Re: [PATCH v2 1/3] ASoC: sunxi: sun4i-spdif: Use guard() for spin locks

ARM Sunxi Platform Development
 help / color / mirror / Atom feed

From: sashiko-bot@kernel.org
To: phucduc.bui@gmail.com
Cc: linux-sunxi@lists.linux.dev
Subject: Re: [PATCH v2 1/3] ASoC: sunxi: sun4i-spdif: Use guard() for spin locks
Date: Fri, 22 May 2026 10:30:12 +0000	[thread overview]
Message-ID: <20260522103012.BC5FC1F00ADF@smtp.kernel.org> (raw)
In-Reply-To: <20260522095401.72915-2-phucduc.bui@gmail.com>

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [Critical] If `regmap_read()` fails in `sun4i_spdif_get_status()`, the local variable `reg` is left uninitialized, leading to a kernel stack information leak.
--

commit b943afeae6523774115b9e6d838ae64e650c95c5
Author: bui duc phuc <phucduc.bui@gmail.com>

ASoC: sunxi: sun4i-spdif: Use guard() for spin locks

This commit refactors the sun4i-spdif driver to use the scoped_guard() macro
for managing spin locks. The changes are intended as refactoring only, with
no functional changes to the driver's behavior.

> diff --git a/sound/soc/sunxi/sun4i-spdif.c b/sound/soc/sunxi/sun4i-spdif.c
> index c2ec19437cd7a..89eccc83a1301 100644
> --- a/sound/soc/sunxi/sun4i-spdif.c
> +++ b/sound/soc/sunxi/sun4i-spdif.c
> @@ -427,24 +427,21 @@ static int sun4i_spdif_get_status(struct snd_kcontrol *kcontrol,
>  	struct snd_soc_dai *cpu_dai = snd_kcontrol_chip(kcontrol);
>  	struct sun4i_spdif_dev *host = snd_soc_dai_get_drvdata(cpu_dai);
>  	u8 *status = ucontrol->value.iec958.status;
> -	unsigned long flags;
>  	unsigned int reg;
>  
> -	spin_lock_irqsave(&host->lock, flags);
> +	scoped_guard(spinlock_irqsave, &host->lock) {
> +		regmap_read(host->regmap, SUN4I_SPDIF_TXCHSTA0, &reg);

[Severity: Critical]
This is a pre-existing issue, but does this leak uninitialized kernel stack
memory to userspace?

The regmap_read() function can fail and return an error code without modifying
the reg variable. Since the return value isn't checked, the uninitialized
contents of reg are unpacked into the status array:

		status[0] = reg & 0xff;
		status[1] = (reg >> 8) & 0xff;
		status[2] = (reg >> 16) & 0xff;
		status[3] = (reg >> 24) & 0xff;

This array is subsequently copied back to userspace by the ALSA control
subsystem.

Should the return value of regmap_read() be checked, and an error returned
if it fails?

[ ... ]

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260522095401.72915-1-phucduc.bui@gmail.com?part=1

next prev parent reply	other threads:[~2026-05-22 10:30 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-22  9:53 [PATCH v2 0/3] ASoC: sunxi: sun4i-spdif: Cleanup and runtime PM improvements phucduc.bui
2026-05-22  9:53 ` [PATCH v2 1/3] ASoC: sunxi: sun4i-spdif: Use guard() for spin locks phucduc.bui
2026-05-22 10:30   ` sashiko-bot [this message]
2026-05-22  9:54 ` [PATCH v2 2/3] ASoC: sunxi: sun4i-spdif: Resume device before kcontrol register access phucduc.bui
2026-05-22 10:59   ` sashiko-bot
2026-05-22 19:19   ` Chen-Yu Tsai
2026-05-23 13:55     ` Bui Duc Phuc
2026-05-24  7:36       ` Chen-Yu Tsai
2026-05-26 12:16         ` Bui Duc Phuc
2026-05-27  7:13           ` Bui Duc Phuc
2026-05-22  9:54 ` [PATCH v2 3/3] ASoC: sunxi: sun4i-spdif: Reorder clock enable sequence phucduc.bui
2026-05-22 11:22   ` sashiko-bot
2026-05-22 19:20   ` Chen-Yu Tsai
2026-05-23 12:11     ` Bui Duc Phuc
2026-05-24  7:41       ` Chen-Yu Tsai
2026-05-24 17:19         ` Chen-Yu Tsai
2026-05-26  4:17           ` Bui Duc Phuc

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260522103012.BC5FC1F00ADF@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=linux-sunxi@lists.linux.dev \
    --cc=phucduc.bui@gmail.com \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox