Received: by 2002:a05:7412:1492:b0:e2:908c:2ebd with SMTP id s18csp388586rdh; Wed, 23 Aug 2023 03:05:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFxVAvMQa1pPnX99Rp/zKuwR19ziQK+GfSVPiFarJagtcnVgkbfPe+6516cawtc/k1XCgGy X-Received: by 2002:a05:6512:689:b0:4ff:8742:4488 with SMTP id t9-20020a056512068900b004ff87424488mr11196667lfe.52.1692785128199; Wed, 23 Aug 2023 03:05:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692785128; cv=none; d=google.com; s=arc-20160816; b=vsO+/87RUMPKzk7vCjkG3/vj5lFLMQPp65UvJR9EHkQ7Rdvqkm7bh4EeQFeBewbjiF FiW3/m9ZWWwRAEqnfHZ9UbINzIpKnyZrm/MBdufFc0WDYOHo3hVJaDlWKM4emgF8avdq TS9b9an0wlLijuhOAiz8CnrKWFnb/HUpMomqzCGPfX48FwiA/8GW2kE0+gS3lnwNuiUz r96N/BPlGxRMywpqaoAN+j0X+TnCVy6ooIwSTgVwjY5QgcC2svLSgBikKFoYuXOxF1Ts OAfgKb5wUcCjiObpDtvr2WAoSUPgeD48ClxUpzfrW0OqZizwol9NAzNxdaJC9xpXCV+s z1cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from:cc:to :content-language:subject:user-agent:mime-version:date:message-id; bh=T2b8g82D1sJX0kUKHh7omQt+ADeZcbVHUKaLSaF+UC0=; fh=aJjXxX5mRQ6XAajLA3270AqYil/28te4Ybb5ZttawLY=; b=QOndgMTomI77VdNKdbnK0A7V0rzlkNfZ3o8d1zoWlP2AGqLFIPI23kc48w1IwJI8tc MSw+lAsmcJY7KgsoCZZazHQGcxXR/3wislZvloYVa08eEQIU04RIVVJssalWa5vVWjo7 x6jNwmLBaSf2/1FuO14eFMIF9ut6N07MXrN39RWPHeTNGVSP6+Hv8n4QkN+mvXBKNuqg /RZXuBYwW3pJq6Ax3f+ocFpngcg8lV2ZCJJh0UxCeRU4h3UoaGute/ugo8WYBuPTvjIn ekXLFGYjXoQOVqa9Ei+8i0reaphg/zWY4/WBDr29rHjYrX1z4WCQqheJb1PqQmJb/o7z AJQg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v15-20020aa7d80f000000b00521764d4012si8521568edq.213.2023.08.23.03.05.00; Wed, 23 Aug 2023 03:05:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232010AbjHWBZY (ORCPT + 99 others); Tue, 22 Aug 2023 21:25:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54688 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232006AbjHWBZX (ORCPT ); Tue, 22 Aug 2023 21:25:23 -0400 Received: from mail.nfschina.com (unknown [42.101.60.195]) by lindbergh.monkeyblade.net (Postfix) with SMTP id 5873AE40; Tue, 22 Aug 2023 18:25:21 -0700 (PDT) Received: from [172.30.11.106] (unknown [180.167.10.98]) by mail.nfschina.com (Maildata Gateway V2.8.8) with ESMTPSA id 1ED8E6019B71A; Wed, 23 Aug 2023 09:24:42 +0800 (CST) Message-ID: Date: Wed, 23 Aug 2023 09:24:41 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 Subject: Re: [PATCH] ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer Content-Language: en-US To: Christophe JAILLET , Jaroslav Kysela , Takashi Iwai Cc: Arnd Bergmann , maciej.szmigiero@oracle.com, yangyingliang@huawei.com, alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org X-MD-Sfrom: suhui@nfschina.com X-MD-SrcIP: 180.167.10.98 From: Su Hui In-Reply-To: <49247018-20fe-8a04-75f2-dad4524aa3a3@wanadoo.fr> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00,RCVD_IN_SBL_CSS, RDNS_NONE,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2023/8/23 04:07, Christophe JAILLET wrote: > Le 15/06/2023 à 04:17, Su Hui a écrit : >> smatch error: >> sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error: >> we previously assumed 'rac97' could be null (see line 2072) >> >> remove redundant assignment, return error if rac97 is NULL. > > Hi, > > why is the assigment redundant? > > Should an error occur, the 'struct snd_ac97 **' parameter was garanted > to be set to NULL, now it is left as-is. > > I've checked all callers and apparently this is fine because the > probes fail if snd_ac97_mixer() returns an error. > > However, some drivers with several mixers seem to rely on the value > being NULL in case of error. > > See [1] as an example of such code that forces a NULL value on its > own, to be sure. > > So, wouldn't it be safer to leave a "*rac97 = NULL;" just after the > added sanity check? > Hi, Really thanks for pointing this mistake. this assignment is necessary and removing it may cause some problem. So sorry for my mistake, I will send a patch to fix it right now. Su Hui > > CJ > > > [1]: > https://elixir.bootlin.com/linux/v6.5-rc7/source/sound/pci/atiixp.c#L1438 > >> >> Fixes: da3cec35dd3c ("ALSA: Kill snd_assert() in sound/pci/*") >> Signed-off-by: Su Hui >> --- >>   sound/pci/ac97/ac97_codec.c | 4 ++-- >>   1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c >> index 9afc5906d662..80a65b8ad7b9 100644 >> --- a/sound/pci/ac97/ac97_codec.c >> +++ b/sound/pci/ac97/ac97_codec.c >> @@ -2069,8 +2069,8 @@ int snd_ac97_mixer(struct snd_ac97_bus *bus, >> struct snd_ac97_template *template, >>           .dev_disconnect =    snd_ac97_dev_disconnect, >>       }; >>   -    if (rac97) >> -        *rac97 = NULL; >> +    if (!rac97) >> +        return -EINVAL; >>       if (snd_BUG_ON(!bus || !template)) >>           return -EINVAL; >>       if (snd_BUG_ON(template->num >= 4)) >