Field "substream" gets assigned during stream setup in hda_dsp_pcm_hw_params() but it is never cleared afterwards during cleanup procedure. Now, any non-pcm operation e.g.: compress can mistakenly make use of that pointer as it's bypassing all "if (s->substream)" checks.
Nulling the pointer during hw_free operation ensures no wild pointers are left behind.
Fixes: cdae3b9a47aa ("ASoC: SOF: Intel: Add Intel specific HDA PCM operations") Signed-off-by: Cezary Rojewski cezary.rojewski@intel.com Acked-by: Pierre-Louis Bossart pierre-louis.bossart@linux.intel.com ---
Changes in v3: - simple rewording of commit title & message
Changes in v2: - relocated stream->substream assignment from _pcm_close() to _hw_free()
sound/soc/sof/intel/hda-stream.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/sound/soc/sof/intel/hda-stream.c b/sound/soc/sof/intel/hda-stream.c index 7daa913dbde0..5d386956906f 100644 --- a/sound/soc/sof/intel/hda-stream.c +++ b/sound/soc/sof/intel/hda-stream.c @@ -547,6 +547,8 @@ int hda_dsp_stream_hw_free(struct snd_sof_dev *sdev, SOF_HDA_REG_PP_PPCTL, mask, 0); spin_unlock_irq(&bus->reg_lock);
+ stream->substream = NULL; + return 0; }