mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-15 23:25:07 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Krzysztof Kozlowski 6e2628dfad soundwire: stream: fix NULL pointer dereference for multi_link 
commit e199bf52ff upstream.

If bus is marked as multi_link, but number of masters in the stream is
not higher than bus->hw_sync_min_links (bus->multi_link && m_rt_count >=
bus->hw_sync_min_links), bank switching should not happen.  The first
part of do_bank_switch() code properly takes these conditions into
account, but second part (sdw_ml_sync_bank_switch()) relies purely on
bus->multi_link property.  This is not balanced and leads to NULL
pointer dereference:

  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
  ...
  Call trace:
   wait_for_completion_timeout+0x124/0x1f0
   do_bank_switch+0x370/0x6f8
   sdw_prepare_stream+0x2d0/0x438
   qcom_snd_sdw_prepare+0xa0/0x118
   sm8450_snd_prepare+0x128/0x148
   snd_soc_link_prepare+0x5c/0xe8
   __soc_pcm_prepare+0x28/0x1ec
   dpcm_be_dai_prepare+0x1e0/0x2c0
   dpcm_fe_dai_prepare+0x108/0x28c
   snd_pcm_do_prepare+0x44/0x68
   snd_pcm_action_single+0x54/0xc0
   snd_pcm_action_nonatomic+0xe4/0xec
   snd_pcm_prepare+0xc4/0x114
   snd_pcm_common_ioctl+0x1154/0x1cc0
   snd_pcm_ioctl+0x54/0x74

Fixes: ce6e74d008 ("soundwire: Add support for multi link bank switch")
Cc: stable@vger.kernel.org
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20231124180136.390621-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-20 15:44:36 +01:00
..
accessibility
acpi ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA 2023-12-08 08:46:10 +01:00
amba amba: bus: fix refcount leak 2023-09-19 12:20:19 +02:00
android
ata ata: pata_isapnp: Add missing error check for devm_ioport_map() 2023-12-08 08:46:08 +01:00
atm atm: solos-pci: Fix potential deadlock on &tx_queue_lock 2023-12-20 15:44:28 +01:00
auxdisplay
base devcoredump: Send uevent once devcd is ready 2023-12-13 18:27:07 +01:00
bcma
block rbd: take header_rwsem in rbd_dev_refresh() only when updating 2023-10-10 21:53:36 +02:00
bluetooth Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE 2023-11-28 16:55:00 +00:00
bus bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up 2023-10-10 21:53:31 +02:00
cdrom
char hwrng: geode - fix accessing registers 2023-11-20 11:06:50 +01:00
clk clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks 2023-11-28 16:54:57 +00:00
clocksource clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware 2023-11-28 16:54:49 +00:00
connector
counter counter: microchip-tcb-capture: Fix the use of internal GCLK logic 2023-10-25 11:54:16 +02:00
cpufreq cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily 2023-12-08 08:46:15 +01:00
cpuidle powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT 2023-09-19 12:20:15 +02:00
crypto crypto: qat - increase size of buffers 2023-11-20 11:06:50 +01:00
dax
dca
devfreq PM / devfreq: rockchip-dfi: Make pmu regmap mandatory 2023-11-20 11:06:45 +01:00
dio
dma dmaengine: stm32-mdma: correct desc prep when channel running 2023-11-28 16:54:58 +00:00
dma-buf
edac
eisa
extcon
firewire firewire: core: fix possible memory leak in create_units() 2023-12-08 08:46:12 +01:00
firmware firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit 2023-11-28 16:54:57 +00:00
fpga
fsi fsi: aspeed: Reset master errors after CFAM reset 2023-09-19 12:20:18 +02:00
gnss
gpio gpiolib: sysfs: Fix error handling on failed export 2023-12-13 18:27:04 +01:00
gpu drm/mediatek: Add spinlock for setting vblank event in atomic_begin 2023-12-20 15:44:31 +01:00
greybus
hid HID: hid-asus: add const to read-only outgoing usb buffer 2023-12-20 15:44:36 +01:00
hsi
hv
hwmon hwmon: (acpi_power_meter) Fix 4.29 MW bug 2023-12-13 18:27:01 +01:00
hwspinlock
hwtracing coresight: tmc: Explicit type conversions to prevent integer overflow 2023-09-19 12:20:18 +02:00
i2c i2c: designware: Fix corrupted memory seen in the ISR 2023-12-13 18:26:56 +01:00
i3c i3c: master: cdns: Fix reading status register 2023-11-28 16:54:58 +00:00
ide
idle
iio iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds 2023-11-08 17:30:45 +01:00
infiniband RDMA/bnxt_re: Correct module description string 2023-12-13 18:27:01 +01:00
input Input: xpad - add HyperX Clutch Gladiate Support 2023-12-08 08:46:13 +01:00
interconnect interconnect: qcom: Add support for mask-based BCMs 2023-11-28 16:55:02 +00:00
iommu iommu/vt-d: Add MTL to quirk list to skip TE disabling 2023-12-08 08:46:12 +01:00
ipack
irqchip irqchip/stm32-exti: add missing DT IRQ flag translation 2023-11-08 17:30:48 +01:00
isdn
leds leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' 2023-11-20 11:06:52 +01:00
lightnvm
macintosh
mailbox
mcb mcb: fix error handling for different scenarios when parsing 2023-11-28 16:54:58 +00:00
md bcache: avoid NULL checking to c->root in run_cache_set() 2023-12-20 15:44:33 +01:00
media media: ccs: Correctly initialise try compose rectangle 2023-12-08 08:46:09 +01:00
memory
memstick
message
mfd mfd: dln2: Fix double put in dln2_probe 2023-11-20 11:06:52 +01:00
misc misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write 2023-12-13 18:27:03 +01:00
mmc mmc: block: Be sure to wait while busy in CQE error recovery 2023-12-13 18:27:07 +01:00
most
mtd mtd: cfi_cmdset_0001: Byte swap OTP info 2023-11-28 16:54:58 +00:00
mux
net net: usb: qmi_wwan: claim interface 4 for ZTE MF290 2023-12-20 15:44:35 +01:00
nfc
ntb ntb: Fix calculation ntb_transport_tx_free_entry() 2023-09-19 12:20:22 +02:00
nubus
nvdimm nd_btt: Make BTT lanes preemptible 2023-11-20 11:06:50 +01:00
nvme nvmet: nul-terminate the NQNs passed in the connect command 2023-12-08 08:46:09 +01:00
nvmem nvmem: imx: correct nregs for i.MX6UL 2023-11-08 17:30:44 +01:00
of of: dynamic: Fix of_reconfig_get_state_change() return value documentation 2023-12-13 18:26:58 +01:00
opp
oprofile
parisc parisc: iosapic.c: Fix sparse warnings 2023-10-10 21:53:32 +02:00
parport parport: Add support for Brainboxes IX/UC/PX parallel cards 2023-12-13 18:27:04 +01:00
pci PCI: loongson: Limit MRRS to 256 2023-12-20 15:44:30 +01:00
pcmcia pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() 2023-11-20 11:06:54 +01:00
perf perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 2023-10-25 11:54:13 +02:00
phy phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins 2023-10-25 11:54:26 +02:00
pinctrl pinctrl: avoid reload of p state in list iteration 2023-12-08 08:46:12 +01:00
platform platform/x86: intel_telemetry: Fix kernel doc descriptions 2023-12-20 15:44:33 +01:00
pnp
power power: supply: ucs1002: fix error code in ucs1002_get_property() 2023-10-10 21:53:31 +02:00
powercap
pps
ps3
ptp ptp: annotate data-race around q->head and q->tail 2023-11-28 16:54:54 +00:00
pwm pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume 2023-11-20 11:06:55 +01:00
rapidio
ras
regulator regulator/core: Revert "fix kobject release warning and memory leak in regulator_register()" 2023-10-25 11:54:23 +02:00
remoteproc
reset
rpmsg rpmsg: Fix possible refcount leak in rpmsg_register_device_override() 2023-11-08 17:30:48 +01:00
rtc rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call 2023-11-20 11:06:54 +01:00
s390 s390/dasd: protect device queue against concurrent access 2023-12-08 08:46:10 +01:00
sbus
scsi scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() 2023-12-13 18:27:01 +01:00
sfi
sh
siox
slimbus
soc soc: qcom: llcc: Handle a second device without data corruption 2023-11-20 11:06:49 +01:00
soundwire soundwire: stream: fix NULL pointer dereference for multi_link 2023-12-20 15:44:36 +01:00
spi spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies 2023-11-20 11:06:57 +01:00
spmi
ssb
staging net: vlan: introduce skb_vlan_eth_hdr() 2023-12-20 15:44:28 +01:00
target scsi: target: core: Fix deadlock due to recursive locking 2023-10-10 21:53:38 +02:00
tc
tee tee: optee: Fix supplicant based device enumeration 2023-12-13 18:27:00 +01:00
thermal thermal: core: prevent potential string overflow 2023-11-20 11:06:45 +01:00
thunderbolt thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge 2023-10-25 11:54:20 +02:00
tty serial: 8250_omap: Add earlycon support for the AM654 UART controller 2023-12-13 18:27:05 +01:00
uio
usb usb: typec: class: fix typec_altmode_put_partner to put plugs 2023-12-13 18:27:05 +01:00
vdpa
vfio vfio/type1: fix cap_migration information leak 2023-09-19 12:20:14 +02:00
vhost
video fbdev: stifb: Make the STI next font pointer a 32-bit signed offset 2023-12-08 08:46:14 +01:00
virt
virtio virtio-mmio: fix memory leak of vm_dev 2023-11-08 17:30:40 +01:00
visorbus
vlynq
vme
w1
watchdog watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running 2023-10-10 21:53:34 +02:00
xen swiotlb-xen: provide the "max_mapping_size" method 2023-12-08 08:46:10 +01:00
zorro
Kconfig
Makefile