On Fri, Feb 24, 2017 at 11:48:41AM +0900, Takashi Sakamoto wrote: > In 'skl_tplg_set_module_init_data()', a pointer to 'params' member of > 'struct skl_algo_data' is calculated, then casted to (u32 *) and assigned > to a member of configuration data. The configuration data is passed to the > other functions and used to process intel IPC. In this processing, the > value of member is used to get message data, however this can bring invalid > memory access in 'skl_set_module_params()' as a result of calculation of > a pointer for actual message data. > > (sound/soc/intel/skylake/skl-topology.c) > skl_tplg_init_pipe_modules() > ->skl_tplg_set_module_init_data() (has this bug) > ->skl_tplg_set_module_params() > (sound/soc/intel/skylake/skl-messages.c) > ->skl_set_module_params() > ((char *)param) + data_offset > > This commit fixes the bug. Thanks Takashi San for the fix Acked-by: Vinod Koul <vinod.koul@xxxxxxxxx> -- ~Vinod