[alsa-devel] [PATCH] ASoC: Fix NULL dereference at freeing
When an ASoC driver with pcm_destruct component ops is freed before the PCM object instantiation (e.g. deferring the probe), it hits an Oops at snd_soc_pcm_component_free() that calls the pcm_destruct ops unconditionally.
Fix it by adding a NULL-check of rtd->pcm before calling callbacks.
Fixes: c64bfc906600 ("ASoC: soc-core: add new pcm_construct/pcm_destruct") Reported-by: Matthias Brugger matthias.bgg@gmail.com Tested-by: Ben Ho ben.ho@mediatek.com Signed-off-by: Takashi Iwai tiwai@suse.de --- sound/soc/soc-component.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/sound/soc/soc-component.c b/sound/soc/soc-component.c index 9054558ce386..b94680fb26fa 100644 --- a/sound/soc/soc-component.c +++ b/sound/soc/soc-component.c @@ -539,6 +539,9 @@ void snd_soc_pcm_component_free(struct snd_soc_pcm_runtime *rtd) struct snd_soc_rtdcom_list *rtdcom; struct snd_soc_component *component;
+ if (!rtd->pcm) + return; + for_each_rtd_components(rtd, rtdcom, component) if (component->driver->pcm_destruct) component->driver->pcm_destruct(component, rtd->pcm);
The patch
ASoC: Fix NULL dereference at freeing
has been applied to the asoc tree at
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-5.5
All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted.
You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed.
If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced.
Please add any relevant lists and maintainers to the CCs when replying to this mail.
Thanks, Mark
From 8e3366cad2bfe4e669bfd3758110be90b1dc75aa Mon Sep 17 00:00:00 2001
From: Takashi Iwai tiwai@suse.de Date: Tue, 7 Jan 2020 08:09:56 +0100 Subject: [PATCH] ASoC: Fix NULL dereference at freeing
When an ASoC driver with pcm_destruct component ops is freed before the PCM object instantiation (e.g. deferring the probe), it hits an Oops at snd_soc_pcm_component_free() that calls the pcm_destruct ops unconditionally.
Fix it by adding a NULL-check of rtd->pcm before calling callbacks.
Fixes: c64bfc906600 ("ASoC: soc-core: add new pcm_construct/pcm_destruct") Reported-by: Matthias Brugger matthias.bgg@gmail.com Tested-by: Ben Ho ben.ho@mediatek.com Signed-off-by: Takashi Iwai tiwai@suse.de Link: https://lore.kernel.org/r/20200107070956.15807-1-tiwai@suse.de Signed-off-by: Mark Brown broonie@kernel.org --- sound/soc/soc-component.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/sound/soc/soc-component.c b/sound/soc/soc-component.c index 1590e805d016..6a8f26bf09ba 100644 --- a/sound/soc/soc-component.c +++ b/sound/soc/soc-component.c @@ -520,6 +520,9 @@ void snd_soc_pcm_component_free(struct snd_soc_pcm_runtime *rtd) struct snd_soc_rtdcom_list *rtdcom; struct snd_soc_component *component;
+ if (!rtd->pcm) + return; + for_each_rtd_components(rtd, rtdcom, component) if (component->driver->pcm_destruct) component->driver->pcm_destruct(component, rtd->pcm);
participants (2)
-
Mark Brown
-
Takashi Iwai