From: Pavel Machek <pavel@ucw.cz>
To: Kees Cook <keescook@chromium.org>
Cc: Mark Brown <broonie@kernel.org>, Takashi Iwai <tiwai@suse.com>,
Liam Girdwood <lgirdwood@gmail.com>,
Jaroslav Kysela <perex@perex.cz>,
moderated for non-subscribers <alsa-devel@alsa-project.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] ASoC: soc-core: Add missing NULL check
Date: Fri, 9 Mar 2018 20:35:23 +0100 [thread overview]
Message-ID: <20180309193523.GA2977@amd> (raw)
In-Reply-To: <CAGXu5jJo2JVXKV+nieGwzH0XOPpzzo4DmYy0L05iZD6wwO1vGg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1722 bytes --]
On Fri 2018-03-09 10:45:16, Kees Cook wrote:
> On Fri, Mar 9, 2018 at 4:50 AM, Mark Brown <broonie@kernel.org> wrote:
> > On Thu, Mar 08, 2018 at 12:06:53PM -0800, Kees Cook wrote:
> >
> >> If a codec is not attached to the sound soc, a NULL deref is possible as a
> >> regular user in /sys.
> >
> > I can't parse this, sorry. What is the "sound soc"?
>
> SoC's sound component? I'm not sure either. :) I was just sending the
> patch that I mentioned from the thread where Pavel mentioned this
> Oops.
>
> Pavel, can you isolate the specific file that is causing the oops?
> (Maybe this patch should be a WARN() instead of silent return 0, since
> we still don't want to crash, but it should be considered a bug...)
Crash is reproducible on linux-next on Nokia N900. But I seen hang on
Nokia N9, with different kernel, that may be related.
And yes, WARN() would be nicer.
> >> +++ b/sound/soc/soc-core.c
> >> @@ -137,6 +137,9 @@ static ssize_t soc_codec_reg_show(struct snd_soc_codec *codec, char *buf,
> >> size_t total = 0;
> >> loff_t p = 0;
> >>
> >> + if (!codec || !codec->driver)
> >> + return 0;
> >> +
> >
> > How are we managing to create a sysfs file for a CODEC which doesn't
> > have a CODEC struct associated with it? That is obviously nonsensical
> > and suggests we've got some more serious problem going on here - if
> > there's no CODEC those sysfs attributes simply shouldn't be there.
>
> No idea! Hopefully Pavel has more details...
Pavel probably can reproduce it...
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2018-03-09 19:35 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-08 20:06 [PATCH] ASoC: soc-core: Add missing NULL check Kees Cook
2018-03-09 12:50 ` Mark Brown
2018-03-09 12:50 ` Mark Brown
2018-03-09 18:45 ` Kees Cook
2018-03-09 19:35 ` Pavel Machek [this message]
2018-03-09 20:22 ` Mark Brown
2018-03-09 20:22 ` Mark Brown
2018-03-12 10:31 ` Charles Keepax
2018-03-12 10:31 ` [alsa-devel] " Charles Keepax
2018-03-12 16:02 ` Mark Brown
2018-03-12 16:02 ` [alsa-devel] " Mark Brown
2018-03-09 20:19 ` Pavel Machek
2018-03-09 20:19 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180309193523.GA2977@amd \
--to=pavel@ucw.cz \
--cc=alsa-devel@alsa-project.org \
--cc=broonie@kernel.org \
--cc=keescook@chromium.org \
--cc=lgirdwood@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=perex@perex.cz \
--cc=tiwai@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.