linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 0/1] sound/hda/hdac_stream: Avoid NULL pointer dereference
@ 2019-03-11 20:53 Mariusz Ceier
  2019-03-11 20:53 ` [PATCH 1/1] " Mariusz Ceier
  0 siblings, 1 reply; 3+ messages in thread
From: Mariusz Ceier @ 2019-03-11 20:53 UTC (permalink / raw)
  To: Jaroslav Kysela, Takashi Iwai, Ravindra Lokhande, Sameer Pujar,
	Pierre-Louis Bossart, Mohan Kumar D, Keyon Jie, Mariusz Ceier,
	alsa-devel, linux-kernel

Seems like commit 9b6f7e7a296e17990aae298c809b001e99ddd151 introduced
NULL pointer dereference for ca0132 codec. 
When ca0132 loads firmware, snd_hdac_stream_start is called with
azx_dev->substream being NULL.

This patch calls snd_hdac_get_stream_stripe_ctl only when
azx_dev->substream is not NULL. Even if I'm not sure if this is correct,
since it might be that ca0132 codec does something wrong, with this
change NULL pointer dereference doesn't happen and ca0132 works again on
my system with Recon3Di.


Mariusz Ceier (1):
  sound/hda/hdac_stream: Avoid NULL pointer dereference

 sound/hda/hdac_stream.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

-- 
2.21.0


^ permalink raw reply	[flat|nested] 3+ messages in thread
* [PATCH 1/1] sound/hda/hdac_stream: Avoid NULL pointer dereference
  2019-03-11 20:53 [PATCH 0/1] sound/hda/hdac_stream: Avoid NULL pointer dereference Mariusz Ceier
@ 2019-03-11 20:53 ` Mariusz Ceier
  2019-03-13 10:24   ` Takashi Iwai
  0 siblings, 1 reply; 3+ messages in thread
From: Mariusz Ceier @ 2019-03-11 20:53 UTC (permalink / raw)
  To: Jaroslav Kysela, Takashi Iwai, Ravindra Lokhande, Sameer Pujar,
	Pierre-Louis Bossart, Mohan Kumar D, Keyon Jie, Mariusz Ceier,
	alsa-devel, linux-kernel

For ca0132 codec, azx_dev->stream is NULL during firmware loading.
Calling snd_hdac_get_stream_stripe_ctl unconditionally causes NULL
pointer dereference in that function.

Signed-off-by: Mariusz Ceier <mceier+kernel@gmail.com>
---
 sound/hda/hdac_stream.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sound/hda/hdac_stream.c b/sound/hda/hdac_stream.c
index f5dd288d1a7a..76e9b41fcea2 100644
--- a/sound/hda/hdac_stream.c
+++ b/sound/hda/hdac_stream.c
@@ -95,7 +95,10 @@ void snd_hdac_stream_start(struct hdac_stream *azx_dev, bool fresh_start)
 			      1 << azx_dev->index,
 			      1 << azx_dev->index);
 	/* set stripe control */
-	stripe_ctl = snd_hdac_get_stream_stripe_ctl(bus, azx_dev->substream);
+	if (azx_dev->substream)
+		stripe_ctl = snd_hdac_get_stream_stripe_ctl(bus, azx_dev->substream);
+	else
+		stripe_ctl = 0;
 	snd_hdac_stream_updateb(azx_dev, SD_CTL_3B, SD_CTL_STRIPE_MASK,
 				stripe_ctl);
 	/* set DMA start and interrupt mask */
-- 
2.21.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] sound/hda/hdac_stream: Avoid NULL pointer dereference
  2019-03-11 20:53 ` [PATCH 1/1] " Mariusz Ceier
@ 2019-03-13 10:24   ` Takashi Iwai
  0 siblings, 0 replies; 3+ messages in thread
From: Takashi Iwai @ 2019-03-13 10:24 UTC (permalink / raw)
  To: Mariusz Ceier
  Cc: alsa-devel, Pierre-Louis Bossart, Keyon Jie, Mohan Kumar D,
	Ravindra Lokhande, Sameer Pujar, Jaroslav Kysela, linux-kernel

On Mon, 11 Mar 2019 21:53:57 +0100,
Mariusz Ceier wrote:
> 
> For ca0132 codec, azx_dev->stream is NULL during firmware loading.
> Calling snd_hdac_get_stream_stripe_ctl unconditionally causes NULL
> pointer dereference in that function.
> 
> Signed-off-by: Mariusz Ceier <mceier+kernel@gmail.com>

Applied now (with a proper Fixes tag).


thanks,

Takashi


> ---
>  sound/hda/hdac_stream.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/sound/hda/hdac_stream.c b/sound/hda/hdac_stream.c
> index f5dd288d1a7a..76e9b41fcea2 100644
> --- a/sound/hda/hdac_stream.c
> +++ b/sound/hda/hdac_stream.c
> @@ -95,7 +95,10 @@ void snd_hdac_stream_start(struct hdac_stream *azx_dev, bool fresh_start)
>  			      1 << azx_dev->index,
>  			      1 << azx_dev->index);
>  	/* set stripe control */
> -	stripe_ctl = snd_hdac_get_stream_stripe_ctl(bus, azx_dev->substream);
> +	if (azx_dev->substream)
> +		stripe_ctl = snd_hdac_get_stream_stripe_ctl(bus, azx_dev->substream);
> +	else
> +		stripe_ctl = 0;
>  	snd_hdac_stream_updateb(azx_dev, SD_CTL_3B, SD_CTL_STRIPE_MASK,
>  				stripe_ctl);
>  	/* set DMA start and interrupt mask */
> -- 
> 2.21.0
> 
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-03-13 10:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-11 20:53 [PATCH 0/1] sound/hda/hdac_stream: Avoid NULL pointer dereference Mariusz Ceier
2019-03-11 20:53 ` [PATCH 1/1] " Mariusz Ceier
2019-03-13 10:24   ` Takashi Iwai

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).