LinuxLists.cc - [PATCH 0/1] sound/hda/hdac_stream: Avoid NULL pointer dereference

2019-03-11 20:54:50

Subject: [PATCH 0/1] sound/hda/hdac_stream: Avoid NULL pointer dereference

Seems like commit 9b6f7e7a296e17990aae298c809b001e99ddd151 introduced
NULL pointer dereference for ca0132 codec.
When ca0132 loads firmware, snd_hdac_stream_start is called with
azx_dev->substream being NULL.

This patch calls snd_hdac_get_stream_stripe_ctl only when
azx_dev->substream is not NULL. Even if I'm not sure if this is correct,
since it might be that ca0132 codec does something wrong, with this
change NULL pointer dereference doesn't happen and ca0132 works again on
my system with Recon3Di.

Mariusz Ceier (1):
sound/hda/hdac_stream: Avoid NULL pointer dereference

sound/hda/hdac_stream.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

--
2.21.0

2019-03-11 20:55:10

by Mariusz Ceier

[permalink] [raw]

Subject: [PATCH 1/1] sound/hda/hdac_stream: Avoid NULL pointer dereference

For ca0132 codec, azx_dev->stream is NULL during firmware loading.
Calling snd_hdac_get_stream_stripe_ctl unconditionally causes NULL
pointer dereference in that function.

Signed-off-by: Mariusz Ceier <[email protected]>
---
sound/hda/hdac_stream.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sound/hda/hdac_stream.c b/sound/hda/hdac_stream.c
index f5dd288d1a7a..76e9b41fcea2 100644
--- a/sound/hda/hdac_stream.c
+++ b/sound/hda/hdac_stream.c
@@ -95,7 +95,10 @@ void snd_hdac_stream_start(struct hdac_stream *azx_dev, bool fresh_start)
1 << azx_dev->index,
1 << azx_dev->index);
/* set stripe control */
- stripe_ctl = snd_hdac_get_stream_stripe_ctl(bus, azx_dev->substream);
+ if (azx_dev->substream)
+ stripe_ctl = snd_hdac_get_stream_stripe_ctl(bus, azx_dev->substream);
+ else
+ stripe_ctl = 0;
snd_hdac_stream_updateb(azx_dev, SD_CTL_3B, SD_CTL_STRIPE_MASK,
stripe_ctl);
/* set DMA start and interrupt mask */
--
2.21.0

2019-03-13 10:25:12

by Takashi Iwai

[permalink] [raw]

Subject: Re: [PATCH 1/1] sound/hda/hdac_stream: Avoid NULL pointer dereference

On Mon, 11 Mar 2019 21:53:57 +0100,
Mariusz Ceier wrote:
>
> For ca0132 codec, azx_dev->stream is NULL during firmware loading.
> Calling snd_hdac_get_stream_stripe_ctl unconditionally causes NULL
> pointer dereference in that function.
>
> Signed-off-by: Mariusz Ceier <[email protected]>

Applied now (with a proper Fixes tag).

thanks,

Takashi

> ---
> sound/hda/hdac_stream.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/sound/hda/hdac_stream.c b/sound/hda/hdac_stream.c
> index f5dd288d1a7a..76e9b41fcea2 100644
> --- a/sound/hda/hdac_stream.c
> +++ b/sound/hda/hdac_stream.c
> @@ -95,7 +95,10 @@ void snd_hdac_stream_start(struct hdac_stream *azx_dev, bool fresh_start)
> 1 << azx_dev->index,
> 1 << azx_dev->index);
> /* set stripe control */
> - stripe_ctl = snd_hdac_get_stream_stripe_ctl(bus, azx_dev->substream);
> + if (azx_dev->substream)
> + stripe_ctl = snd_hdac_get_stream_stripe_ctl(bus, azx_dev->substream);
> + else
> + stripe_ctl = 0;
> snd_hdac_stream_updateb(azx_dev, SD_CTL_3B, SD_CTL_STRIPE_MASK,
> stripe_ctl);
> /* set DMA start and interrupt mask */
> --
> 2.21.0
>
>