From patchwork Tue Mar 7 14:21:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 104465 Delivered-To: patch@linaro.org Received: by 10.140.82.71 with SMTP id g65csp1907269qgd; Tue, 7 Mar 2017 06:21:47 -0800 (PST) X-Received: by 10.223.135.153 with SMTP id b25mr467342wrb.169.1488896507356; Tue, 07 Mar 2017 06:21:47 -0800 (PST) Return-Path: Received: from alsa0.perex.cz (alsa0.perex.cz. [77.48.224.243]) by mx.google.com with ESMTP id l66si19065294wmb.111.2017.03.07.06.21.47; Tue, 07 Mar 2017 06:21:47 -0800 (PST) Received-SPF: pass (google.com: domain of alsa-devel-bounces@alsa-project.org designates 77.48.224.243 as permitted sender) client-ip=77.48.224.243; Authentication-Results: mx.google.com; spf=pass (google.com: domain of alsa-devel-bounces@alsa-project.org designates 77.48.224.243 as permitted sender) smtp.mailfrom=alsa-devel-bounces@alsa-project.org Received: from alsa0.perex.cz (localhost [127.0.0.1]) by alsa0.perex.cz (Postfix) with ESMTP id E6CEF266F8D; Tue, 7 Mar 2017 15:21:45 +0100 (CET) X-Original-To: alsa-devel@alsa-project.org Delivered-To: alsa-devel@alsa-project.org Received: by alsa0.perex.cz (Postfix, from userid 1000) id 61698266F8F; Tue, 7 Mar 2017 15:21:44 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail1.perex.cz X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, RP_MATCHES_RCVD, SPF_PASS, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from mezzanine.sirena.org.uk (mezzanine.sirena.org.uk [106.187.55.193]) by alsa0.perex.cz (Postfix) with ESMTP id 237E0266EEB for ; Tue, 7 Mar 2017 15:21:41 +0100 (CET) Received: from [109.74.48.129] (helo=finisterre) by mezzanine.sirena.org.uk with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1clFzW-0000fU-RZ; Tue, 07 Mar 2017 14:21:33 +0000 Received: from broonie by finisterre with local (Exim 4.89) (envelope-from ) id 1clFzS-0006dg-A7; Tue, 07 Mar 2017 15:21:26 +0100 From: Mark Brown To: Takashi Sakamoto In-Reply-To: <20170224024841.10515-1-takashi.sakamoto@miraclelinux.com> Message-Id: Date: Tue, 07 Mar 2017 15:21:26 +0100 X-SA-Exim-Connect-IP: 109.74.48.129 X-SA-Exim-Mail-From: broonie@sirena.org.uk X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000) X-SA-Exim-Scanned: No (on mezzanine.sirena.org.uk); Unknown failure Cc: alsa-devel@alsa-project.org, hirotaka.furukawa@miraclelinux.com, Vinod Koul , ichiro.suzuki@miraclelinux.com, ryotaro.shibata@miraclelinux.com, stable@vger.kernel.org, broonie@kernel.org, shreyas.nc@intel.com, jeeja.kp@intel.com, ", Takashi Sakamoto , yukie.kato@miraclelinux.com, alsa-devel@alsa-project.org"@alsa-project.org Subject: [alsa-devel] Applied "ASoC: Intel: Skylake: fix invalid memory access due to wrong reference of pointer" to the asoc tree X-BeenThere: alsa-devel@alsa-project.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Alsa-devel mailing list for ALSA developers - http://www.alsa-project.org" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: alsa-devel-bounces@alsa-project.org Sender: alsa-devel-bounces@alsa-project.org The patch ASoC: Intel: Skylake: fix invalid memory access due to wrong reference of pointer has been applied to the asoc tree at git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From d1a6fe41d3c4ff0d26f0b186d774493555ca5282 Mon Sep 17 00:00:00 2001 From: Takashi Sakamoto Date: Fri, 24 Feb 2017 11:48:41 +0900 Subject: [PATCH] ASoC: Intel: Skylake: fix invalid memory access due to wrong reference of pointer In 'skl_tplg_set_module_init_data()', a pointer to 'params' member of 'struct skl_algo_data' is calculated, then casted to (u32 *) and assigned to a member of configuration data. The configuration data is passed to the other functions and used to process intel IPC. In this processing, the value of member is used to get message data, however this can bring invalid memory access in 'skl_set_module_params()' as a result of calculation of a pointer for actual message data. (sound/soc/intel/skylake/skl-topology.c) skl_tplg_init_pipe_modules() ->skl_tplg_set_module_init_data() (has this bug) ->skl_tplg_set_module_params() (sound/soc/intel/skylake/skl-messages.c) ->skl_set_module_params() ((char *)param) + data_offset This commit fixes the bug. Fixes: abb740033b56 ("ASoC: Intel: Skylake: Add support to configure module params") Signed-off-by: Takashi Sakamoto Acked-by: Vinod Koul Signed-off-by: Mark Brown Cc: # v4.5+ --- sound/soc/intel/skylake/skl-topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.11.0 _______________________________________________ Alsa-devel mailing list Alsa-devel@alsa-project.org http://mailman.alsa-project.org/mailman/listinfo/alsa-devel diff --git a/sound/soc/intel/skylake/skl-topology.c b/sound/soc/intel/skylake/skl-topology.c index ed58b5b3555a..2dbfb1b24ef4 100644 --- a/sound/soc/intel/skylake/skl-topology.c +++ b/sound/soc/intel/skylake/skl-topology.c @@ -512,7 +512,7 @@ static int skl_tplg_set_module_init_data(struct snd_soc_dapm_widget *w) if (bc->set_params != SKL_PARAM_INIT) continue; - mconfig->formats_config.caps = (u32 *)&bc->params; + mconfig->formats_config.caps = (u32 *)bc->params; mconfig->formats_config.caps_size = bc->size; break;