[alsa-devel] [PATCH] ALSA: fix oops in snd_pcm_info() caused by ASoC DPCM

Takashi Iwai tiwai at suse.de
Thu Oct 31 17:38:36 CET 2013 

At Thu, 31 Oct 2013 15:01:37 +0000,
Russell King - ARM Linux wrote:
> 
> Liam, Mark,
> 
> As discussed privately, here's the fix for the ASoC oops I've been seeing
> with DPCM in ALSA.  This avoids unnecessarily exposing the ASoC internal
> PCM devices to userspace, which is complimentary to your patch fixing the
> deref of the PCM ops.
> 
> 8<========
> From: Russell King <rmk+kernel at arm.linux.org.uk>
> Subject: [PATCH] ALSA: fix oops in snd_pcm_info() caused by ASoC DPCM
> 
> Unable to handle kernel NULL pointer dereference at virtual address 00000008
> pgd = d5300000
> [00000008] *pgd=0d265831, *pte=00000000, *ppte=00000000
> Internal error: Oops: 17 [#1] PREEMPT ARM
> CPU: 0 PID: 2295 Comm: vlc Not tainted 3.11.0+ #755
> task: dee74800 ti: e213c000 task.ti: e213c000
> PC is at snd_pcm_info+0xc8/0xd8
> LR is at 0x30232065
> pc : [<c031b52c>]    lr : [<30232065>]    psr: a0070013
> sp : e213dea8  ip : d81cb0d0  fp : c05f7678
> r10: c05f7770  r9 : fffffdfd  r8 : 00000000
> r7 : d8a968a8  r6 : d8a96800  r5 : d8a96200  r4 : d81cb000
> r3 : 00000000  r2 : d81cb000  r1 : 00000001  r0 : d8a96200
> Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
> Control: 10c5387d  Table: 15300019  DAC: 00000015
> Process vlc (pid: 2295, stack limit = 0xe213c248)
> [<c031b52c>] (snd_pcm_info) from [<c031b570>] (snd_pcm_info_user+0x34/0x9c)
> [<c031b570>] (snd_pcm_info_user) from [<c03164a4>] (snd_pcm_control_ioctl+0x274/0x280)
> [<c03164a4>] (snd_pcm_control_ioctl) from [<c0311458>] (snd_ctl_ioctl+0xc0/0x55c)
> [<c0311458>] (snd_ctl_ioctl) from [<c00eca84>] (do_vfs_ioctl+0x80/0x31c)
> [<c00eca84>] (do_vfs_ioctl) from [<c00ecd5c>] (SyS_ioctl+0x3c/0x60)
> [<c00ecd5c>] (SyS_ioctl) from [<c000e500>] (ret_fast_syscall+0x0/0x48)
> Code: e1a00005 e59530dc e3a01001 e1a02004 (e5933008)
> ---[ end trace cb3d9bdb8dfefb3c ]---
> 
> This is provoked when the ASoC front end is open along with its backend,
> (which causes the backend to have a runtime assigned to it) and then the
> SNDRV_CTL_IOCTL_PCM_INFO is requested for the (visible) backend device.
> 
> Resolve this by ensuring that ASoC internal backend devices are not
> visible to userspace, just as the commentry for snd_pcm_new_internal()
> says it should be.
> 
> Signed-off-by: Russell King <rmk+kernel at arm.linux.org.uk>

Thanks, applied now.
I also put Cc to stable.


Takashi

> ---
>  sound/core/pcm.c |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/sound/core/pcm.c b/sound/core/pcm.c
> index 17f45e8aa89c..e1e9e0c999fe 100644
> --- a/sound/core/pcm.c
> +++ b/sound/core/pcm.c
> @@ -49,6 +49,8 @@ static struct snd_pcm *snd_pcm_get(struct snd_card *card, int device)
>  	struct snd_pcm *pcm;
>  
>  	list_for_each_entry(pcm, &snd_pcm_devices, list) {
> +		if (pcm->internal)
> +			continue;
>  		if (pcm->card == card && pcm->device == device)
>  			return pcm;
>  	}
> @@ -60,6 +62,8 @@ static int snd_pcm_next(struct snd_card *card, int device)
>  	struct snd_pcm *pcm;
>  
>  	list_for_each_entry(pcm, &snd_pcm_devices, list) {
> +		if (pcm->internal)
> +			continue;
>  		if (pcm->card == card && pcm->device > device)
>  			return pcm->device;
>  		else if (pcm->card->number > card->number)
> -- 
> 1.7.4.4
>

More information about the Alsa-devel mailing list