mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-24 11:25:43 +00:00
e199bf52ff
If bus is marked as multi_link, but number of masters in the stream is
not higher than bus->hw_sync_min_links (bus->multi_link && m_rt_count >=
bus->hw_sync_min_links), bank switching should not happen. The first
part of do_bank_switch() code properly takes these conditions into
account, but second part (sdw_ml_sync_bank_switch()) relies purely on
bus->multi_link property. This is not balanced and leads to NULL
pointer dereference:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
...
Call trace:
wait_for_completion_timeout+0x124/0x1f0
do_bank_switch+0x370/0x6f8
sdw_prepare_stream+0x2d0/0x438
qcom_snd_sdw_prepare+0xa0/0x118
sm8450_snd_prepare+0x128/0x148
snd_soc_link_prepare+0x5c/0xe8
__soc_pcm_prepare+0x28/0x1ec
dpcm_be_dai_prepare+0x1e0/0x2c0
dpcm_fe_dai_prepare+0x108/0x28c
snd_pcm_do_prepare+0x44/0x68
snd_pcm_action_single+0x54/0xc0
snd_pcm_action_nonatomic+0xe4/0xec
snd_pcm_prepare+0xc4/0x114
snd_pcm_common_ioctl+0x1154/0x1cc0
snd_pcm_ioctl+0x54/0x74
Fixes:
|
||
|---|---|---|
| .. | ||
| amd_manager.c | ||
| amd_manager.h | ||
| bus.c | ||
| bus.h | ||
| bus_type.c | ||
| cadence_master.c | ||
| cadence_master.h | ||
| debugfs.c | ||
| dmi-quirks.c | ||
| generic_bandwidth_allocation.c | ||
| intel.c | ||
| intel.h | ||
| intel_ace2x.c | ||
| intel_ace2x_debugfs.c | ||
| intel_auxdevice.c | ||
| intel_auxdevice.h | ||
| intel_bus_common.c | ||
| intel_init.c | ||
| irq.c | ||
| irq.h | ||
| Kconfig | ||
| Makefile | ||
| master.c | ||
| mipi_disco.c | ||
| qcom.c | ||
| slave.c | ||
| stream.c | ||
| sysfs_local.h | ||
| sysfs_slave.c | ||
| sysfs_slave_dpn.c | ||