review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Takashi Iwai <tiwai@suse.de>
	Wed, 16 Aug 2023 16:02:46 +0000 (18:02 +0200)
committer	Takashi Iwai <tiwai@suse.de>
	Thu, 17 Aug 2023 07:23:45 +0000 (09:23 +0200)
commit	bc41a7228cedc39395d032b2502975e53b7a9180
tree	aaf5b59beebc5c9616579d4b2bd279e20af07c0a	tree \| snapshot
parent	6a66b01de48855d92450904ccfafda9d692efbb9	commit \| diff

ALSA: pcm: Don't embed device

So far we use the embedded struct device for each PCM substreams in
struct snd_pcm. This may result in UAF when the delayed kobj release
is used; each corresponding struct device is still accessed at the
(delayed) device release, while the snd_pcm object may be already
gone.

As a workaround, detach the struct device from the snd_pcm object by
allocating via the new snd_device_alloc() helper.

A caveat is that we store the PCM substream pointer to drvdata since
the device resume and others require the access to it.

This patch is based on the fix Curtis posted initially. In this
patch, the changes are split and use the new helper function instead.

Link: https://lore.kernel.org/r/20230801171928.1460120-1-cujomalainey@chromium.org
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
Tested-by: Curtis Malainey <cujomalainey@chromium.org>
Link: https://lore.kernel.org/r/20230816160252.23396-4-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>

include/sound/pcm.h		diff \| blob \| history
sound/aoa/soundbus/i2sbus/pcm.c		diff \| blob \| history
sound/core/pcm.c		diff \| blob \| history
sound/usb/media.c		diff \| blob \| history