* Re: [PATCH] snd/hda: fix use-after-free after module unload
[not found] <20160709143857.12044-1-peter@lekensteyn.nl>
@ 2016-07-11 10:42 ` Takashi Iwai
2016-07-11 17:32 ` Peter Wu
2016-07-11 17:51 ` [PATCH v2] " Peter Wu
0 siblings, 2 replies; 4+ messages in thread
From: Takashi Iwai @ 2016-07-11 10:42 UTC (permalink / raw)
To: Peter Wu; +Cc: alsa-devel
On Sat, 09 Jul 2016 16:38:57 +0200,
Peter Wu wrote:
>
> register_vga_switcheroo() sets the PM ops from the hda structure which
> is freed later in azx_free. Make sure that these ops are cleared.
>
> Caught by KASAN.
>
> Fixes: 246efa4a072f ("snd/hda: add runtime suspend/resume on optimus support (v4)")
> Signed-off-by: Peter Wu <peter@lekensteyn.nl>
> ---
> sound/pci/hda/hda_intel.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
> index 94089fc..a339066 100644
> --- a/sound/pci/hda/hda_intel.c
> +++ b/sound/pci/hda/hda_intel.c
> @@ -1219,6 +1219,7 @@ static int azx_free(struct azx *chip)
> snd_hda_unlock_devices(&chip->bus);
> if (hda->vga_switcheroo_registered)
> vga_switcheroo_unregister_client(chip->pci);
> + vga_switcheroo_fini_domain_pm_ops(chip->card->dev);
The domain pm ops is set only when hda->vga_switcheroo_registered flag
is set. So the call should be in the previous if block.
Also, the indentation looks wrong. Please use the correct
indentation.
Could you resubmit with these fixes?
thanks,
Takashi
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] snd/hda: fix use-after-free after module unload
2016-07-11 10:42 ` [PATCH] snd/hda: fix use-after-free after module unload Takashi Iwai
@ 2016-07-11 17:32 ` Peter Wu
2016-07-11 17:51 ` [PATCH v2] " Peter Wu
1 sibling, 0 replies; 4+ messages in thread
From: Peter Wu @ 2016-07-11 17:32 UTC (permalink / raw)
To: Takashi Iwai; +Cc: alsa-devel
On Mon, Jul 11, 2016 at 12:42:27PM +0200, Takashi Iwai wrote:
> On Sat, 09 Jul 2016 16:38:57 +0200,
> Peter Wu wrote:
> >
> > register_vga_switcheroo() sets the PM ops from the hda structure which
> > is freed later in azx_free. Make sure that these ops are cleared.
> >
> > Caught by KASAN.
> >
> > Fixes: 246efa4a072f ("snd/hda: add runtime suspend/resume on optimus support (v4)")
> > Signed-off-by: Peter Wu <peter@lekensteyn.nl>
> > ---
> > sound/pci/hda/hda_intel.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
> > index 94089fc..a339066 100644
> > --- a/sound/pci/hda/hda_intel.c
> > +++ b/sound/pci/hda/hda_intel.c
> > @@ -1219,6 +1219,7 @@ static int azx_free(struct azx *chip)
> > snd_hda_unlock_devices(&chip->bus);
> > if (hda->vga_switcheroo_registered)
> > vga_switcheroo_unregister_client(chip->pci);
> > + vga_switcheroo_fini_domain_pm_ops(chip->card->dev);
>
> The domain pm ops is set only when hda->vga_switcheroo_registered flag
> is set. So the call should be in the previous if block.
Yes that would be cleaner, will do that.
> Also, the indentation looks wrong. Please use the correct
> indentation.
Noticed too late that the editor config was wrong on the testing
machine.
> Could you resubmit with these fixes?
I will, thanks for the feedback!
--
Kind regards,
Peter Wu
https://lekensteyn.nl
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2] snd/hda: fix use-after-free after module unload
2016-07-11 10:42 ` [PATCH] snd/hda: fix use-after-free after module unload Takashi Iwai
2016-07-11 17:32 ` Peter Wu
@ 2016-07-11 17:51 ` Peter Wu
2016-07-11 18:10 ` Takashi Iwai
1 sibling, 1 reply; 4+ messages in thread
From: Peter Wu @ 2016-07-11 17:51 UTC (permalink / raw)
To: Takashi Iwai; +Cc: alsa-devel
register_vga_switcheroo() sets the PM ops from the hda structure which
is freed later in azx_free. Make sure that these ops are cleared.
Caught by KASAN, initially noticed due to a general protection fault.
Fixes: 246efa4a072f ("snd/hda: add runtime suspend/resume on optimus support (v4)")
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
---
Maybe Cc stable?
---
sound/pci/hda/hda_intel.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
index 94089fc..4aeed98 100644
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -1217,8 +1217,10 @@ static int azx_free(struct azx *chip)
if (use_vga_switcheroo(hda)) {
if (chip->disabled && hda->probe_continued)
snd_hda_unlock_devices(&chip->bus);
- if (hda->vga_switcheroo_registered)
+ if (hda->vga_switcheroo_registered) {
vga_switcheroo_unregister_client(chip->pci);
+ vga_switcheroo_fini_domain_pm_ops(chip->card->dev);
+ }
}
if (bus->chip_init) {
--
2.9.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2] snd/hda: fix use-after-free after module unload
2016-07-11 17:51 ` [PATCH v2] " Peter Wu
@ 2016-07-11 18:10 ` Takashi Iwai
0 siblings, 0 replies; 4+ messages in thread
From: Takashi Iwai @ 2016-07-11 18:10 UTC (permalink / raw)
To: Peter Wu; +Cc: alsa-devel
On Mon, 11 Jul 2016 19:51:06 +0200,
Peter Wu wrote:
>
> register_vga_switcheroo() sets the PM ops from the hda structure which
> is freed later in azx_free. Make sure that these ops are cleared.
>
> Caught by KASAN, initially noticed due to a general protection fault.
>
> Fixes: 246efa4a072f ("snd/hda: add runtime suspend/resume on optimus support (v4)")
> Signed-off-by: Peter Wu <peter@lekensteyn.nl>
> ---
> Maybe Cc stable?
Yes, I applied with Cc to stable now.
thanks,
Takashi
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-07-11 18:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20160709143857.12044-1-peter@lekensteyn.nl>
2016-07-11 10:42 ` [PATCH] snd/hda: fix use-after-free after module unload Takashi Iwai
2016-07-11 17:32 ` Peter Wu
2016-07-11 17:51 ` [PATCH v2] " Peter Wu
2016-07-11 18:10 ` Takashi Iwai
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.