Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp2498228rdb; Fri, 8 Dec 2023 09:46:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IG1s21C2X/6LK5dMNGF81jq/pTKMwR/+Ns2Fk9YhZUDtwhIcLDWn1i5kxlomVp3/ZU6bos/ X-Received: by 2002:a17:902:f7cb:b0:1cf:b130:e9af with SMTP id h11-20020a170902f7cb00b001cfb130e9afmr337343plw.20.1702057571505; Fri, 08 Dec 2023 09:46:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702057571; cv=none; d=google.com; s=arc-20160816; b=BG30IIz1zoV59kZQapWwCd5WzGaexxs7nFA7L2BdeZ1/wfj2lzxiifyEmLghNpF0p8 O0HTUz5CkJirLwNjQfXuAUo/vSwCB17xwOOuTH324OYLoYnttIfmtHCO9x1s+G5WFx2g M/4sQi3YERlZsx7uePL9VHMPFmyqt5JPwESbTYNXuoXHm99bHWqhRk+VwdjkwROR8OiH +KghCB8JZz401LffqRCY5DN5fuwjR3BlaCRFybOUlJZ0UFspyVtwWlLVzOgRe6+CvGA7 jS16PNvQIdQeYckrjbCsEKMUQ8c+WqYxUO6RtSwbEBNL+t/AfcAInyN4dWP75pgHnMBU RayA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=6XpqwX7YgqSwjaIrsQt+Rt/fN6sBiKAusQSNBL4kfUM=; fh=AtUyipZqf9Wt3VmKECtwTscIVbxtj0bqEzvKFfEmcRc=; b=anqCZP6Wrc5wNcKrmqMu47ZNW0K69lacY7QtGxnIBsOnbDAHIBJpZG4HAt510R1f9T hvhPqVJUk5Ea8WdKEpUrbwrzMFPxbQPCgjLiqvo8ijYYsZsesNpu7Df673qpX0dnii12 9QJU7f1Xziv1plAZBwi3DVpBSxHobYQx2BRvXZlFJkV5HHNkQAXYzbezTnV+hkLp78BG OcGM8kiJs9UOnXrKEDgNSNFGcUNgi5NPzA5L7JhZJQO7JNIlhdTt0/+aM1Q2l2lS5Y8R ye8TOJJRlxO6y//iEudtiYbiKGEy1rPpZUFcrlcBmmA6WWBuGuqVozwJlTzV6DkmCjkw XzLg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=irl.hu Return-Path: Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id n15-20020a170903110f00b001d0a7201fe4si1879599plh.310.2023.12.08.09.46.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Dec 2023 09:46:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=irl.hu Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 7212B8082843; Fri, 8 Dec 2023 09:45:27 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233768AbjLHRpK (ORCPT + 99 others); Fri, 8 Dec 2023 12:45:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51276 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229811AbjLHRpI (ORCPT ); Fri, 8 Dec 2023 12:45:08 -0500 X-Greylist: delayed 305 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Fri, 08 Dec 2023 09:45:14 PST Received: from irl.hu (irl.hu [95.85.9.111]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B23CF4; Fri, 8 Dec 2023 09:45:13 -0800 (PST) Received: from fedori.lan (51b690cd.dsl.pool.telekom.hu [::ffff:81.182.144.205]) (AUTH: CRAM-MD5 soyer@irl.hu, ) by irl.hu with ESMTPSA id 00000000000719DB.00000000657354F6.0011CADC; Fri, 08 Dec 2023 18:40:06 +0100 From: Gergo Koteles To: Shenghao Ding , Kevin Lu , Baojun Xu , Jaroslav Kysela , Takashi Iwai Cc: linux-kernel@vger.kernel.org, alsa-devel@alsa-project.org, Gergo Koteles , stable@vger.kernel.org Subject: [PATCH] ALSA: hda/tas2781: leave hda_component in usable state Date: Fri, 8 Dec 2023 18:38:19 +0100 Message-ID: <052224ccd9d24dac777c468d2ef94d5fabe619a0.1702056528.git.soyer@irl.hu> X-Mailer: git-send-email 2.43.0 Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Mime-Autoconverted: from 8bit to 7bit by courier 1.0 X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 08 Dec 2023 09:45:27 -0800 (PST) Unloading then loading the module causes a NULL ponter dereference. The hda_unbind zeroes the hda_component, later the hda_bind tries to dereference the codec field. The hda_component is only initialized once by tas2781_generic_fixup. Set only previously modified fields to NULL. BUG: kernel NULL pointer dereference, address: 0000000000000322 Call Trace: ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? exc_page_fault+0x7f/0x180 ? asm_exc_page_fault+0x26/0x30 ? tas2781_hda_bind+0x59/0x140 [snd_hda_scodec_tas2781_i2c] component_bind_all+0xf3/0x240 try_to_bring_up_aggregate_device+0x1c3/0x270 __component_add+0xbc/0x1a0 tas2781_hda_i2c_probe+0x289/0x3a0 [snd_hda_scodec_tas2781_i2c] i2c_device_probe+0x136/0x2e0 Fixes: 5be27f1e3ec9 ("ALSA: hda/tas2781: Add tas2781 HDA driver") CC: stable@vger.kernel.org Signed-off-by: Gergo Koteles --- sound/pci/hda/tas2781_hda_i2c.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sound/pci/hda/tas2781_hda_i2c.c b/sound/pci/hda/tas2781_hda_i2c.c index fb802802939e..ba4fdae8ec9b 100644 --- a/sound/pci/hda/tas2781_hda_i2c.c +++ b/sound/pci/hda/tas2781_hda_i2c.c @@ -612,9 +612,13 @@ static void tas2781_hda_unbind(struct device *dev, { struct tasdevice_priv *tas_priv = dev_get_drvdata(dev); struct hda_component *comps = master_data; + comps = &comps[tas_priv->index]; - if (comps[tas_priv->index].dev == dev) - memset(&comps[tas_priv->index], 0, sizeof(*comps)); + if (comps[tas_priv->index].dev == dev) { + comps->dev = NULL; + strscpy(comps->name, "", sizeof(comps->name)); + comps->playback_hook = NULL; + } tasdevice_config_info_remove(tas_priv); tasdevice_dsp_remove(tas_priv); base-commit: ffc253263a1375a65fa6c9f62a893e9767fbebfa -- 2.43.0