iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/sound
History
Junxiao Chang d80ffd4823 ASoC: hdac_hda: fix hda pcm buffer overflow issue 
[ Upstream commit 37882100cd0629d830db430a8cee0b724fe1fea3 ]

When KASAN is enabled, below log might be dumped with Intel EHL hardware:
[   48.583597] ==================================================================
[   48.585921] BUG: KASAN: slab-out-of-bounds in hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[   48.587995] Write of size 4 at addr ffff888103489708 by task pulseaudio/759

[   48.589237] CPU: 2 PID: 759 Comm: pulseaudio Tainted: G     U      E     5.15.71-intel-ese-standard-lts #9
[   48.591272] Hardware name: Intel Corporation Elkhart Lake Embedded Platform/ElkhartLake LPDDR4x T3 CRB, BIOS EHLSFWI1.R00.4251.A01.2206130432 06/13/2022
[   48.593010] Call Trace:
[   48.593648]  <TASK>
[   48.593852]  dump_stack_lvl+0x34/0x48
[   48.594404]  print_address_description.constprop.0+0x1f/0x140
[   48.595174]  ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[   48.595868]  ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[   48.596519]  kasan_report.cold+0x7f/0x11b
[   48.597003]  ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[   48.597885]  hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]

HDAC_LAST_DAI_ID is last index id, pcm buffer array size should
be +1 to avoid out of bound access.

Fixes: 608b8c36c371 ("ASoC: hdac_hda: add support for HDMI/DP as a HDA codec")
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Junxiao Chang <junxiao.chang@intel.com>
Signed-off-by: Furong Zhou <furong.zhou@intel.com>
Link: https://lore.kernel.org/r/20221109234023.3111035-1-junxiao.chang@intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-12-02 17:41:03 +01:00
..
ac97
bus: Make remove callback return void
2021-07-21 11:53:42 +02:00
aoa
ALSA: aoa: Fix I2S device accounting
2022-11-03 23:59:18 +09:00
arm
ALSA: pxa2xx: Use managed PCM buffer allocation
2021-08-04 08:08:21 +02:00
atmel
core
ALSA: dmaengine: increment buffer pointer atomically
2022-10-26 12:34:56 +02:00
drivers
ALSA: aloop: Fix random zeros in capture data when using jiffies timer
2022-09-15 11:30:02 +02:00
firewire
ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
2022-05-12 12:30:01 +02:00
hda
ALSA: hda: fix potential memleak in 'add_widget_node'
2022-11-16 09:58:25 +01:00
i2c
ALSA: i2c: tea6330t: Remove redundant initialization of variable err
2021-06-12 09:32:14 +02:00
isa
ALSA: wavefront: Proper check of get_user() error
2022-05-25 09:57:27 +02:00
mips
ALSA: n64: check return value after calling platform_get_resource()
2021-06-12 09:31:13 +02:00
oss
sound/oss/dmasound: Remove superfluous "break"
2021-05-27 08:24:23 +02:00
parisc
parisc architecture updates for kernel 5.15:
2021-09-02 13:16:00 -07:00
pci
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
2022-11-26 09:24:44 +01:00
pcmcia
ALSA: vx: Manage vx_core object with devres
2021-07-19 16:17:09 +02:00
ppc
ALSA: ppc: fix error return code in snd_pmac_probe()
2021-06-16 08:52:29 +02:00
sh
soc
ASoC: hdac_hda: fix hda pcm buffer overflow issue
2022-12-02 17:41:03 +01:00
sparc
ALSA: sparc: Fix assignment in if condition
2021-06-09 17:30:29 +02:00
spi
ALSA: spi: Add check for clk_enable()
2022-04-08 14:23:19 +02:00
synth
ALSA: Use del_timer_sync() before freeing timer
2022-11-03 23:59:10 +09:00
usb
ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
2022-12-02 17:41:02 +01:00
virtio
ALSA: virtio: fix kernel-doc
2021-04-27 08:39:39 +02:00
x86
ALSA: intel_hdmi: Fix the missing snd_card_free() call at probe error
2022-04-20 09:34:07 +02:00
xen
ac97_bus.c
Kconfig
last.c
Makefile
sound_core.c