LinuxLists.cc - [PATCH] ALSA: hda/tas2781: handle missing EFI calibration data

2023-12-10 23:38:11

Subject: [PATCH] ALSA: hda/tas2781: handle missing EFI calibration data

The code does not properly check whether the calibration variable is
available in the EFI. If it is not available, it causes a NULL pointer
dereference.

Check the return value of the first get_variable call also.

BUG: kernel NULL pointer dereference, address: 0000000000000000
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x171/0x4e0
? srso_alias_return_thunk+0x5/0x7f
? schedule+0x5e/0xd0
? exc_page_fault+0x7f/0x180
? asm_exc_page_fault+0x26/0x30
? crc32_body+0x2c/0x120
? tas2781_save_calibration+0xe4/0x220 [snd_hda_scodec_tas2781_i2c]
tasdev_fw_ready+0x1af/0x280 [snd_hda_scodec_tas2781_i2c]
request_firmware_work_func+0x59/0xa0

Fixes: 5be27f1e3ec9 ("ALSA: hda/tas2781: Add tas2781 HDA driver")
CC: [email protected]
Signed-off-by: Gergo Koteles <[email protected]>
---
sound/pci/hda/tas2781_hda_i2c.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sound/pci/hda/tas2781_hda_i2c.c b/sound/pci/hda/tas2781_hda_i2c.c
index fb802802939e..6e506efe61cd 100644
--- a/sound/pci/hda/tas2781_hda_i2c.c
+++ b/sound/pci/hda/tas2781_hda_i2c.c
@@ -455,9 +455,9 @@ static int tas2781_save_calibration(struct tasdevice_priv *tas_priv)
status = efi.get_variable(efi_name, &efi_guid, &attr,
&tas_priv->cali_data.total_sz,
tas_priv->cali_data.data);
- if (status != EFI_SUCCESS)
- return -EINVAL;
}
+ if (status != EFI_SUCCESS)
+ return -EINVAL;

tmp_val = (unsigned int *)tas_priv->cali_data.data;

base-commit: ffc253263a1375a65fa6c9f62a893e9767fbebfa
--
2.43.0

2023-12-11 07:59:21

by Takashi Iwai

[permalink] [raw]

Subject: Re: [PATCH] ALSA: hda/tas2781: handle missing EFI calibration data

On Mon, 11 Dec 2023 00:37:33 +0100,
Gergo Koteles wrote:
>
> The code does not properly check whether the calibration variable is
> available in the EFI. If it is not available, it causes a NULL pointer
> dereference.
>
> Check the return value of the first get_variable call also.
>
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> Call Trace:
> <TASK>
> ? __die+0x23/0x70
> ? page_fault_oops+0x171/0x4e0
> ? srso_alias_return_thunk+0x5/0x7f
> ? schedule+0x5e/0xd0
> ? exc_page_fault+0x7f/0x180
> ? asm_exc_page_fault+0x26/0x30
> ? crc32_body+0x2c/0x120
> ? tas2781_save_calibration+0xe4/0x220 [snd_hda_scodec_tas2781_i2c]
> tasdev_fw_ready+0x1af/0x280 [snd_hda_scodec_tas2781_i2c]
> request_firmware_work_func+0x59/0xa0
>
> Fixes: 5be27f1e3ec9 ("ALSA: hda/tas2781: Add tas2781 HDA driver")
> CC: [email protected]
> Signed-off-by: Gergo Koteles <[email protected]>

Thanks, applied now.

Takashi