From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F00E5267733; Wed, 30 Jul 2025 09:43:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753868582; cv=none; b=EI9ihM91PtBvYmRGaHvfA133HXAPFLUy/pQV+jYkcranBv2pSPYRj0wd2RTNACjgzvPCCQPxW8LyANxN2Js83gzL2K6tKCoSeyt9Fy9DCvdU0aqJmQuROHP+QnODDxrrBaU1k8s5I0vFje8Tjtj9es5Jv2IFD/aaPUYiWsdnPW8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753868582; c=relaxed/simple; bh=falxwSb1B8ZDeEGk+yTdRcnn9D6JTpJlO9x0TIbC/z8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=h6Q3f50QgvUgeilSf22lzsB+e5GS7Y8Es+mg0pIXtbBW4mMiyQPiklwoSoG6qRTyDw7HigxfbVW6ylTRMrCY/kT2/iNqTq/Y1/pBJGoZeF9DT9gZLmmZuAiBY6ubwaqfuaBFJ6nm2lZIePf5J8q0jSQbF0P0aHgGfIsBP9q5mbE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=0SeaGIC8; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="0SeaGIC8" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2B626C4CEE7; Wed, 30 Jul 2025 09:43:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1753868581; bh=falxwSb1B8ZDeEGk+yTdRcnn9D6JTpJlO9x0TIbC/z8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0SeaGIC8MU5SNMMGn9YHiMefe+umTZW6nxMB6N0cNjJgxqg7GjJDHLR8HA/bO467W MR+tOS0meru60xxXvy+uQd1S4oYIGdQyTlik18+ODOF+wQqRnS5mWd3hKSzBr9vnJ5 A2m+wzhVgN+l645bAdJ+QuSnBAvlGjAqzvMF356U= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Guoqing Jiang , AngeloGioacchino Del Regno , Mark Brown , Sasha Levin Subject: [PATCH 6.12 022/117] ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv Date: Wed, 30 Jul 2025 11:34:51 +0200 Message-ID: <20250730093234.437672848@linuxfoundation.org> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250730093233.592541778@linuxfoundation.org> References: <20250730093233.592541778@linuxfoundation.org> User-Agent: quilt/0.68 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.12-stable review patch. If anyone has any objections, please let me know. ------------------ From: Guoqing Jiang [ Upstream commit 6bea85979d05470e6416a2bb504a9bcd9178304c ] Given mt8365_dai_set_priv allocate priv_size space to copy priv_data which means we should pass mt8365_i2s_priv[i] or "struct mtk_afe_i2s_priv" instead of afe_priv which has the size of "struct mt8365_afe_private". Otherwise the KASAN complains about. [ 59.389765] BUG: KASAN: global-out-of-bounds in mt8365_dai_set_priv+0xc8/0x168 [snd_soc_mt8365_pcm] ... [ 59.394789] Call trace: [ 59.395167] dump_backtrace+0xa0/0x128 [ 59.395733] show_stack+0x20/0x38 [ 59.396238] dump_stack_lvl+0xe8/0x148 [ 59.396806] print_report+0x37c/0x5e0 [ 59.397358] kasan_report+0xac/0xf8 [ 59.397885] kasan_check_range+0xe8/0x190 [ 59.398485] asan_memcpy+0x3c/0x98 [ 59.399022] mt8365_dai_set_priv+0xc8/0x168 [snd_soc_mt8365_pcm] [ 59.399928] mt8365_dai_i2s_register+0x1e8/0x2b0 [snd_soc_mt8365_pcm] [ 59.400893] mt8365_afe_pcm_dev_probe+0x4d0/0xdf0 [snd_soc_mt8365_pcm] [ 59.401873] platform_probe+0xcc/0x228 [ 59.402442] really_probe+0x340/0x9e8 [ 59.402992] driver_probe_device+0x16c/0x3f8 [ 59.403638] driver_probe_device+0x64/0x1d8 [ 59.404256] driver_attach+0x1dc/0x4c8 [ 59.404840] bus_for_each_dev+0x100/0x190 [ 59.405442] driver_attach+0x44/0x68 [ 59.405980] bus_add_driver+0x23c/0x500 [ 59.406550] driver_register+0xf8/0x3d0 [ 59.407122] platform_driver_register+0x68/0x98 [ 59.407810] mt8365_afe_pcm_driver_init+0x2c/0xff8 [snd_soc_mt8365_pcm] Fixes: 402bbb13a195 ("ASoC: mediatek: mt8365: Add I2S DAI support") Signed-off-by: Guoqing Jiang Reviewed-by: AngeloGioacchino Del Regno Link: https://patch.msgid.link/20250710011806.134507-1-guoqing.jiang@canonical.com Signed-off-by: Mark Brown Signed-off-by: Sasha Levin --- sound/soc/mediatek/mt8365/mt8365-dai-i2s.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sound/soc/mediatek/mt8365/mt8365-dai-i2s.c b/sound/soc/mediatek/mt8365/mt8365-dai-i2s.c index 11b9a5bc71638..89575bb8afedd 100644 --- a/sound/soc/mediatek/mt8365/mt8365-dai-i2s.c +++ b/sound/soc/mediatek/mt8365/mt8365-dai-i2s.c @@ -812,11 +812,10 @@ static const struct snd_soc_dapm_route mtk_dai_i2s_routes[] = { static int mt8365_dai_i2s_set_priv(struct mtk_base_afe *afe) { int i, ret; - struct mt8365_afe_private *afe_priv = afe->platform_priv; for (i = 0; i < DAI_I2S_NUM; i++) { ret = mt8365_dai_set_priv(afe, mt8365_i2s_priv[i].id, - sizeof(*afe_priv), + sizeof(mt8365_i2s_priv[i]), &mt8365_i2s_priv[i]); if (ret) return ret; -- 2.39.5