From 857eade4e6611cd2e72c447ffa016e1b4f00b354 Mon Sep 17 00:00:00 2001 From: Pierre-Louis Bossart Date: Tue, 14 May 2019 13:48:41 -0500 Subject: [PATCH] ASoC: SOF: core: fix error handling with the probe workqueue BugLink: https://bugs.launchpad.net/bugs/1826181 In some configurations, it's a requirement to split the probe in two, with a second part handled in a workqueue (e.g. for HDMI support which depends on the DRM modules). SOF already handles these configurations but the error flow is incorrect. When an error occurs in the workqueue, the probe has technically already completed. If we release the resources on errors, this generates kernel oops/use-after-free when the resources are released a second time on module removal. GitHub issue: https://github.com/thesofproject/linux/issues/945 Signed-off-by: Pierre-Louis Bossart (cherry picked from commit cbdcbcd38cc6f420241ed8e781e98605836e5c95 git://github.com/thesofproject/linux.git) Signed-off-by: Hui Wang Signed-off-by: Timo Aaltonen --- sound/soc/sof/core.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/sound/soc/sof/core.c b/sound/soc/sof/core.c index b2cd4fd79d95..fd287961ab1e 100644 --- a/sound/soc/sof/core.c +++ b/sound/soc/sof/core.c @@ -391,6 +391,7 @@ static int sof_probe_continue(struct snd_sof_dev *sdev) return 0; +#if !IS_ENABLED(CONFIG_SND_SOC_SOF_PROBE_WORK_QUEUE) fw_run_err: snd_sof_fw_unload(sdev); fw_load_err: @@ -399,6 +400,21 @@ static int sof_probe_continue(struct snd_sof_dev *sdev) snd_sof_free_debug(sdev); dbg_err: snd_sof_remove(sdev); +#else + + /* + * when the probe_continue is handled in a work queue, the + * probe does not fail so we don't release resources here. + * They will be released with an explicit call to + * snd_sof_device_remove() when the PCI/ACPI device is removed + */ + +fw_run_err: +fw_load_err: +ipc_err: +dbg_err: + +#endif return ret; }