On Wed, 16 Aug 2023 18:02:43 +0200, Takashi Iwai wrote: > > Hi, > > this is another set of patches to attempt papering over the UAF > problems that are seen when the delayed kobject release is enabled, as > initially reported by Curtis: > https://lore.kernel.org/r/20230801171928.1460120-1-cujomalainey@xxxxxxxxxxxx > > There was a previous patch set with a different approach (using the > device refcount dependencies), but this is a sort of step-back to the > old way. > https://lore.kernel.org/r/20230807135207.17708-1-tiwai@xxxxxxx > > After discussions and evaluations, we agreed that decoupling the > struct device from each sound component object is the safest (and > easiest) way as of now. For applying the changes more consistently, I > introduced a new helper for the struct device allocation and > initialization, and applied all components. > > A couple of more changes for card_dev refcount managed aren't included > in this patch set, though. They might be good to have, but this patch > set should suffice for the currently seen UAF problems. > > For a long-term solution, we may restructure the device management, > then the struct devices may be embedded again in each object. But, > it'll need lots of other changes and cleanups, a big TODO. > > The latest patches are found in topic/dev-split branch of sound.git > tree. > > > Takashi > > === > > Takashi Iwai (9): > ALSA: core: Introduce snd_device_alloc() > ALSA: control: Don't embed ctl_dev > ALSA: pcm: Don't embed device > ALSA: hwdep: Don't embed device > ALSA: rawmidi: Don't embed device > ALSA: compress: Don't embed device > ALSA: timer: Create device with snd_device_alloc() > ALSA: seq: Create device with snd_device_alloc() > ALSA: core: Drop snd_device_initialize() Although the patch set was sent as RFC, I merged them now for 6.6 with Acks, as there is no further plan to change. thanks, Takashi
