[PATCH] ASoC: Intel: Skylake: Fix available clock counter incrementation
Pierre-Louis Bossart
pierre-louis.bossart at linux.intel.com
Mon Feb 24 17:18:30 CET 2020
On 2/24/20 6:52 AM, Amadeusz Sławiński wrote:
> Incrementation of avail_clk_cnt was incorrectly moved to error path. Put
> it back to success path.
>
> Fixes: 6ee927f2f01466 ('ASoC: Intel: Skylake: Fix NULL ptr dereference when unloading clk dev')
> Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski at linux.intel.com>
> ---
> sound/soc/intel/skylake/skl-ssp-clk.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/sound/soc/intel/skylake/skl-ssp-clk.c b/sound/soc/intel/skylake/skl-ssp-clk.c
> index 1c0e5226cb5b..bd43885f3805 100644
> --- a/sound/soc/intel/skylake/skl-ssp-clk.c
> +++ b/sound/soc/intel/skylake/skl-ssp-clk.c
> @@ -384,9 +384,11 @@ static int skl_clk_dev_probe(struct platform_device *pdev)
> &clks[i], clk_pdata, i);
>
> if (IS_ERR(data->clk[data->avail_clk_cnt])) {
> - ret = PTR_ERR(data->clk[data->avail_clk_cnt++]);
> + ret = PTR_ERR(data->clk[data->avail_clk_cnt]);
Are you sure?
If you start with avail_clk_cnt set to zero, the error handling will
decrement and access offset -1
static void unregister_src_clk(struct skl_clk_data *dclk)
{
while (dclk->avail_clk_cnt--)
clkdev_drop(dclk->clk[dclk->avail_clk_cnt]->lookup); <<< oob
access with offset -1
}
> goto err_unreg_skl_clk;
> }
> +
> + data->avail_clk_cnt++;
> }
>
> platform_set_drvdata(pdev, data);
>
More information about the Alsa-devel
mailing list