2021-01-21 17:56:03

by Ricardo Ribalda

[permalink] [raw]
Subject: [PATCH v3 1/2] ASoC: Intel: Skylake: skl-topology: Fix OOPs ib skl_tplg_complete

If dobj->control is not initialized we end up in an OOPs during
skl_tplg_complete:

[ 26.553358] BUG: kernel NULL pointer dereference, address:
0000000000000078
[ 26.561151] #PF: supervisor read access in kernel mode
[ 26.566897] #PF: error_code(0x0000) - not-present page
[ 26.572642] PGD 0 P4D 0
[ 26.575479] Oops: 0000 [#1] PREEMPT SMP PTI
[ 26.580158] CPU: 2 PID: 2082 Comm: udevd Tainted: G C
5.4.81 #4
[ 26.588232] Hardware name: HP Soraka/Soraka, BIOS
Google_Soraka.10431.106.0 12/03/2019
[ 26.597082] RIP: 0010:skl_tplg_complete+0x70/0x144 [snd_soc_skl]

Cc: <[email protected]>
Fixes: 2d744ecf2b98 ("ASoC: Intel: Skylake: Automatic DMIC format configuration according to information from NHL")
Tested-by: Lukasz Majczak <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Reviewed-by: Cezary Rojewski <[email protected]>
Signed-off-by: Ricardo Ribalda <[email protected]>
---
v3: order local variables by length

sound/soc/intel/skylake/skl-topology.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/sound/soc/intel/skylake/skl-topology.c b/sound/soc/intel/skylake/skl-topology.c
index ae466cd59292..ffd37aaecdf1 100644
--- a/sound/soc/intel/skylake/skl-topology.c
+++ b/sound/soc/intel/skylake/skl-topology.c
@@ -3619,15 +3619,16 @@ static void skl_tplg_complete(struct snd_soc_component *component)

list_for_each_entry(dobj, &component->dobj_list, list) {
struct snd_kcontrol *kcontrol = dobj->control.kcontrol;
- struct soc_enum *se =
- (struct soc_enum *)kcontrol->private_value;
- char **texts = dobj->control.dtexts;
+ struct soc_enum *se;
char chan_text[4];
+ char **texts;

- if (dobj->type != SND_SOC_DOBJ_ENUM ||
- dobj->control.kcontrol->put !=
- skl_tplg_multi_config_set_dmic)
+ if (dobj->type != SND_SOC_DOBJ_ENUM || !kcontrol ||
+ kcontrol->put != skl_tplg_multi_config_set_dmic)
continue;
+
+ se = (struct soc_enum *)kcontrol->private_value;
+ texts = dobj->control.dtexts;
sprintf(chan_text, "c%d", mach->mach_params.dmic_num);

for (i = 0; i < se->items; i++) {
--
2.30.0.296.g2bfb1c46d8-goog


2021-01-21 17:56:32

by Ricardo Ribalda

[permalink] [raw]
Subject: [PATCH v3 2/2] ASoC: Intel: Skylake: Zero snd_ctl_elem_value

Clear struct snd_ctl_elem_value before calling ->put() to avoid any data
leak.

Reviewed-by: Andy Shevchenko <[email protected]>
Reviewed-by: Cezary Rojewski <[email protected]>
Signed-off-by: Ricardo Ribalda <[email protected]>
---
sound/soc/intel/skylake/skl-topology.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/intel/skylake/skl-topology.c b/sound/soc/intel/skylake/skl-topology.c
index ffd37aaecdf1..76a04a883e63 100644
--- a/sound/soc/intel/skylake/skl-topology.c
+++ b/sound/soc/intel/skylake/skl-topology.c
@@ -3632,7 +3632,7 @@ static void skl_tplg_complete(struct snd_soc_component *component)
sprintf(chan_text, "c%d", mach->mach_params.dmic_num);

for (i = 0; i < se->items; i++) {
- struct snd_ctl_elem_value val;
+ struct snd_ctl_elem_value val = {};

if (strstr(texts[i], chan_text)) {
val.value.enumerated.item[0] = i;
--
2.30.0.296.g2bfb1c46d8-goog