From patchwork Tue May 19 09:37:58 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Takashi Iwai X-Patchwork-Id: 6435521 Return-Path: X-Original-To: patchwork-alsa-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 9A1689F1C1 for ; Tue, 19 May 2015 09:44:22 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id D03812047C for ; Tue, 19 May 2015 09:44:21 +0000 (UTC) Received: from alsa0.perex.cz (alsa0.perex.cz [77.48.224.243]) by mail.kernel.org (Postfix) with ESMTP id 80F0A200B4 for ; Tue, 19 May 2015 09:44:20 +0000 (UTC) Received: by alsa0.perex.cz (Postfix, from userid 1000) id 8819F26520E; Tue, 19 May 2015 11:44:19 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from alsa0.perex.cz (localhost [IPv6:::1]) by alsa0.perex.cz (Postfix) with ESMTP id 94BB92651F2; Tue, 19 May 2015 11:42:00 +0200 (CEST) X-Original-To: alsa-devel@alsa-project.org Delivered-To: alsa-devel@alsa-project.org Received: by alsa0.perex.cz (Postfix, from userid 1000) id 170EC2651F2; Tue, 19 May 2015 11:42:00 +0200 (CEST) Received: from mx2.suse.de (cantor2.suse.de [195.135.220.15]) by alsa0.perex.cz (Postfix) with ESMTP id 5728A265347 for ; Tue, 19 May 2015 11:38:01 +0200 (CEST) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 062E6AD08 for ; Tue, 19 May 2015 09:38:01 +0000 (UTC) From: Takashi Iwai To: alsa-devel@alsa-project.org Date: Tue, 19 May 2015 11:37:58 +0200 Message-Id: <1432028278-4403-1-git-send-email-tiwai@suse.de> X-Mailer: git-send-email 2.4.1 Subject: [alsa-devel] [PATCH] ALSA: hda - Fix NULL dereference from CA0132 DSP loader X-BeenThere: alsa-devel@alsa-project.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Alsa-devel mailing list for ALSA developers - http://www.alsa-project.org" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: alsa-devel-bounces@alsa-project.org Sender: alsa-devel-bounces@alsa-project.org X-Virus-Scanned: ClamAV using ClamSMTP The CA0132 DSP loader leads to NULL deference since the recent transition to HDA core code, as it unconditionally accesses hdac_stream->substream->runtime. For DSP loading, the substream shouldn't be assigned. This patch addresses the NULL dereference above in addition to assure the substream is cleared while DSP loading. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=98151 Signed-off-by: Takashi Iwai --- sound/hda/hdac_stream.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/sound/hda/hdac_stream.c b/sound/hda/hdac_stream.c index 52a894fe478f..4c15d0accc9e 100644 --- a/sound/hda/hdac_stream.c +++ b/sound/hda/hdac_stream.c @@ -139,9 +139,13 @@ EXPORT_SYMBOL_GPL(snd_hdac_stream_reset); int snd_hdac_stream_setup(struct hdac_stream *azx_dev) { struct hdac_bus *bus = azx_dev->bus; - struct snd_pcm_runtime *runtime = azx_dev->substream->runtime; + struct snd_pcm_runtime *runtime; unsigned int val; + if (azx_dev->substream) + runtime = azx_dev->substream->runtime; + else + runtime = NULL; /* make sure the run bit is zero for SD */ snd_hdac_stream_clear(azx_dev); /* program the stream_tag */ @@ -189,14 +193,15 @@ int snd_hdac_stream_setup(struct hdac_stream *azx_dev) * we ignore it; currently set the threshold statically to * 64 frames */ - if (runtime->period_size > 64) + if (runtime && runtime->period_size > 64) azx_dev->delay_negative_threshold = -frames_to_bytes(runtime, 64); else azx_dev->delay_negative_threshold = 0; /* wallclk has 24Mhz clock source */ - azx_dev->period_wallclk = (((runtime->period_size * 24000) / + if (runtime) + azx_dev->period_wallclk = (((runtime->period_size * 24000) / runtime->rate) * 1000); return 0; @@ -611,6 +616,7 @@ int snd_hdac_dsp_prepare(struct hdac_stream *azx_dev, unsigned int format, if (err < 0) goto err_alloc; + azx_dev->substream = NULL; azx_dev->bufsize = byte_size; azx_dev->period_bytes = byte_size; azx_dev->format_val = format;