• Curtis Malainey's avatar
    ASoC: soc-core: fix init platform memory handling · 09ac6a81
    Curtis Malainey authored
    snd_soc_init_platform initializes pointers to snd_soc_dai_link which is
    statically allocated and it does this by devm_kzalloc. In the event of
    an EPROBE_DEFER the memory will be freed and the pointers are left
    dangling. snd_soc_init_platform sees the dangling pointers and assumes
    they are pointing to initialized memory and does not reallocate them on
    the second probe attempt which results in a use after free bug since
    devm has freed the memory from the first probe attempt.
    
    Since the intention for snd_soc_dai_link->platform is that it can be set
    statically by the machine driver we need to respect the pointer in the
    event we did not set it but still catch dangling pointers. The solution
    is to add a flag to track whether the pointer was dynamically allocated
    or not.
    Signed-off-by: default avatarCurtis Malainey <cujomalainey@chromium.org>
    Signed-off-by: default avatarMark Brown <broonie@kernel.org>
    09ac6a81
soc.h 53.7 KB