review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Gaosheng Cui <cuigaosheng1@huawei.com>
	Fri, 18 Nov 2022 03:00:56 +0000 (11:00 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 31 Dec 2022 12:32:12 +0000 (13:32 +0100)
commit	38e2a92cd174b6abd6de1cca758140b0a0d31355
tree	315c793d40321b2a19aec38354452b73c9677c43	tree \| snapshot
parent	917e58a84e85e2a3355450a40e459c8de3a6a17f	commit \| diff

ASoC: amd: acp: Fix possible UAF in acp_dma_open

[ Upstream commit 3420fdb8ae99f0a08d78d2b80f42a71971cf478d ]

Smatch report warning as follows:

sound/soc/amd/acp/acp-platform.c:199 acp_dma_open() warn:
'&stream->list' not removed from list

If snd_pcm_hw_constraint_integer() fails in acp_dma_open(),
stream will be freed, but stream->list will not be removed from
adata->stream_list, then list traversal may cause UAF.

Fix by adding the newly allocated stream to the list once it's fully
initialised.

Fixes: 7929985cfe36 ("ASoC: amd: acp: Initialize list to store acp_stream during pcm_open")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Link: https://lore.kernel.org/r/20221118030056.3135960-1-cuigaosheng1@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>