android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f2955dd3e9
android_kernel_samsung_sm8650/drivers/soundwire
History
Krzysztof Kozlowski f2955dd3e9 soundwire: stream: fix NULL pointer dereference for multi_link 
commit e199bf52ffda8f98f129728d57244a9cd9ad5623 upstream.

If bus is marked as multi_link, but number of masters in the stream is
not higher than bus->hw_sync_min_links (bus->multi_link && m_rt_count >=
bus->hw_sync_min_links), bank switching should not happen.  The first
part of do_bank_switch() code properly takes these conditions into
account, but second part (sdw_ml_sync_bank_switch()) relies purely on
bus->multi_link property.  This is not balanced and leads to NULL
pointer dereference:

  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
  ...
  Call trace:
   wait_for_completion_timeout+0x124/0x1f0
   do_bank_switch+0x370/0x6f8
   sdw_prepare_stream+0x2d0/0x438
   qcom_snd_sdw_prepare+0xa0/0x118
   sm8450_snd_prepare+0x128/0x148
   snd_soc_link_prepare+0x5c/0xe8
   __soc_pcm_prepare+0x28/0x1ec
   dpcm_be_dai_prepare+0x1e0/0x2c0
   dpcm_fe_dai_prepare+0x108/0x28c
   snd_pcm_do_prepare+0x44/0x68
   snd_pcm_action_single+0x54/0xc0
   snd_pcm_action_nonatomic+0xe4/0xec
   snd_pcm_prepare+0xc4/0x114
   snd_pcm_common_ioctl+0x1154/0x1cc0
   snd_pcm_ioctl+0x54/0x74

Fixes: ce6e74d008 ("soundwire: Add support for multi link bank switch")
Cc: stable@vger.kernel.org
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20231124180136.390621-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-20 17:00:25 +01:00
..
bus_type.c soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() 2023-03-11 13:55:35 +01:00
bus.c soundwire: fix enumeration completion 2023-08-03 10:24:15 +02:00
bus.h soundwire: export sdw_update() and sdw_update_no_pm() 2021-06-21 13:00:42 +01:00
cadence_master.c soundwire: cadence: rename sdw_cdns_dai_dma_data as sdw_cdns_dai_runtime 2023-05-11 23:03:37 +09:00
cadence_master.h soundwire: intel: don't save hw_params for use in prepare 2023-05-11 23:03:37 +09:00
debugfs.c soundwire: debugfs: use controller id and link_id for debugfs 2021-10-01 09:53:47 +05:30
dmi-quirks.c soundwire: dmi-quirks: update HP Omen match 2023-11-28 17:07:01 +00:00
generic_bandwidth_allocation.c soundwire: bandwidth allocation: improve error messages 2021-05-11 17:34:07 +05:30
intel_init.c soundwire: intel: cleanup definition of LCOUNT 2022-09-01 14:29:14 +05:30
intel.c soundwire: intel: don't save hw_params for use in prepare 2023-05-11 23:03:37 +09:00
intel.h soundwire: intel: skip suspend/resume/wake when link was not started 2021-08-23 17:40:33 +05:30
Kconfig soundwire: intel: move to auxiliary bus 2021-06-14 10:12:26 +05:30
Makefile soundwire: Intel: introduce DMI quirks for HP Spectre x360 Convertible 2021-03-22 17:33:10 +05:30
master.c soundwire: master: use pm_runtime_set_active() on add 2020-12-02 12:49:34 +05:30
mipi_disco.c soundwire: fix port_ready[] dynamic allocation in mipi_disco 2020-09-03 16:02:29 +05:30
qcom.c soundwire: qcom: update status correctly with mask 2023-08-03 10:23:57 +02:00
slave.c Char / Misc driver changes for 6.0-rc1 2022-08-04 11:05:48 -07:00
stream.c soundwire: stream: fix NULL pointer dereference for multi_link 2023-12-20 17:00:25 +01:00
sysfs_local.h soundwire: sysfs: add slave status and device number before probe 2020-09-28 11:17:43 +05:30
sysfs_slave_dpn.c soundwire: Fix DEBUG_LOCKS_WARN_ON for uninitialized attribute 2020-11-24 14:08:51 +05:30
sysfs_slave.c soundwire: sysfs: Constify static struct attribute_group 2021-01-19 20:21:20 +05:30