Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp5644812pxb; Mon, 28 Mar 2022 15:25:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy+5u3VMNFPUozhCHvhuBp/Y0IEMbbDtxQjda8VnFnad5NIB4GpaCHgtHVecx6PRjJWpAbO X-Received: by 2002:a05:6808:2114:b0:2da:1bae:5197 with SMTP id r20-20020a056808211400b002da1bae5197mr700336oiw.17.1648506345255; Mon, 28 Mar 2022 15:25:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648506345; cv=none; d=google.com; s=arc-20160816; b=MknI9BBAsSkPX8PF8PTKtXXbQ1pgvak9GQi2Na4yaSK4ne2/eiu7GWvPmeSxsiPcPV cZ1c4toTbg5PArVl9GHiDIwG0hLEaN2cwRRGPsEdHIbMRnNjYMggUJzzuEp8LgcYkzuv tlG2+jJ7ZkhHTO+o78ia6FYD4KE35Fn4xV4XqVv5o67xnzk7JPF0hdq2hXjYt/wPiaGJ OupOop4uy4KJbvI3Wp/5Bbz9klWvVHU3uvrAuE/HH52YewrKstvngnEytqstbmRFVLsF RhkYjlCkTWtG5gx+TSsLex8VyvFtXXiNAyh1b27Sa4L8bcz7ggbzog8umIDsz8oD7Du+ rUZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=Ev+jFF4MWyLXe4KFMG0ej9Khdftaw0LvpKgprsKOSno=; b=IVkc+AbRq8KiOi5fiQ+ilXlCGTMiY0hrFiHg6xT6NDA7Tfo+Dc/YKTf50pVP0icQj1 2qJKVKjf6o6l8Fy0IpGKEpXxMNkCQoIbTvnK5NTIwajC03Mps0dqDBXdQx/DAIS3tsq2 UuEPW31GTtyxYUTcxRMpIULd5th+MvKjKwsPbba2qQiZ7AoZPvdxPy5+2g7E7Bug4ckN GdOAaSfmKS3yeQn8KXd8Qy6YTeAvM3uKSwwOCFR/oac6+q0bQL8Irb2pdxnw1FwE2ldj +oqUS0aNTEXj62XjjxAPhJ3bL8TnDaV8R5H4nFoBeffDj5inzkquCIhuYeZk1ydnWjtB np5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b="Ufg/OZ4t"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id k22-20020a544716000000b002ef0c3475a1si10191224oik.33.2022.03.28.15.25.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Mar 2022 15:25:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b="Ufg/OZ4t"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 46F3E92323; Mon, 28 Mar 2022 14:39:09 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233869AbiC0NKT (ORCPT + 99 others); Sun, 27 Mar 2022 09:10:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60542 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229967AbiC0NKQ (ORCPT ); Sun, 27 Mar 2022 09:10:16 -0400 Received: from mail-pj1-x1041.google.com (mail-pj1-x1041.google.com [IPv6:2607:f8b0:4864:20::1041]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A432663F5; Sun, 27 Mar 2022 06:08:36 -0700 (PDT) Received: by mail-pj1-x1041.google.com with SMTP id m22so11636489pja.0; Sun, 27 Mar 2022 06:08:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Ev+jFF4MWyLXe4KFMG0ej9Khdftaw0LvpKgprsKOSno=; b=Ufg/OZ4tD+eXPEBdYrrwtmVFy3ZFS2zmA6LG4zlQnU4T+aLWPJWTyNP+eU9Mkif4il 3kcXtY86W/fklnC9uI+MDlhKhDSSCJRXW8UAkht7kEZuqTzgG2MqU9HtM+WbuAWY+37l L7WaNxT+GdFefNK1qfyTyj3L0t7yOm+zeUy3+GOq5K6t3mMnmLpQK0yIkpr1sK9I1PgM YvRcFnmZDV0+/98BQzyAqVeeeMbvKMGlfF9xh+YMNkuDbcZjVaL411XXZ60EufOXfqaA K3jb4fB11w9UL5qB73hoFsqsROPfeVQYcFFqBjmAQNoOBzKM/HkoGqm4rJ7OvxNp2Jxu pdcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Ev+jFF4MWyLXe4KFMG0ej9Khdftaw0LvpKgprsKOSno=; b=Tyg4+g+go4Ttc3v5JaHEKfFcR4ryrobPmbcM58J5rcGEngvHFxzmay2UxxpVHiA1q/ PxPH+1ZskoC2tYBffKqUDmyANR/ICTS3d8Z8Ogce7D7BfAdpbPScBqF+t94pIentwQCS ykHV59avcAyyRlS7oKPi5FgT8dL8x77nlWXekTQPyAtsCE8bcL33j8+HmJpsCpyt04JB ecovYyeI47eMDAN7Qa4rP423SYVAFAmjgSODWDVRlwys2wzNZQsvjZ1GeuguD0dVYQ9E hCbkp7ssap9uE/Epp5BDnKcvN171Mo66CkVtj2WEE69Q9HeEL4JgPurnDB0FSZmBmyAa naww== X-Gm-Message-State: AOAM532IvZuCGpDW7w+OG/GCE8a/+wLPePu4X57gA4dMZb4kzzthuMr3 7bc1+veVXC0LXvaMwkm3yEM= X-Received: by 2002:a17:90b:4c49:b0:1c7:d6c1:bb0f with SMTP id np9-20020a17090b4c4900b001c7d6c1bb0fmr17541719pjb.230.1648386516119; Sun, 27 Mar 2022 06:08:36 -0700 (PDT) Received: from localhost ([115.220.243.108]) by smtp.gmail.com with ESMTPSA id d16-20020a17090ad99000b001bcbc4247a0sm10967761pjv.57.2022.03.27.06.08.34 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Sun, 27 Mar 2022 06:08:35 -0700 (PDT) From: Xiaomeng Tong To: jbrunet@baylibre.com Cc: alsa-devel@alsa-project.org, broonie@kernel.org, khilman@baylibre.com, lgirdwood@gmail.com, linux-amlogic@lists.infradead.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, martin.blumenstingl@googlemail.com, narmstrong@baylibre.com, perex@perex.cz, stable@vger.kernel.org, tiwai@suse.com, xiam0nd.tong@gmail.com Subject: Re: [PATCH] soc: meson: fix a missing check on list iterator Date: Sun, 27 Mar 2022 21:08:01 +0800 Message-Id: <20220327130801.15631-1-xiam0nd.tong@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <1jk0cf6480.fsf@starbuckisacylon.baylibre.com> References: <1jk0cf6480.fsf@starbuckisacylon.baylibre.com> X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 27 Mar 2022 13:03:14 +0200, Jerome Brunet wrote: > On Sun 27 Mar 2022 at 16:18, Xiaomeng Tong wrote: > > > The bug is here: > > *dai_name = dai->driver->name; > > > > For for_each_component_dais(), just like list_for_each_entry, > > the list iterator 'runtime' will point to a bogus position > > containing HEAD if the list is empty or no element is found. > > This case must be checked before any use of the iterator, > > otherwise it will lead to a invalid memory access. > > > > To fix the bug, just move the assignment into loop and return > > 0 when element is found, otherwise return -EINVAL; > > Except we already checked that the id is valid and know an element will > be be found once we enter the loop. No bug here and this patch does not > seem necessary to me. Yea, you should be right, it is not a bug here. id already be checked before enter the loop: if (id < 0 || id >= component->num_dai) return -EINVAL; but if component->num_dai is not correct due to miscaculation or others reason and the door is reopened, this patch can avoid a invalid memory access. Anyway, it is a good choice to use the list iterator only inside the loop, as linus suggested[1]. and we are on the way to change all these use-after-iter cases. [1]https://lore.kernel.org/lkml/20220217184829.1991035-1-jakobkoschel@gmail.com/ -- Xiaomeng Tong