review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Takashi Iwai <tiwai@suse.de>
	Wed, 16 Aug 2023 16:02:45 +0000 (18:02 +0200)
committer	Takashi Iwai <tiwai@suse.de>
	Thu, 17 Aug 2023 07:23:30 +0000 (09:23 +0200)
commit	6a66b01de48855d92450904ccfafda9d692efbb9
tree	fb71a8695685b90362ee203b8b281e53e31fae29	tree \| snapshot
parent	7f018db19bf7cb5ba3e39ed9e51c8c5f2488dfb0	commit \| diff

ALSA: control: Don't embed ctl_dev

Embedding the ctl_dev in the snd_card object may result in UAF when
the delayed kobj release is used; at the delayed kobj release, it
still accesses the struct device itself while the card memory (that
embeds the struct device) may be already gone.

As a workaround, detach the struct device from the card object by
allocating via the new snd_device_alloc() helper. The rest are just
replacing ctl_dev access to the pointer.

This is based on the fix Curtis posted initially. In this patch, the
changes are split and use the new helper function instead.

Link: https://lore.kernel.org/r/20230801171928.1460120-1-cujomalainey@chromium.org
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
Tested-by: Curtis Malainey <cujomalainey@chromium.org>
Link: https://lore.kernel.org/r/20230816160252.23396-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>

include/sound/core.h		diff \| blob \| history
sound/core/control.c		diff \| blob \| history
sound/core/control_led.c		diff \| blob \| history
sound/usb/media.c		diff \| blob \| history