| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251023061226.1127345-1-wenst@chromium.org>
Date: Thu, 23 Oct 2025 14:12:24 +0800
From: Chen-Yu Tsai <wenst@...omium.org>
To: Liam Girdwood <lgirdwood@...il.com>,
Peter Ujfalusi <peter.ujfalusi@...ux.intel.com>,
Bard Liao <yung-chuan.liao@...ux.intel.com>,
Ranjani Sridharan <ranjani.sridharan@...ux.intel.com>,
Daniel Baluta <daniel.baluta@....com>,
Kai Vehmanen <kai.vehmanen@...ux.intel.com>,
Pierre-Louis Bossart <pierre-louis.bossart@...ux.dev>,
Mark Brown <broonie@...nel.org>,
Jaroslav Kysela <perex@...ex.cz>,
Takashi Iwai <tiwai@...e.com>
Cc: Chen-Yu Tsai <wenst@...omium.org>,
sound-open-firmware@...a-project.org,
linux-sound@...r.kernel.org,
linux-kernel@...r.kernel.org,
Matthias Brugger <matthias.bgg@...il.com>,
AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>,
linux-mediatek@...ts.infradead.org
Subject: [PATCH] ASoC: SOF: Fix function topology name check in profile info output
The function topology feature, and the plat_data->machine field that
specifies this feature, is ACPI specific. The check didn't take this
into consideration, which causes a NULL pointer dereference splat on
OF platforms:
BUG: KASAN: null-ptr-deref in sof_create_ipc_file_profile (sound/soc/sof/fw-file-profile.c:291 sound/soc/sof/fw-file-profile.c:340) snd_sof
Read of size 8 at addr 00000000000000c8 by task (udev-worker)/247
CPU: 7 UID: 0 PID: 247 Comm: (udev-worker) Not tainted 6.18.0-rc2-next-20251023-03804-g93b191bc0c26-dirty #747 PREEMPT ba3c303a11d89508de4087cb5b4f8985b6d87b6f
Hardware name: Google Ciri sku2 board (DT)
Call trace:
[KASAN stuff]
sof_create_ipc_file_profile (sound/soc/sof/fw-file-profile.c:291 sound/soc/sof/fw-file-profile.c:340) snd_sof
snd_sof_device_probe (sound/soc/sof/core.c:304 sound/soc/sof/core.c:388 sound/soc/sof/core.c:460 sound/soc/sof/core.c:719) snd_sof
sof_of_probe (sound/soc/sof/sof-of-dev.c:84) snd_sof_of
platform_probe (drivers/base/platform.c:1405)
[...]
Check that the ACPI specific field is actually valid before accessing
it.
This was seen on a MediaTek based Chromebook.
Fixes: 2b92b98cc476 ("ASoC: SOF: Don't print the monolithic topology name if function topology may be used")
Cc: Bard Liao <yung-chuan.liao@...ux.intel.com>
Signed-off-by: Chen-Yu Tsai <wenst@...omium.org>
---
sound/soc/sof/fw-file-profile.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/fw-file-profile.c b/sound/soc/sof/fw-file-profile.c
index 4a2afc04f338..76bde2e0be1d 100644
--- a/sound/soc/sof/fw-file-profile.c
+++ b/sound/soc/sof/fw-file-profile.c
@@ -288,7 +288,8 @@ static void sof_print_profile_info(struct snd_sof_dev *sdev,
if (profile->fw_lib_path)
dev_info(dev, " Firmware lib path: %s\n", profile->fw_lib_path);
- if (plat_data->machine->get_function_tplg_files && !plat_data->disable_function_topology)
+ if (plat_data->machine && plat_data->machine->get_function_tplg_files &&
+ !plat_data->disable_function_topology)
dev_info(dev, " Topology file: function topologies\n");
else
dev_info(dev, " Topology file: %s/%s\n",
--
2.51.1.814.gb8fa24458f-goog
Powered by blists - more mailing lists