[PATCH] sound/usb: fix to release stream resources from media_snd_device_delete()
From: Shuah Khan
Date: Fri Mar 18 2016 - 22:51:29 EST
Fix to release stream resources from media_snd_device_delete() before
media device is unregistered. Without this change, stream resource free
is attempted after the media device is unregistered which would result
in use-after-free errors.
Signed-off-by: Shuah Khan <shuahkh@xxxxxxxxxxxxxxx>
---
- Ran bind/unbind loop (1000 iteration) test on snd-usb-audio
while running mc_nextgen_test loop (1000 iterations) in parallel.
- Ran bind/unbind and rmmod/modprobe tests on both drivers. Also
generated graphs when after bind/unbind, rmmod/modprobe. Graphs
look good.
- Note: Please apply the following patch to fix memory leak:
sound/usb: Fix memory leak in media_snd_stream_delete() during unbind
https://lkml.org/lkml/2016/3/16/1050
sound/usb/media.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/usb/media.c b/sound/usb/media.c
index de4a815..e35af88 100644
--- a/sound/usb/media.c
+++ b/sound/usb/media.c
@@ -301,6 +301,13 @@ int media_snd_device_create(struct snd_usb_audio *chip,
void media_snd_device_delete(struct snd_usb_audio *chip)
{
struct media_device *mdev = chip->media_dev;
+ struct snd_usb_stream *stream;
+
+ /* release resources */
+ list_for_each_entry(stream, &chip->pcm_list, list) {
+ media_snd_stream_delete(&stream->substream[0]);
+ media_snd_stream_delete(&stream->substream[1]);
+ }
media_snd_mixer_delete(chip);
--
2.5.0