From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A6C69824A3; Mon, 24 Feb 2025 14:46:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740408394; cv=none; b=Gv2GpZTnHDPBsVUqsRg7k0QtKvAxAt3TRLJw//BqBiiICTDz4k+uKNQ8nJC/XOpIkJob8JrilrlLv7NzSopN0PYJANdYBUJb0UQWIXfd0717CRWUyJrj53woXEeXkUPK+H4YNPYuNPLkvmqJj+Kea1O0sV3diJIUXJeKnTLECiU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740408394; c=relaxed/simple; bh=m5QPZXxyauMCxdHImZlQ52wxUY5ocwLfqWxZEeOy4gE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PsbuvCOiY3kjRrCoLOUsRashuxLFrSxdv+ODGaUzcKjqKrHUIvlFoUnuwrn6L0bEr4vKvESiueA1zf9De2szb4zHg8eBqZqWzKfscuIG+KswUeMXWiHLVaRzDXRKaoWGGT9tXvsnqbOCrYFunBU9XrDsoEJ6EPQjwlrBfIGhSVA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=DNwVgcLw; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="DNwVgcLw" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 12B2AC4CED6; Mon, 24 Feb 2025 14:46:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1740408394; bh=m5QPZXxyauMCxdHImZlQ52wxUY5ocwLfqWxZEeOy4gE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DNwVgcLwrEROA/Y9VoYxsLw0403WtF2q5ci9QU2bl0S3fPGKGGqMNzl2PjYcbLVfg OLnPIs9Bm0XomeBeElcwnyevxJP9Iq2qLSfM774MVH06uDI5bhOKnghjwp4GnvldzX V3MoR4m+24Ynkd3wYwW6mU/soVcFAVh8LuG9fu2w= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Seppo Ingalsuo , Peter Ujfalusi , Liam Girdwood , Ranjani Sridharan , Bard Liao , Mark Brown , Sasha Levin Subject: [PATCH 6.12 045/154] ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Date: Mon, 24 Feb 2025 15:34:04 +0100 Message-ID: <20250224142608.858671175@linuxfoundation.org> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250224142607.058226288@linuxfoundation.org> References: <20250224142607.058226288@linuxfoundation.org> User-Agent: quilt/0.68 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.12-stable review patch. If anyone has any objections, please let me know. ------------------ From: Peter Ujfalusi [ Upstream commit 6fd60136d256b3b948333ebdb3835f41a95ab7ef ] Other, non DAI copier widgets could have the same stream name (sname) as the ALH copier and in that case the copier->data is NULL, no alh_data is attached, which could lead to NULL pointer dereference. We could check for this NULL pointer in sof_ipc4_prepare_copier_module() and avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai() will miscalculate the ALH device count, causing broken audio. The correct fix is to harden the matching logic by making sure that the 1. widget is a DAI widget - so dai = w->private is valid 2. the dai (and thus the copier) is ALH copier Fixes: a150345aa758 ("ASoC: SOF: ipc4-topology: add SoundWire/ALH aggregation support") Reported-by: Seppo Ingalsuo Link: https://github.com/thesofproject/sof/pull/9652 Signed-off-by: Peter Ujfalusi Reviewed-by: Liam Girdwood Reviewed-by: Ranjani Sridharan Reviewed-by: Bard Liao Link: https://patch.msgid.link/20250206084642.14988-1-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown Signed-off-by: Sasha Levin --- sound/soc/sof/ipc4-topology.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c index 240fee2166d12..f82db7f2a6b7e 100644 --- a/sound/soc/sof/ipc4-topology.c +++ b/sound/soc/sof/ipc4-topology.c @@ -671,10 +671,16 @@ static int sof_ipc4_widget_setup_comp_dai(struct snd_sof_widget *swidget) } list_for_each_entry(w, &sdev->widget_list, list) { - if (w->widget->sname && + struct snd_sof_dai *alh_dai; + + if (!WIDGET_IS_DAI(w->id) || !w->widget->sname || strcmp(w->widget->sname, swidget->widget->sname)) continue; + alh_dai = w->private; + if (alh_dai->type != SOF_DAI_INTEL_ALH) + continue; + blob->alh_cfg.device_count++; } @@ -1973,11 +1979,13 @@ sof_ipc4_prepare_copier_module(struct snd_sof_widget *swidget, list_for_each_entry(w, &sdev->widget_list, list) { u32 node_type; - if (w->widget->sname && + if (!WIDGET_IS_DAI(w->id) || !w->widget->sname || strcmp(w->widget->sname, swidget->widget->sname)) continue; dai = w->private; + if (dai->type != SOF_DAI_INTEL_ALH) + continue; alh_copier = (struct sof_ipc4_copier *)dai->private; alh_data = &alh_copier->data; node_type = SOF_IPC4_GET_NODE_TYPE(alh_data->gtw_cfg.node_id); -- 2.39.5