Hi,
On Wed, 22 Jan 2020, Pierre-Louis Bossart wrote:
On 1/22/20 12:12 PM, Cezary Rojewski wrote:
Definitions for idisp snd_soc_dai_links within skl_hda_dsp_common are missing platform component. Add it to address following bug reported by KASAN:
[...]
[ 10.538502] BUG: KASAN: global-out-of-bounds in skl_hda_audio_probe+0x13a/0x2b0 [snd_soc_skl_hda_dsp] [ 10.538509] Write of size 8 at addr ffffffffc0606840 by task systemd-udevd/299 (...)
You could probably skip the call trace, it doesn't really provide much information.
Kai and Ranjani, do you think this impacts SOF as well? Or does our BE override somehow suppresses the problem?
yes, this is a good catch Cezary! We actually initialize the platform correctly in other machine drivers, so this is a specific bug in the generic HDA mach driver.
What happens is that 'platforms' is initialized to an empty array:
static struct snd_soc_dai_link_component idisp1_cpus[] = { { .dai_name = "iDisp1 Pin", } }; static struct snd_soc_dai_link_component idisp1_codecs[] = { { .name = "ehdaudio0D2", .dai_name = "intel-hdmi-hifi1", } }; static struct snd_soc_dai_link_component idisp1_platforms[] = { }
... but then before card registration, mach driver code assumes there is at least one platform in the array:
» for_each_card_prelinks(card, i, dai_link) » » dai_link->platforms->name = mach_params->platform;
... and this results in out-of-bound write.
Cezary's patch is aligned with other machine drivers and typical ASOC macro usage so:
Reviewed-by: Kai Vehmanen kai.vehmanen@linux.intel.com
I'll check if other machine drivers are impacted as well.
Br, Kai