android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4a98bc739d
android_kernel_xiaomi_sm8450/sound/core
History
Jason Zhang 0ff1c0f5a4 ALSA: pcm: fix out-of-bounds in snd_pcm_state_names 
commit 2b3a7a302c9804e463f2ea5b54dc3a6ad106a344 upstream.

The pcm state can be SNDRV_PCM_STATE_DISCONNECTED at disconnect
callback, and there is not an entry of SNDRV_PCM_STATE_DISCONNECTED
in snd_pcm_state_names.

This patch adds the missing entry to resolve this issue.

cat /proc/asound/card2/pcm0p/sub0/status
That results in stack traces like the following:

[   99.702732][ T5171] Unexpected kernel BRK exception at EL1
[   99.702774][ T5171] Internal error: BRK handler: f2005512 [#1] PREEMPT SMP
[   99.703858][ T5171] Modules linked in: bcmdhd(E) (...)
[   99.747425][ T5171] CPU: 3 PID: 5171 Comm: cat Tainted: G         C OE     5.10.189-android13-4-00003-g4a17384380d8-ab11086999 #1
[   99.748447][ T5171] Hardware name: Rockchip RK3588 CVTE V10 Board (DT)
[   99.749024][ T5171] pstate: 60400005 (nZCv daif +PAN -UAO -TCO BTYPE=--)
[   99.749616][ T5171] pc : snd_pcm_substream_proc_status_read+0x264/0x2bc
[   99.750204][ T5171] lr : snd_pcm_substream_proc_status_read+0xa4/0x2bc
[   99.750778][ T5171] sp : ffffffc0175abae0
[   99.751132][ T5171] x29: ffffffc0175abb80 x28: ffffffc009a2c498
[   99.751665][ T5171] x27: 0000000000000001 x26: ffffff810cbae6e8
[   99.752199][ T5171] x25: 0000000000400cc0 x24: ffffffc0175abc60
[   99.752729][ T5171] x23: 0000000000000000 x22: ffffff802f558400
[   99.753263][ T5171] x21: ffffff81d8d8ff00 x20: ffffff81020cdc00
[   99.753795][ T5171] x19: ffffff802d110000 x18: ffffffc014fbd058
[   99.754326][ T5171] x17: 0000000000000000 x16: 0000000000000000
[   99.754861][ T5171] x15: 000000000000c276 x14: ffffffff9a976fda
[   99.755392][ T5171] x13: 0000000065689089 x12: 000000000000d72e
[   99.755923][ T5171] x11: ffffff802d110000 x10: 00000000000000e0
[   99.756457][ T5171] x9 : 9c431600c8385d00 x8 : 0000000000000008
[   99.756990][ T5171] x7 : 0000000000000000 x6 : 000000000000003f
[   99.757522][ T5171] x5 : 0000000000000040 x4 : ffffffc0175abb70
[   99.758056][ T5171] x3 : 0000000000000001 x2 : 0000000000000001
[   99.758588][ T5171] x1 : 0000000000000000 x0 : 0000000000000000
[   99.759123][ T5171] Call trace:
[   99.759404][ T5171]  snd_pcm_substream_proc_status_read+0x264/0x2bc
[   99.759958][ T5171]  snd_info_seq_show+0x54/0xa4
[   99.760370][ T5171]  seq_read_iter+0x19c/0x7d4
[   99.760770][ T5171]  seq_read+0xf0/0x128
[   99.761117][ T5171]  proc_reg_read+0x100/0x1f8
[   99.761515][ T5171]  vfs_read+0xf4/0x354
[   99.761869][ T5171]  ksys_read+0x7c/0x148
[   99.762226][ T5171]  __arm64_sys_read+0x20/0x30
[   99.762625][ T5171]  el0_svc_common+0xd0/0x1e4
[   99.763023][ T5171]  el0_svc+0x28/0x98
[   99.763358][ T5171]  el0_sync_handler+0x8c/0xf0
[   99.763759][ T5171]  el0_sync+0x1b8/0x1c0
[   99.764118][ T5171] Code: d65f03c0 b9406102 17ffffae 94191565 (d42aa240)
[   99.764715][ T5171] ---[ end trace 1eeffa3e17c58e10 ]---
[   99.780720][ T5171] Kernel panic - not syncing: BRK handler: Fatal exception

Signed-off-by: Jason Zhang <jason.zhang@rock-chips.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20231206013139.20506-1-jason.zhang@rock-chips.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-13 18:27:02 +01:00
..
oss ALSA: oss: avoid missing-prototype warnings 2023-06-09 10:30:12 +02:00
seq ALSA: seq: oss: Fix racy open/close of MIDI devices 2023-09-19 12:20:06 +02:00
compress_offload.c ALSA: compress_offload: remove redundant initialization 2020-09-03 09:26:27 +02:00
control_compat.c ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF 2023-01-14 10:16:52 +01:00
control.c ALSA: control: Use deferred fasync helper 2022-08-25 11:38:21 +02:00
ctljack.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
device.c ALSA: core: Add snd_device_get_state() helper 2020-03-23 18:09:19 +01:00
hrtimer.c ALSA: timer: Replace tasklet with work 2020-09-09 18:32:52 +02:00
hwdep_compat.c ALSA: compat_ioctl: avoid compat_alloc_user_space 2020-09-21 10:37:07 +02:00
hwdep.c ALSA: compat_ioctl: avoid compat_alloc_user_space 2020-09-21 10:37:07 +02:00
info_oss.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
info.c ALSA: info: Fix potential deadlock at disconnection 2023-11-28 16:54:59 +00:00
init.c ALSA: core: remove redundant spin_lock pair in snd_card_disconnect 2021-05-14 09:50:31 +02:00
isadma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
jack.c ALSA: jack: Fix mutex call in snd_jack_report() 2023-07-27 08:44:10 +02:00
Kconfig ALSA: control: Add verification for kctl accesses 2020-01-04 09:37:59 +01:00
Makefile ALSA: ISA: not for M68K 2021-11-26 10:39:10 +01:00
memalloc.c ALSA: memalloc: Align buffer allocations in page size 2022-07-29 17:19:25 +02:00
memory.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
misc.c ALSA: core: Add async signal helpers 2022-08-25 11:38:20 +02:00
pcm_compat.c ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl 2023-09-19 12:20:21 +02:00
pcm_dmaengine.c ALSA: dmaengine: increment buffer pointer atomically 2022-10-26 13:25:27 +02:00
pcm_drm_eld.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
pcm_iec958.c ALSA: core: pcm_iec958: fix kernel-doc 2020-07-07 10:22:33 +02:00
pcm_lib.c ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock 2022-04-08 14:39:53 +02:00
pcm_local.h ALSA: pcm: Call sync_stop at disconnection 2021-03-04 11:37:19 +01:00
pcm_memory.c ALSA: pcm: Fix potential data race at PCM memory allocation helpers 2023-08-30 16:23:11 +02:00
pcm_misc.c ALSA: pcm: Test for "silence" field in struct "pcm_format_data" 2022-04-20 09:23:27 +02:00
pcm_native.c ALSA: pcm: Set missing stop_operating flag at undoing trigger start 2023-01-14 10:15:38 +01:00
pcm_param_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_timer.c ALSA: timer: Constify snd_timer_hardware definitions 2020-01-03 09:24:07 +01:00
pcm_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm.c ALSA: pcm: fix out-of-bounds in snd_pcm_state_names 2023-12-13 18:27:02 +01:00
rawmidi_compat.c ALSA: Avoid using timespec for struct snd_rawmidi_status 2019-12-11 22:06:16 +01:00
rawmidi.c ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() 2022-10-26 13:25:06 +02:00
seq_device.c ALSA: seq: Fix a potential UAF by wrong private_free call order 2021-10-20 11:44:57 +02:00
sgbuf.c ALSA: memalloc: Make SG-buffer helper usable for continuous buffer, too 2020-06-15 18:01:52 +02:00
sound_oss.c ALSA: oss: Fix potential deadlock at unregistration 2022-10-26 13:25:06 +02:00
sound.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
timer_compat.c ALSA: Avoid using timespec for struct snd_timer_tread 2019-12-13 11:25:57 +01:00
timer.c ALSA: timer: Use deferred fasync helper 2022-08-25 11:38:20 +02:00
vmaster.c ALSA: Replace the word "slave" in vmaster API 2020-07-20 10:10:47 +02:00