From 0779935938b1b6f492f019764bc7dda77bb08ec9 Mon Sep 17 00:00:00 2001 From: Sylwester Nawrocki Date: Fri, 7 Jun 2019 17:49:26 +0200 Subject: [PATCH] ASoC: Remove erroneous soc_cleanup_card_resources() call When soc_init_dai_link() call at the beginning of snd_soc_instantiate_card function fails soc_cleanup_card_resources() and then snd_soc_dapm_free() gets called with an incompletely initialized card->dapm. In particular card->dapm.card is NULL and it gets dereferenced in dapm_free_widgets(). Also dapm->list is invalid and there is an invalid pointer dereference from list_del(). The function call stack (deferred probing) on Chromebook Snow where this issue has shown up in today's -next is: snd_soc_dapm_free soc_cleanup_card_resources snd_soc_instantiate_card snd_soc_register_card devm_snd_soc_register_card snow_probe In patch 70fc53734e71 "ASoC: core: move DAI pre-links initiation to snd_soc_instantiate_card" there is an soc_cleanup_platform() call instead of soc_cleanup_card_resources() as in current -next. soc_cleanup_platform got renamed to soc_cleanup_legacy, then removed in commit adb76b5b9c47 "ASoC: soc-core: remove legacy style dai_link". It seems in merge conflict resolution the soc_cleanup_platform() call got renamed to soc_cleanup_card_resources(), instead of being removed. Correct this by removing an unnecessary soc_cleanup_card_resources() call. Fixes: a8e992342ce4 ("Merge branch 'asoc-5.2' into asoc-5.3") Reported-by: Marek Szyprowski Suggested-by: Tzung-Bi Shih Signed-off-by: Sylwester Nawrocki Signed-off-by: Mark Brown --- sound/soc/soc-core.c | 1 - 1 file changed, 1 deletion(-) diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c index 94a36ee8eb22..f0fa289c90d8 100644 --- a/sound/soc/soc-core.c +++ b/sound/soc/soc-core.c @@ -1986,7 +1986,6 @@ static int snd_soc_instantiate_card(struct snd_soc_card *card) for_each_card_prelinks(card, i, dai_link) { ret = soc_init_dai_link(card, dai_link); if (ret) { - soc_cleanup_card_resources(card); dev_err(card->dev, "ASoC: failed to init link %s: %d\n", dai_link->name, ret); mutex_unlock(&client_mutex); -- 2.30.2