11:56:00 +02:00
axg-tdm.h ASoC: meson: axg-tdm: fix sample clock inversion 2019-06-13 19:44:02 +01:00
axg-tdmin.c ASoC: meson: axg-tdmin: remove useless assignment 2021-03-31 18:03:17 +01:00
axg-tdmout.c ASoC: meson: axg-tdmout: remove useless assignment 2021-03-31 18:03:18 +01:00
axg-toddr.c ASoC: meson: axg-fifo: use FIELD helpers 2024-05-17 11:55:59 +02:00
g12a-toacodec.c ASoC: meson: g12a-toacodec: Fix event generation 2024-01-10 17:10:25 +01:00
g12a-tohdmitx.c ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux 2024-01-10 17:10:25 +01:00
gx-card.c Merge remote-tracking branch 'asoc/for-5.9' into asoc-next 2020-07-31 19:54:03 +01:00
Kconfig ASoC: meson: cards: select SND_DYNAMIC_MINORS 2024-05-17 11:56:00 +02:00
Makefile ASoC: meson: g12a: add internal DAC glue driver 2020-02-21 16:39:04 +00:00
meson-card-utils.c ASoC: meson: Use dev_err_probe() helper 2021-12-20 12:47:17 +00:00
meson-card.h ASoC: meson: axg: extract sound card utils 2020-02-13 20:57:25 +00:00
meson-codec-glue.c ASoC: meson: remove useless initialization 2022-06-06 12:35:22 +01:00
meson-codec-glue.h ASoC: meson: g12a: extract codec-to-codec utils 2020-02-13 20:57:20 +00:00
t9015.c ASoC: meson: t9015: fix function pointer type mismatch 2024-03-26 18:20:48 -04:00