From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755493AbcBPRKS (ORCPT <rfc822;w@1wt.eu>);
	Tue, 16 Feb 2016 12:10:18 -0500
Received: from mout.kundenserver.de ([212.227.17.24]:58062 "EHLO
	mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754618AbcBPRJ5 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 16 Feb 2016 12:09:57 -0500
From: Arnd Bergmann <arnd@arndb.de>
To: linux-arm-kernel@lists.infradead.org
Cc: alsa-devel@alsa-project.org, Takashi Iwai <tiwai@suse.de>,
        linux-kernel@vger.kernel.org, Jaroslav Kysela <perex@perex.cz>,
        Mark Brown <broonie@kernel.org>, Han Lu <han.lu@intel.com>,
        Libin Yang <libin.yang@linux.intel.com>,
        Thierry Reding <treding@nvidia.com>,
        David Henningsson <david.henningsson@canonical.com>
Subject: Re: [PATCH] sound: hdmi: avoid dereferencing uninitialized 'jack' pointer
Date: Tue, 16 Feb 2016 18:09:11 +0100
Message-ID: <12468747.ft2nGomr6c@wuerfel>
User-Agent: KMail/4.11.5 (Linux/3.16.0-10-generic; KDE/4.11.5; x86_64; ; )
In-Reply-To: <112888486.mQgaWiH0PI@wuerfel>
References: <1455634059-1896914-1-git-send-email-arnd@arndb.de> <20160216163840.GA7544@sirena.org.uk> <112888486.mQgaWiH0PI@wuerfel>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-Provags-ID: V03:K0:z9YlicRst2hJI+bglhRxkPSfoAmtlur0JjPxvamhy+UzMgs3T1s
 NU26EB6MxhNDhXuvK7l+WQsbKh2aN+BOazJ8jFk9NqrmFlcRc6W9dZ3ZBlCC75GOSh7WS0f
 QDIjl4OAhqMDYJGFyViTjWfdsNtG90jEz9lLm8fpPb1PGn6f1gA7DNdvNpuzOK/QJQhp58G
 8NaS4v1NRP2slKxgXCMSg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:Ybbu6hSYT1E=:RwPidKnAV8bDdNzqAPAROY
 1wipcsPe3ozGcCFOm8KSNxBRVLjLymUrRbjM/BQM2PIgjb1K3zs4dgEO1PjHqjWtDnX74AytZ
 n+QVayITmcJznLwOiSikuFSVlIivP24vy8QEhQKhRAvEio9nSBkUGS2gH1ZXFDR3RMBfd2feE
 ZI3N9lhVYmGuMcGQ8TA/Ko70L5bsvrZUkVKIZ3SGxIeKgWIsiam/n8Ti/84grbLMklbOHsw6S
 EKWQ+cIUmTOuuN3WjwCXbJHLJVbMnelhzaPlmAtMOKFkLIu9jy+fSIQf+iWDiOgrijE/Emxfm
 FNMdLWhucKZ2Gyt/asbccNdlqEePSlEA9CX8xeqQN453/W+00CIWggxcudRqmgtw6pfDOrfT9
 bylZKXAmgn1geEt3Hp4elXWRJ1nija90n3oqLHEMxiHgIvcw81vmxZpSS3U+YOpLT87IEDw73
 FG1ywNoR9JK47409W11pfsl5DjMaLbYFQZ619pI0BnMl2RiBbGy0UP4VlvNliPPnWJ6ZtknkA
 xy6G3D47d1nMUXYXcySTHJnVq+ON9SagDHrRAMZB+Gjj90kenP1WtSsG1O0IfdW11BzJXMxT2
 4sXFSXH47nzOgfSYMQ4sRD1TJQHiDorC9UH2UD4n40YpLEc3ARQXMud4HKSEOj3W6qI/5Zja5
 Es1OUa/t9QJOu0VjxkY+n2HcYv6NEYI69e6C+uqebBDv2OH3uiKozcZDksjqALSJ8sMo9/6oB
 YcIQ0L3ydMBE9dkb
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tuesday 16 February 2016 17:59:04 Arnd Bergmann wrote:
> --- a/sound/pci/hda/hda_jack.c
> +++ b/sound/pci/hda/hda_jack.c
> @@ -403,8 +403,10 @@ int snd_hda_jack_add_kctl(struct hda_codec *codec, hda_nid_t nid,
>  
>         jack->phantom_jack = !!phantom_jack;
>         jack->type = type;
> -       jack->jack->private_data = jack;
> -       jack->jack->private_free = hda_free_jack_priv;
> +       if (IS_ENABLED(CONFIG_SND_JACK)) {
> +               jack->jack->private_data = jack;
> +               jack->jack->private_free = hda_free_jack_priv;
> +       }
>         state = snd_hda_jack_detect(codec, nid);
>         snd_jack_report(jack->jack, state ? jack->type : 0);
>  

Or another idea: if we pass private_{data,free} into snd_jack_new()
as arguments, the snd_jack structure can become private to
sound/core/jack.c, so we can be sure to never hit this bug
again.

	Arnd