MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-01-27 12:35:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
561bbd55f9
linux-imx/sound
History
Arseniy Krasnov e43364f578 ASoC: meson: axg-card: fix 'use-after-free' 
commit 4f9a714359 upstream.

Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',
so move 'pad' pointer initialization after this function when memory is
already reallocated.

Kasan bug report:

==================================================================
BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc
Read of size 8 at addr ffff000000e8b260 by task modprobe/356

CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1
Call trace:
 dump_backtrace+0x94/0xec
 show_stack+0x18/0x24
 dump_stack_lvl+0x78/0x90
 print_report+0xfc/0x5c0
 kasan_report+0xb8/0xfc
 __asan_load8+0x9c/0xb8
 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]
 meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]
 platform_probe+0x8c/0xf4
 really_probe+0x110/0x39c
 __driver_probe_device+0xb8/0x18c
 driver_probe_device+0x108/0x1d8
 __driver_attach+0xd0/0x25c
 bus_for_each_dev+0xe0/0x154
 driver_attach+0x34/0x44
 bus_add_driver+0x134/0x294
 driver_register+0xa8/0x1e8
 __platform_driver_register+0x44/0x54
 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]
 do_one_initcall+0xdc/0x25c
 do_init_module+0x10c/0x334
 load_module+0x24c4/0x26cc
 init_module_from_file+0xd4/0x128
 __arm64_sys_finit_module+0x1f4/0x41c
 invoke_syscall+0x60/0x188
 el0_svc_common.constprop.0+0x78/0x13c
 do_el0_svc+0x30/0x40
 el0_svc+0x38/0x78
 el0t_64_sync_handler+0x100/0x12c
 el0t_64_sync+0x190/0x194

Fixes: 7864a79f37 ("ASoC: meson: add axg sound card support")
Cc: Stable@vger.kernel.org
Signed-off-by: Arseniy Krasnov <avkrasnov@salutedevices.com>
Reviewed-by: Jerome Brunet <jbrunet@baylibre.com>
Link: https://patch.msgid.link/20240911142425.598631-1-avkrasnov@salutedevices.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-09-18 19:24:10 +02:00
..
ac97
aoa ALSA: aoa: Fix typos in PCM fix patch 2023-08-18 09:09:39 +02:00
arm
atmel
core ALSA: control: Apply sanity check of input values for user elements 2024-09-12 11:11:28 +02:00
drivers ALSA: pcmtest: stop timer before buffer is released 2024-01-20 11:51:42 +01:00
firewire Revert "ALSA: firewire-lib: operate for period elapse event in process context" 2024-08-11 12:47:25 +02:00
hda ALSA: hda: Add input value sanity checks to HDMI channel map controls 2024-09-12 11:11:29 +02:00
i2c
isa ALSA: cs4231: Fix -Wformat-truncation warning for longname string 2023-09-15 13:23:01 +02:00
mips
oss
parisc
pci ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx 2024-09-12 11:11:24 +02:00
pcmcia
ppc
sh ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs 2024-04-03 15:28:59 +02:00
soc ASoC: meson: axg-card: fix 'use-after-free' 2024-09-18 19:24:10 +02:00
sparc
spi
synth ALSA: emux: improve patch ioctl data validation 2024-07-05 09:33:52 +02:00
usb ALSA: usb-audio: Support Yamaha P-125 quirk entry 2024-08-29 17:33:11 +02:00
virtio
x86
xen ALSA: xen: Fix -Wformat-truncation warning 2023-09-15 13:21:35 +02:00
ac97_bus.c
Kconfig This pull request contains the following changes for UML: 2023-09-04 11:32:21 -07:00
last.c
Makefile
sound_core.c