[PATCH 2/2] ASoC: core: Do not call link_exit() on uninitialized rtd objects

29 Sep 2023

On init we have sequence:
for_each_card_prelinks(card, i, dai_link) {
    	ret = snd_soc_add_pcm_runtime(card, dai_link);
ret = init_some_other_things(...);
    if (ret)
    	goto probe_end:
for_each_card_rtds(card, rtd) {
    	ret = soc_init_pcm_runtime(card, rtd);
probe_end:
while on exit:
    for_each_card_rtds(card, rtd)
    	snd_soc_link_exit(rtd);
If init_some_other_things() step fails due to error we end up with
not fully setup rtds and try to call snd_soc_link_exit on them, which
depending on contents on .link_exit handler, can end up dereferencing
NULL pointer.
Reviewed-by: Cezary Rojewski cezary.rojewski@intel.com
Signed-off-by: Amadeusz Sławiński amadeuszx.slawinski@linux.intel.com
---
 include/sound/soc.h  |  2 ++
 sound/soc/soc-core.c | 20 +++++++++++++++-----
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/include/sound/soc.h b/include/sound/soc.h
index 63b57f58cc56..7792c393e238 100644
--- a/include/sound/soc.h
+++ b/include/sound/soc.h
@@ -1134,6 +1134,8 @@ struct snd_soc_pcm_runtime {
    unsigned int pop_wait:1;
    unsigned int fe_compr:1; /* for Dynamic PCM */
+	bool initialized;
+
    int num_components;
    struct snd_soc_component *components[]; /* CPU/Codec/Platform */
 };
diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
index 2b8d522eb106..b2bd45e87bc3 100644
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -1347,7 +1347,7 @@ static int soc_init_pcm_runtime(struct snd_soc_card *card,
    snd_soc_runtime_get_dai_fmt(rtd);
    ret = snd_soc_runtime_set_dai_fmt(rtd, dai_link->dai_fmt);
    if (ret)
-		return ret;
+		goto err;
/* add DPCM sysfs entries */
    soc_dpcm_debugfs_add(rtd);
@@ -1372,17 +1372,26 @@ static int soc_init_pcm_runtime(struct snd_soc_card *card,
    /* create compress_device if possible */
    ret = snd_soc_dai_compress_new(cpu_dai, rtd, num);
    if (ret != -ENOTSUPP)
-		return ret;
+		goto err;
/* create the pcm */
    ret = soc_new_pcm(rtd, num);
    if (ret < 0) {
    	dev_err(card->dev, "ASoC: can't create pcm %s :%d\n",
    		dai_link->stream_name, ret);
-		return ret;
+		goto err;
    }
-	return snd_soc_pcm_dai_new(rtd);
+	ret = snd_soc_pcm_dai_new(rtd);
+	if (ret < 0)
+		goto err;
+
+	rtd->initialized = true;
+
+	return 0;
+err:
+	snd_soc_link_exit(rtd);
+	return ret;
 }
static void soc_set_name_prefix(struct snd_soc_card *card,
@@ -1980,7 +1989,8 @@ static void soc_cleanup_card_resources(struct snd_soc_card *card)
/* release machine specific resources */
    for_each_card_rtds(card, rtd)
-		snd_soc_link_exit(rtd);
+		if (rtd->initialized)
+			snd_soc_link_exit(rtd);
    /* remove and free each DAI */
    soc_remove_link_dais(card);
    soc_remove_link_components(card);
-- 
2.34.1


    