From: Dmitry Osipenko <digetx@gmail.com>
To: Thierry Reding <thierry.reding@gmail.com>,
Jonathan Hunter <jonathanh@nvidia.com>,
Mark Brown <broonie@kernel.org>, Jaroslav Kysela <perex@perex.cz>,
Bard Liao <bardliao@realtek.com>,
Oder Chiou <oder_chiou@realtek.com>,
Liam Girdwood <lgirdwood@gmail.com>,
Takashi Iwai <tiwai@suse.com>
Cc: linux-tegra@vger.kernel.org, alsa-devel@alsa-project.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v2] ASoC: rt5640: Fix NULL dereference on module unload
Date: Mon, 6 Jan 2020 04:47:07 +0300 [thread overview]
Message-ID: <20200106014707.11378-1-digetx@gmail.com> (raw)
The rt5640->jack is NULL if jack is already disabled at the time of
driver's module unloading.
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
---
Changelog:
v2: - Addressed review comment from Takashi Iwai by making patch's diff a
bit cleaner and simpler.
- Addressed review comment from Mark Brown by removing noisy backtrace
from the commit's message and moving it after --- in order to keep it
discoverable in the ML archive.
Backtrace:
Unable to handle kernel NULL pointer dereference at virtual address 00000024
...
(rt5640_set_jack [snd_soc_rt5640])
(snd_soc_component_set_jack [snd_soc_core])
(soc_remove_component [snd_soc_core])
(soc_cleanup_card_resources [snd_soc_core])
(snd_soc_unregister_card [snd_soc_core])
(tegra_rt5640_remove [snd_soc_tegra_rt5640])
(platform_drv_remove)
(device_release_driver_internal)
(driver_detach)
(bus_remove_driver)
(tegra_rt5640_driver_exit
(sys_delete_module)
sound/soc/codecs/rt5640.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/codecs/rt5640.c b/sound/soc/codecs/rt5640.c
index adbae1f36a8a..747ca248bf10 100644
--- a/sound/soc/codecs/rt5640.c
+++ b/sound/soc/codecs/rt5640.c
@@ -2432,6 +2432,13 @@ static void rt5640_disable_jack_detect(struct snd_soc_component *component)
{
struct rt5640_priv *rt5640 = snd_soc_component_get_drvdata(component);
+ /*
+ * soc_remove_component() force-disables jack and thus rt5640->jack
+ * could be NULL at the time of driver's module unloading.
+ */
+ if (!rt5640->jack)
+ return;
+
disable_irq(rt5640->irq);
rt5640_cancel_work(rt5640);
--
2.24.0
WARNING: multiple messages have this Message-ID (diff)
From: Dmitry Osipenko <digetx@gmail.com>
To: Thierry Reding <thierry.reding@gmail.com>,
Jonathan Hunter <jonathanh@nvidia.com>,
Mark Brown <broonie@kernel.org>, Jaroslav Kysela <perex@perex.cz>,
Bard Liao <bardliao@realtek.com>,
Oder Chiou <oder_chiou@realtek.com>,
Liam Girdwood <lgirdwood@gmail.com>,
Takashi Iwai <tiwai@suse.com>
Cc: linux-tegra@vger.kernel.org, alsa-devel@alsa-project.org,
linux-kernel@vger.kernel.org
Subject: [alsa-devel] [PATCH v2] ASoC: rt5640: Fix NULL dereference on module unload
Date: Mon, 6 Jan 2020 04:47:07 +0300 [thread overview]
Message-ID: <20200106014707.11378-1-digetx@gmail.com> (raw)
The rt5640->jack is NULL if jack is already disabled at the time of
driver's module unloading.
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
---
Changelog:
v2: - Addressed review comment from Takashi Iwai by making patch's diff a
bit cleaner and simpler.
- Addressed review comment from Mark Brown by removing noisy backtrace
from the commit's message and moving it after --- in order to keep it
discoverable in the ML archive.
Backtrace:
Unable to handle kernel NULL pointer dereference at virtual address 00000024
...
(rt5640_set_jack [snd_soc_rt5640])
(snd_soc_component_set_jack [snd_soc_core])
(soc_remove_component [snd_soc_core])
(soc_cleanup_card_resources [snd_soc_core])
(snd_soc_unregister_card [snd_soc_core])
(tegra_rt5640_remove [snd_soc_tegra_rt5640])
(platform_drv_remove)
(device_release_driver_internal)
(driver_detach)
(bus_remove_driver)
(tegra_rt5640_driver_exit
(sys_delete_module)
sound/soc/codecs/rt5640.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/codecs/rt5640.c b/sound/soc/codecs/rt5640.c
index adbae1f36a8a..747ca248bf10 100644
--- a/sound/soc/codecs/rt5640.c
+++ b/sound/soc/codecs/rt5640.c
@@ -2432,6 +2432,13 @@ static void rt5640_disable_jack_detect(struct snd_soc_component *component)
{
struct rt5640_priv *rt5640 = snd_soc_component_get_drvdata(component);
+ /*
+ * soc_remove_component() force-disables jack and thus rt5640->jack
+ * could be NULL at the time of driver's module unloading.
+ */
+ if (!rt5640->jack)
+ return;
+
disable_irq(rt5640->irq);
rt5640_cancel_work(rt5640);
--
2.24.0
_______________________________________________
Alsa-devel mailing list
Alsa-devel@alsa-project.org
https://mailman.alsa-project.org/mailman/listinfo/alsa-devel
next reply other threads:[~2020-01-06 1:47 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-06 1:47 Dmitry Osipenko [this message]
2020-01-06 1:47 ` [alsa-devel] [PATCH v2] ASoC: rt5640: Fix NULL dereference on module unload Dmitry Osipenko
2020-01-06 20:50 ` Applied "ASoC: rt5640: Fix NULL dereference on module unload" to the asoc tree Mark Brown
2020-01-06 20:50 ` [alsa-devel] " Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200106014707.11378-1-digetx@gmail.com \
--to=digetx@gmail.com \
--cc=alsa-devel@alsa-project.org \
--cc=bardliao@realtek.com \
--cc=broonie@kernel.org \
--cc=jonathanh@nvidia.com \
--cc=lgirdwood@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tegra@vger.kernel.org \
--cc=oder_chiou@realtek.com \
--cc=perex@perex.cz \
--cc=thierry.reding@gmail.com \
--cc=tiwai@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.