Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp11978218ybi; Fri, 26 Jul 2019 02:47:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqwOiJ5lmB3c1OUEYK7XmQmi0zCwCIveffWQtGWuJWe7b4r49SUSY1NHdDxkt00dye0azvR7 X-Received: by 2002:a17:902:aa95:: with SMTP id d21mr91668676plr.185.1564134438961; Fri, 26 Jul 2019 02:47:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564134438; cv=none; d=google.com; s=arc-20160816; b=daSPrApHUSMYtHh1SV7EI/j2d44893EutNScejxvDYlDpdiIkxBETmtEPTSjVNH7Ck yjybE6R0ZX/9GXeX0PEongu3zFFWfx+Qt2B0jivKS1ZedFQ+VWN8382hmpXjgESlW3L5 mTjunHxehkZMDrY8288gzI2277oOf5edv+A4ql/OaMJXqqkfiZrvFUupgUjjvAInO8K6 2jvABZsmaZD9+pWdbTtUq0zeBzp4cu2RncYTIDvBudwuRFnKN4Yn6H7r+quWwDBlI+xP LQd7dFAicw4R+rUd5XzuaWeTASh0CXx803cIiclKDOePW/HHpTsXyzL5bDRo+gbl5p+B 14Xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=3iglveLwU29MzIYfGyfHQroJAVJXOZOmUHPgXwIgdP4=; b=rlaiMKqdR7/3bbe2jHhAg/6I1EXCiJrXVp2iQ/eS5htAUJs7CXse4MFi5ImNTU2MPN 0zZBY3iB4ExIMXpnNSccHTH2msN/OOHvaMlLkftd64cnEaguIRk4yByNAPwUWZhjLriS E/gwofKG2+l5+xRroiug5kxidy/GGQ86DLlmcriP2uKC8OYdJ5ZbOPEYNoEF1CeuqhHS 2g/yIH76YQZQF14so8fxEhtMB/uc6hj4mJf4x6ku+ZYAyRxYI1YOEQQ2PgetK2Spr6lR Z7jvSnKN2Mmcn5SckcFrhg2dwsxMnY2UBpx5pAckK0R3wUozFG97iwmhoTZPgmrjMS9A fIxA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p17si22021664plq.138.2019.07.26.02.47.04; Fri, 26 Jul 2019 02:47:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726211AbfGZJpM (ORCPT + 99 others); Fri, 26 Jul 2019 05:45:12 -0400 Received: from mga11.intel.com ([192.55.52.93]:13889 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725842AbfGZJpM (ORCPT ); Fri, 26 Jul 2019 05:45:12 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Jul 2019 02:45:11 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,310,1559545200"; d="scan'208";a="175547537" Received: from crojewsk-mobl1.ger.corp.intel.com (HELO [10.251.89.116]) ([10.251.89.116]) by orsmga006.jf.intel.com with ESMTP; 26 Jul 2019 02:45:06 -0700 Subject: Re: [RFC PATCH 06/40] soundwire: intel: prevent possible dereference in hw_params To: Pierre-Louis Bossart Cc: alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org, tiwai@suse.de, broonie@kernel.org, vkoul@kernel.org, gregkh@linuxfoundation.org, jank@cadence.com, srinivas.kandagatla@linaro.org, slawomir.blauciak@intel.com, Sanyog Kale References: <20190725234032.21152-1-pierre-louis.bossart@linux.intel.com> <20190725234032.21152-7-pierre-louis.bossart@linux.intel.com> From: Cezary Rojewski Message-ID: <1e814ab9-9606-88a5-3181-6cdb203671c3@intel.com> Date: Fri, 26 Jul 2019 11:45:04 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190725234032.21152-7-pierre-louis.bossart@linux.intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-07-26 01:39, Pierre-Louis Bossart wrote: > This should not happen in production systems but we should test for > all callback arguments before invoking the config_stream callback. > > Signed-off-by: Pierre-Louis Bossart > --- > drivers/soundwire/intel.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/soundwire/intel.c b/drivers/soundwire/intel.c > index 68832e613b1e..497879dd9c0d 100644 > --- a/drivers/soundwire/intel.c > +++ b/drivers/soundwire/intel.c > @@ -509,7 +509,7 @@ static int intel_config_stream(struct sdw_intel *sdw, > struct snd_soc_dai *dai, > struct snd_pcm_hw_params *hw_params, int link_id) > { > - if (sdw->res->ops && sdw->res->ops->config_stream) > + if (sdw->res->ops && sdw->res->ops->config_stream && sdw->res->arg) > return sdw->res->ops->config_stream(sdw->res->arg, > substream, dai, hw_params, link_id); > > Hmm, declaring local for sdw->res should prove useful here after addition of 4th sdw->res dereference.