Patch "ALSA: hda: Fix possible null-ptr-deref when assigning a stream" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    ALSA: hda: Fix possible null-ptr-deref when assigning a stream

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     alsa-hda-fix-possible-null-ptr-deref-when-assigning-.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 0db635981d0ec9fe5c562031eca31ae4f399fc18
Author: Cezary Rojewski <cezary.rojewski@xxxxxxxxx>
Date:   Fri Oct 6 12:28:55 2023 +0200

    ALSA: hda: Fix possible null-ptr-deref when assigning a stream
    
    [ Upstream commit f93dc90c2e8ed664985e366aa6459ac83cdab236 ]
    
    While AudioDSP drivers assign streams exclusively of HOST or LINK type,
    nothing blocks a user to attempt to assign a COUPLED stream. As
    supplied substream instance may be a stub, what is the case when
    code-loading, such scenario ends with null-ptr-deref.
    
    Signed-off-by: Cezary Rojewski <cezary.rojewski@xxxxxxxxx>
    Link: https://lore.kernel.org/r/20231006102857.749143-2-cezary.rojewski@xxxxxxxxx
    Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/sound/hda/hdac_stream.c b/sound/hda/hdac_stream.c
index eea22cf72aefd..ec95d0449bfe9 100644
--- a/sound/hda/hdac_stream.c
+++ b/sound/hda/hdac_stream.c
@@ -320,8 +320,10 @@ struct hdac_stream *snd_hdac_stream_assign(struct hdac_bus *bus,
 	struct hdac_stream *res = NULL;
 
 	/* make a non-zero unique key for the substream */
-	int key = (substream->pcm->device << 16) | (substream->number << 2) |
-		(substream->stream + 1);
+	int key = (substream->number << 2) | (substream->stream + 1);
+
+	if (substream->pcm)
+		key |= (substream->pcm->device << 16);
 
 	spin_lock_irq(&bus->reg_lock);
 	list_for_each_entry(azx_dev, &bus->stream_list, list) {



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux