| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a464eb64-4c07-41d0-989a-bdc9eaae9acf@linux.intel.com>
Date: Thu, 23 Oct 2025 09:39:28 +0300
From: Péter Ujfalusi <peter.ujfalusi@...ux.intel.com>
To: Chen-Yu Tsai <wenst@...omium.org>, Liam Girdwood <lgirdwood@...il.com>,
Bard Liao <yung-chuan.liao@...ux.intel.com>,
Ranjani Sridharan <ranjani.sridharan@...ux.intel.com>,
Daniel Baluta <daniel.baluta@....com>,
Kai Vehmanen <kai.vehmanen@...ux.intel.com>,
Pierre-Louis Bossart <pierre-louis.bossart@...ux.dev>,
Mark Brown <broonie@...nel.org>, Jaroslav Kysela <perex@...ex.cz>,
Takashi Iwai <tiwai@...e.com>
Cc: sound-open-firmware@...a-project.org, linux-sound@...r.kernel.org,
linux-kernel@...r.kernel.org, Matthias Brugger <matthias.bgg@...il.com>,
AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>,
linux-mediatek@...ts.infradead.org
Subject: Re: [PATCH] ASoC: SOF: Fix function topology name check in profile
info output
On 23/10/2025 09:12, Chen-Yu Tsai wrote:
> The function topology feature, and the plat_data->machine field that
> specifies this feature, is ACPI specific. The check didn't take this
> into consideration, which causes a NULL pointer dereference splat on
> OF platforms:
>
> BUG: KASAN: null-ptr-deref in sof_create_ipc_file_profile (sound/soc/sof/fw-file-profile.c:291 sound/soc/sof/fw-file-profile.c:340) snd_sof
> Read of size 8 at addr 00000000000000c8 by task (udev-worker)/247
>
> CPU: 7 UID: 0 PID: 247 Comm: (udev-worker) Not tainted 6.18.0-rc2-next-20251023-03804-g93b191bc0c26-dirty #747 PREEMPT ba3c303a11d89508de4087cb5b4f8985b6d87b6f
> Hardware name: Google Ciri sku2 board (DT)
> Call trace:
> [KASAN stuff]
> sof_create_ipc_file_profile (sound/soc/sof/fw-file-profile.c:291 sound/soc/sof/fw-file-profile.c:340) snd_sof
> snd_sof_device_probe (sound/soc/sof/core.c:304 sound/soc/sof/core.c:388 sound/soc/sof/core.c:460 sound/soc/sof/core.c:719) snd_sof
> sof_of_probe (sound/soc/sof/sof-of-dev.c:84) snd_sof_of
> platform_probe (drivers/base/platform.c:1405)
> [...]
>
> Check that the ACPI specific field is actually valid before accessing
> it.
>
> This was seen on a MediaTek based Chromebook.
Acked-by: Peter Ujfalusi <peter.ujfalusi@...ux.intel.com>
>
> Fixes: 2b92b98cc476 ("ASoC: SOF: Don't print the monolithic topology name if function topology may be used")
> Cc: Bard Liao <yung-chuan.liao@...ux.intel.com>
> Signed-off-by: Chen-Yu Tsai <wenst@...omium.org>
> ---
> sound/soc/sof/fw-file-profile.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/sound/soc/sof/fw-file-profile.c b/sound/soc/sof/fw-file-profile.c
> index 4a2afc04f338..76bde2e0be1d 100644
> --- a/sound/soc/sof/fw-file-profile.c
> +++ b/sound/soc/sof/fw-file-profile.c
> @@ -288,7 +288,8 @@ static void sof_print_profile_info(struct snd_sof_dev *sdev,
> if (profile->fw_lib_path)
> dev_info(dev, " Firmware lib path: %s\n", profile->fw_lib_path);
>
> - if (plat_data->machine->get_function_tplg_files && !plat_data->disable_function_topology)
> + if (plat_data->machine && plat_data->machine->get_function_tplg_files &&
> + !plat_data->disable_function_topology)
> dev_info(dev, " Topology file: function topologies\n");
> else
> dev_info(dev, " Topology file: %s/%s\n",
--
Péter
Powered by blists - more mailing lists