[prev in list] [next in list] [prev in thread] [next in thread]
List: git-commits-head
Subject: ASoC: dapm: Fix widget double free with auto-disable DAPM kcontrol
From: "Linux Kernel Mailing List" <linux-kernel () vger ! kernel ! org>
Date: 2014-04-30 15:36:28
Message-ID: 20140430153628.2B914660394 () gitolite ! kernel ! org
[Download RAW message or body]
Gitweb: http://git.kernel.org/linus/;a=commit;h=2697e4fb9209dfe1d1b24c92d254158f63d4bc8e
Commit: 2697e4fb9209dfe1d1b24c92d254158f63d4bc8e
Parent: c9eaa447e77efe77b7fa4c953bd62de8297fd6c5
Author: Jarkko Nikula <jarkko.nikula@linux.intel.com>
AuthorDate: Tue Apr 15 16:58:09 2014 +0300
Committer: Mark Brown <broonie@linaro.org>
CommitDate: Mon Apr 21 11:49:53 2014 +0100
ASoC: dapm: Fix widget double free with auto-disable DAPM kcontrol
Commit 9e1fda4ae158 ("ASoC: dapm: Implement mixer input auto-disable")
is trying to free the widget it allocated by snd_soc_dapm_new_control()
call in dapm_kcontrol_data_alloc() by adding kfree(data->widget) to
dapm_kcontrol_free().
This is causing a widget double free with auto-disabled DAPM kcontrols
in sound card unregistration because widgets are already freed before
dapm_kcontrol_free() is called.
Reason for that is all widgets are added into dapm->card->widgets list
in snd_soc_dapm_new_control() and freed in dapm_free_widgets() during
execution of snd_soc_dapm_free().
Now snd_soc_dapm_free() calls for different DAPM contexts happens before
snd_card_free() call from where the call chain to dapm_kcontrol_free()
begins:
soc_cleanup_card_resources()
soc_remove_dai_links()
soc_remove_link_dais()
snd_soc_dapm_free(&cpu_dai->dapm)
soc_remove_link_components()
soc_remove_platform()
snd_soc_dapm_free(&platform->dapm)
soc_remove_codec()
snd_soc_dapm_free(&codec->dapm)
snd_soc_dapm_free(&card->dapm)
snd_card_free()
snd_card_do_free()
snd_device_free_all()
snd_device_free()
snd_ctl_dev_free()
snd_ctl_remove()
snd_ctl_free_one()
dapm_kcontrol_free()
This wasn't making harm with ordinary DAPM kcontrols since data->widget is NULL for
them.
Fixes: 9e1fda4ae158 (ASoC: dapm: Implement mixer input auto-disable)
Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@linaro.org>
Cc: stable@vger.kernel.org
---
sound/soc/soc-dapm.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
index c8a780d..7769b0a 100644
--- a/sound/soc/soc-dapm.c
+++ b/sound/soc/soc-dapm.c
@@ -254,7 +254,6 @@ static int dapm_kcontrol_data_alloc(struct snd_soc_dapm_widget *widget,
static void dapm_kcontrol_free(struct snd_kcontrol *kctl)
{
struct dapm_kcontrol_data *data = snd_kcontrol_chip(kctl);
- kfree(data->widget);
kfree(data->wlist);
kfree(data);
}
--
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic