* [PATCH 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management
@ 2024-11-07 13:39 Peter Ujfalusi
2024-11-07 13:39 ` [PATCH 1/2] ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Peter Ujfalusi
2024-11-07 13:39 ` [PATCH 2/2] ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close Peter Ujfalusi
0 siblings, 2 replies; 5+ messages in thread
From: Peter Ujfalusi @ 2024-11-07 13:39 UTC (permalink / raw)
To: lgirdwood, broonie
Cc: linux-sound, kai.vehmanen, ranjani.sridharan, yung-chuan.liao,
pierre-louis.bossart, liam.r.girdwood, cujomalainey,
daniel.baluta
Hi,
The nullity of sps->cstream needs to be checked in sof_ipc_msg_data()
and not assume that it is not NULL.
The sps->stream must be cleared to NULL on close since this is used
as a check to see if we have active PCM stream.
Regards,
Peter
---
Peter Ujfalusi (2):
ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
sound/soc/sof/pcm.c | 2 ++
sound/soc/sof/stream-ipc.c | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
--
2.47.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
2024-11-07 13:39 [PATCH 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management Peter Ujfalusi
@ 2024-11-07 13:39 ` Peter Ujfalusi
2024-11-07 13:39 ` [PATCH 2/2] ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close Peter Ujfalusi
1 sibling, 0 replies; 5+ messages in thread
From: Peter Ujfalusi @ 2024-11-07 13:39 UTC (permalink / raw)
To: lgirdwood, broonie
Cc: linux-sound, kai.vehmanen, ranjani.sridharan, yung-chuan.liao,
pierre-louis.bossart, liam.r.girdwood, cujomalainey,
daniel.baluta
The nullity of sps->cstream should be checked similarly as it is done in
sof_set_stream_data_offset() function.
Assuming that it is not NULL if sps->stream is NULL is incorrect and can
lead to NULL pointer dereference.
Fixes: ef8ba9f79953 ("ASoC: SOF: Add support for compress API for stream data/offset")
Cc: stable@vger.kernel.org
Reported-by: Curtis Malainey <cujomalainey@chromium.org>
Closes: https://github.com/thesofproject/linux/pull/5214
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
Reviewed-by: Daniel Baluta <daniel.baluta@nxp.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Reviewed-by: Curtis Malainey <cujomalainey@chromium.org>
---
sound/soc/sof/stream-ipc.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/stream-ipc.c b/sound/soc/sof/stream-ipc.c
index 794c7bbccbaf..8262443ac89a 100644
--- a/sound/soc/sof/stream-ipc.c
+++ b/sound/soc/sof/stream-ipc.c
@@ -43,7 +43,7 @@ int sof_ipc_msg_data(struct snd_sof_dev *sdev,
return -ESTRPIPE;
posn_offset = stream->posn_offset;
- } else {
+ } else if (sps->cstream) {
struct sof_compr_stream *sstream = sps->cstream->runtime->private_data;
@@ -51,6 +51,10 @@ int sof_ipc_msg_data(struct snd_sof_dev *sdev,
return -ESTRPIPE;
posn_offset = sstream->posn_offset;
+
+ } else {
+ dev_err(sdev->dev, "%s: No stream opened\n", __func__);
+ return -EINVAL;
}
snd_sof_dsp_mailbox_read(sdev, posn_offset, p, sz);
--
2.47.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH 2/2] ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
2024-11-07 13:39 [PATCH 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management Peter Ujfalusi
2024-11-07 13:39 ` [PATCH 1/2] ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Peter Ujfalusi
@ 2024-11-07 13:39 ` Peter Ujfalusi
1 sibling, 0 replies; 5+ messages in thread
From: Peter Ujfalusi @ 2024-11-07 13:39 UTC (permalink / raw)
To: lgirdwood, broonie
Cc: linux-sound, kai.vehmanen, ranjani.sridharan, yung-chuan.liao,
pierre-louis.bossart, liam.r.girdwood, cujomalainey,
daniel.baluta
The spcm->stream[substream->stream].substream is set during open and was
left untouched. After the first PCM stream it will never be NULL and we
have code which checks for substream NULLity as indication if the stream is
active or not.
For the compressed cstream pointer the same has been done, this change will
correct the handling of PCM streams.
Fixes: ef8ba9f79953 ("ASoC: SOF: Add support for compress API for stream data/offset")
Cc: stable@vger.kernel.org
Reported-by: Curtis Malainey <cujomalainey@chromium.org>
Closes: https://github.com/thesofproject/linux/pull/5214
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
Reviewed-by: Daniel Baluta <daniel.baluta@nxp.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Reviewed-by: Curtis Malainey <cujomalainey@chromium.org>
---
sound/soc/sof/pcm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/sof/pcm.c b/sound/soc/sof/pcm.c
index 35a7462d8b69..c5c6353f18ce 100644
--- a/sound/soc/sof/pcm.c
+++ b/sound/soc/sof/pcm.c
@@ -511,6 +511,8 @@ static int sof_pcm_close(struct snd_soc_component *component,
*/
}
+ spcm->stream[substream->stream].substream = NULL;
+
return 0;
}
--
2.47.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management
@ 2024-12-13 13:13 Peter Ujfalusi
2024-12-13 13:13 ` [PATCH 1/2] ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Peter Ujfalusi
0 siblings, 1 reply; 5+ messages in thread
From: Peter Ujfalusi @ 2024-12-13 13:13 UTC (permalink / raw)
To: lgirdwood, broonie
Cc: linux-sound, kai.vehmanen, ranjani.sridharan, yung-chuan.liao,
pierre-louis.bossart, stable, cujomalainey, daniel.baluta
Hi,
The Nullity of sps->cstream needs to be checked in sof_ipc_msg_data() and not
assume that it is not NULL.
The sps->stream must be cleared to NULL on close since this is used as a check
to see if we have active PCM stream.
Regards,
Peter
---
Peter Ujfalusi (2):
ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
sound/soc/sof/pcm.c | 2 ++
sound/soc/sof/stream-ipc.c | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
--
2.47.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
2024-12-13 13:13 [PATCH 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management Peter Ujfalusi
@ 2024-12-13 13:13 ` Peter Ujfalusi
2024-12-16 12:30 ` Mark Brown
0 siblings, 1 reply; 5+ messages in thread
From: Peter Ujfalusi @ 2024-12-13 13:13 UTC (permalink / raw)
To: lgirdwood, broonie
Cc: linux-sound, kai.vehmanen, ranjani.sridharan, yung-chuan.liao,
pierre-louis.bossart, stable, cujomalainey, daniel.baluta
The nullity of sps->cstream should be checked similarly as it is done in
sof_set_stream_data_offset() function.
Assuming that it is not NULL if sps->stream is NULL is incorrect and can
lead to NULL pointer dereference.
Fixes: ef8ba9f79953 ("ASoC: SOF: Add support for compress API for stream data/offset")
Cc: stable@vger.kernel.org
Reported-by: Curtis Malainey <cujomalainey@chromium.org>
Closes: https://github.com/thesofproject/linux/pull/5214
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
Reviewed-by: Daniel Baluta <daniel.baluta@nxp.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Reviewed-by: Curtis Malainey <cujomalainey@chromium.org>
---
sound/soc/sof/stream-ipc.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/stream-ipc.c b/sound/soc/sof/stream-ipc.c
index 794c7bbccbaf..8262443ac89a 100644
--- a/sound/soc/sof/stream-ipc.c
+++ b/sound/soc/sof/stream-ipc.c
@@ -43,7 +43,7 @@ int sof_ipc_msg_data(struct snd_sof_dev *sdev,
return -ESTRPIPE;
posn_offset = stream->posn_offset;
- } else {
+ } else if (sps->cstream) {
struct sof_compr_stream *sstream = sps->cstream->runtime->private_data;
@@ -51,6 +51,10 @@ int sof_ipc_msg_data(struct snd_sof_dev *sdev,
return -ESTRPIPE;
posn_offset = sstream->posn_offset;
+
+ } else {
+ dev_err(sdev->dev, "%s: No stream opened\n", __func__);
+ return -EINVAL;
}
snd_sof_dsp_mailbox_read(sdev, posn_offset, p, sz);
--
2.47.1
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH 1/2] ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
2024-12-13 13:13 ` [PATCH 1/2] ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Peter Ujfalusi
@ 2024-12-16 12:30 ` Mark Brown
0 siblings, 0 replies; 5+ messages in thread
From: Mark Brown @ 2024-12-16 12:30 UTC (permalink / raw)
To: Peter Ujfalusi
Cc: lgirdwood, linux-sound, kai.vehmanen, ranjani.sridharan,
yung-chuan.liao, pierre-louis.bossart, stable, cujomalainey,
daniel.baluta
[-- Attachment #1: Type: text/plain, Size: 211 bytes --]
On Fri, Dec 13, 2024 at 03:13:17PM +0200, Peter Ujfalusi wrote:
> Fixes: ef8ba9f79953 ("ASoC: SOF: Add support for compress API for stream data/offset")
> Cc: stable@vger.kernel.org
This commit doesn't exist.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-12-16 12:30 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-07 13:39 [PATCH 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management Peter Ujfalusi
2024-11-07 13:39 ` [PATCH 1/2] ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Peter Ujfalusi
2024-11-07 13:39 ` [PATCH 2/2] ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close Peter Ujfalusi
-- strict thread matches above, loose matches on Subject: below --
2024-12-13 13:13 [PATCH 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management Peter Ujfalusi
2024-12-13 13:13 ` [PATCH 1/2] ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Peter Ujfalusi
2024-12-16 12:30 ` Mark Brown
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox