2023-12-13 23:28:45

by Gergo Koteles

Subject: [PATCH v2] ALSA: hda/tas2781: call cleanup functions only once

If the module can load the RCA but not the firmware binary, it will call
the cleanup functions. Then unloading the module causes general
protection fault due to double free.

Do not call the cleanup functions in tasdev_fw_ready.

general protection fault, probably for non-canonical address
0x6f2b8a2bff4c8fec: 0000 [#1] PREEMPT SMP NOPTI
Call Trace:
<TASK>
? die_addr+0x36/0x90
? exc_general_protection+0x1c5/0x430
? asm_exc_general_protection+0x26/0x30
? tasdevice_config_info_remove+0x6d/0xd0 [snd_soc_tas2781_fmwlib]
tas2781_hda_unbind+0xaa/0x100 [snd_hda_scodec_tas2781_i2c]
component_unbind+0x2e/0x50
component_unbind_all+0x92/0xa0
component_del+0xa8/0x140
tas2781_hda_remove.isra.0+0x32/0x60 [snd_hda_scodec_tas2781_i2c]
i2c_device_remove+0x26/0xb0

Fixes: 5be27f1e3ec9 ("ALSA: hda/tas2781: Add tas2781 HDA driver")
CC: [email protected]
Signed-off-by: Gergo Koteles <[email protected]>
---
sound/pci/hda/tas2781_hda_i2c.c | 5 -----
1 file changed, 5 deletions(-)

diff --git a/sound/pci/hda/tas2781_hda_i2c.c b/sound/pci/hda/tas2781_hda_i2c.c
index fb802802939e..c6b292606dfa 100644
--- a/sound/pci/hda/tas2781_hda_i2c.c
+++ b/sound/pci/hda/tas2781_hda_i2c.c
@@ -550,11 +550,6 @@ static void tasdev_fw_ready(const struct firmware *fmw, void *context)
tas2781_save_calibration(tas_priv);

out:
- if (tas_priv->fw_state == TASDEVICE_DSP_FW_FAIL) {
- /*If DSP FW fail, kcontrol won't be created */
- tasdevice_config_info_remove(tas_priv);
- tasdevice_dsp_remove(tas_priv);
- }
mutex_unlock(&tas_priv->codec_lock);
if (fmw)
release_firmware(fmw);

base-commit: ffc253263a1375a65fa6c9f62a893e9767fbebfa
--
2.43.0

2023-12-14 11:04:28

by Takashi Iwai

Subject: Re: [PATCH v2] ALSA: hda/tas2781: call cleanup functions only once

On Thu, 14 Dec 2023 00:28:16 +0100,
Gergo Koteles wrote:
>
> If the module can load the RCA but not the firmware binary, it will call
> the cleanup functions. Then unloading the module causes general
> protection fault due to double free.
>
> Do not call the cleanup functions in tasdev_fw_ready.
>
> general protection fault, probably for non-canonical address
> 0x6f2b8a2bff4c8fec: 0000 [#1] PREEMPT SMP NOPTI
> Call Trace:
> <TASK>
> ? die_addr+0x36/0x90
> ? exc_general_protection+0x1c5/0x430
> ? asm_exc_general_protection+0x26/0x30
> ? tasdevice_config_info_remove+0x6d/0xd0 [snd_soc_tas2781_fmwlib]
> tas2781_hda_unbind+0xaa/0x100 [snd_hda_scodec_tas2781_i2c]
> component_unbind+0x2e/0x50
> component_unbind_all+0x92/0xa0
> component_del+0xa8/0x140
> tas2781_hda_remove.isra.0+0x32/0x60 [snd_hda_scodec_tas2781_i2c]
> i2c_device_remove+0x26/0xb0
>
> Fixes: 5be27f1e3ec9 ("ALSA: hda/tas2781: Add tas2781 HDA driver")
> CC: [email protected]
> Signed-off-by: Gergo Koteles <[email protected]>

Thanks, applied.


Takashi