-
Sylwester Nawrocki authored
When soc_init_dai_link() call at the beginning of snd_soc_instantiate_card function fails soc_cleanup_card_resources() and then snd_soc_dapm_free() gets called with an incompletely initialized card->dapm. In particular card->dapm.card is NULL and it gets dereferenced in dapm_free_widgets(). Also dapm->list is invalid and there is an invalid pointer dereference from list_del(). The function call stack (deferred probing) on Chromebook Snow where this issue has shown up in today's -next is: snd_soc_dapm_free soc_cleanup_card_resources snd_soc_instantiate_card snd_soc_register_card devm_snd_soc_register_card snow_probe In patch 70fc5373 "ASoC: core: move DAI pre-links initiation to snd_soc_instantiate_card" there is an soc_cleanup_platform() call instead of soc_cleanup_card_resources() as in current -next. soc_cleanup_platform got renamed to soc_cleanup_legacy, then removed in commit adb76b5b "ASoC: soc-core: remove legacy style dai_link". It seems in merge conflict resolution the soc_cleanup_platform() call got renamed to soc_cleanup_card_resources(), instead of being removed. Correct this by removing an unnecessary soc_cleanup_card_resources() call. Fixes: a8e99234 ("Merge branch 'asoc-5.2' into asoc-5.3") Reported-by:
Marek Szyprowski <m.szyprowski@samsung.com> Suggested-by:
Tzung-Bi Shih <tzungbi@google.com> Signed-off-by:
Sylwester Nawrocki <s.nawrocki@samsung.com> Signed-off-by:
Mark Brown <broonie@kernel.org>
07799359
