[PATCH next 2/2] sound: usb: fix use after free in usb_audio_disconnect
From: Pavel Skripkin
Date: Mon Mar 08 2021 - 17:32:06 EST
The problem was in wrong "if" placement. chip->quirk_type is freed
in snd_card_free_when_closed(), but inside if statement it's accesed.
Fixes: 9799110825db ("ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend()"
Signed-off-by: Pavel Skripkin <paskripkin@xxxxxxxxx>
---
sound/usb/card.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/usb/card.c b/sound/usb/card.c
index 3fd1743513b5..b6f4c0848e66 100644
--- a/sound/usb/card.c
+++ b/sound/usb/card.c
@@ -907,6 +907,9 @@ static void usb_audio_disconnect(struct usb_interface *intf)
}
}
+ if (chip->quirk_type & QUIRK_SETUP_DISABLE_AUTOSUSPEND)
+ usb_enable_autosuspend(interface_to_usbdev(intf));
+
chip->num_interfaces--;
if (chip->num_interfaces <= 0) {
usb_chip[chip->index] = NULL;
@@ -915,9 +918,6 @@ static void usb_audio_disconnect(struct usb_interface *intf)
} else {
mutex_unlock(®ister_mutex);
}
-
- if (chip->quirk_type & QUIRK_SETUP_DISABLE_AUTOSUSPEND)
- usb_enable_autosuspend(interface_to_usbdev(intf));
}
/* lock the shutdown (disconnect) task and autoresume */
--
2.25.1