On Sat, Dec 12, 2020 at 05:20:12PM -0800, Thomas Hebb wrote:
> A widget's "dirty" list_head, much like its "list" list_head, eventually
> chains back to a list_head on the snd_soc_card itself. This means that
> the list can stick around even after the widget (or all widgets) have
> been freed. Currently, however, widgets that are in the dirty list when
> freed remain there, corrupting the entire list and leading to memory
> errors and undefined behavior when the list is next accessed or
> modified.
>
> I encountered this issue when a component failed to probe relatively
> late in snd_soc_bind_card(), causing it to bail out and call
> soc_cleanup_card_resources(), which eventually called
> snd_soc_dapm_free() with widgets that were still dirty from when they'd
> been added.
>
> Fixes: db432b414e20 ("ASoC: Do DAPM power checks only for widgets changed since last run")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Thomas Hebb <tommyhebb@xxxxxxxxx>
> ---
>
> sound/soc/soc-dapm.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
> index 7f87b449f950..148c095df27b 100644
> --- a/sound/soc/soc-dapm.c
> +++ b/sound/soc/soc-dapm.c
> @@ -2486,6 +2486,7 @@ void snd_soc_dapm_free_widget(struct snd_soc_dapm_widget *w)
> enum snd_soc_dapm_direction dir;
>
> list_del(&w->list);
> + list_del(&w->dirty);
I can't help but wonder if we should be taking the DAPM lock for
snd_soc_dapm_free_widgets. However your patch doesn't look like it
is making that any more scary and looks like we should be making
sure we remove the widget from the dirty list.
Reviewed-by: Charles Keepax <ckeepax@xxxxxxxxxxxxxxxxxxxxx>
Thanks,
Charles
