ASoC: cs35l56: Prevent double-free of debugfs - kernel/linux.git

diff options

author	Richard Fitzgerald <rf@opensource.cirrus.com>	2026-06-10 12:34:31 +0300
committer	Mark Brown <broonie@kernel.org>	2026-06-10 13:24:45 +0300
commit	344a12ca7ba6e10f9779476780afe9d977d47322 (patch)
tree	cb783493041734882cc6ffe01aec7b3edeb39955 /include/linux
parent	85f7bf03632bfcdd6cedfb3945b7e387d9487d73 (diff)
download	linux-344a12ca7ba6e10f9779476780afe9d977d47322.tar.xz

ASoC: cs35l56: Prevent double-free of debugfs

Invalidate the debugfs pointer after debugfs_remove_recursive() in cs35l56_remove_cal_debugfs(). This prevents a double-free situation when a future commit adds proper failure cleanup in cs35l56_component_probe(). As described by Sashiko (including the future cs35l56_component_probe() cleanup commit): During a normal component unbind, cs35l56_component_remove() calls cs35l56_remove_cal_debugfs() which removes the directory but leaves a dangling pointer. If the component is later bound again, but _cs35l56_component_probe() fails early (for example, if the init_completion times out), this new error path will call cs35l56_component_remove(). This causes cs35l56_remove_cal_debugfs() to be called again with the dangling cs35l56_base->debugfs pointer from the previous lifecycle, resulting in a use-after-free in debugfs_remove_recursive(). Fixes: f7097161e94c ("ASoC: cs35l56: Add common code for factory calibration") Reported-by: sashiko <sashiko@sashiko.dev> Link: https://sashiko.dev/#/patchset/20260609120738.284770-1-rf%40opensource.cirrus.com Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> Link: https://patch.msgid.link/20260610093432.557375-3-rf@opensource.cirrus.com Signed-off-by: Mark Brown <broonie@kernel.org>

Diffstat (limited to 'include/linux')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: