This patchset fixes a memory allocation issue and removes a 100%
reproducible use-after-free report thrown by KASAN in automated module
removal tests across multiple platforms.
All the credit goes to Bard Liao for root-causing the issue. DAIs may
be registered at the same time as a component, or when the topology is
loaded. This two-step registration causes the memory for
topology-based DAIs to allocated last, and conversely to be released
first by devres, before the component is released and the DAIs removed
from the component DAI list with snd_soc_unregister_dais().
When we remove a component, by the time we walk through its dai list
to unregister all dais, the dais allocated by the topology have been
freed already by devres and the list is corrupted with pointers that
are no longer valid.
The suggestion is to add an explicit devm_ based registration for
topology-based dais, so that each dai is cleanly removed from the
component dai list in the release operation before devres releases the
allocated memory.
Pierre-Louis Bossart (2):
ASoC: soc-devres: add devm_snd_soc_register_dai()
ASoC: soc-topology: use devm_snd_soc_register_dai()
include/sound/soc.h | 4 ++++
sound/soc/soc-devres.c | 37 +++++++++++++++++++++++++++++++++++++
sound/soc/soc-topology.c | 3 +--
3 files changed, 42 insertions(+), 2 deletions(-)
--
2.20.1
4036d05c38