From patchwork Mon May 9 10:46:31 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Enric Balletbo i Serra X-Patchwork-Id: 9044881 Return-Path: X-Original-To: patchwork-linux-rockchip@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 6D576BF4C7 for ; Mon, 9 May 2016 10:47:27 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 89B8C2012D for ; Mon, 9 May 2016 10:47:26 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.9]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A3C782014A for ; Mon, 9 May 2016 10:47:25 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1aziij-0005JR-Cg; Mon, 09 May 2016 10:47:25 +0000 Received: from bhuna.collabora.co.uk ([46.235.227.227]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1aziif-0005Da-93 for linux-rockchip@lists.infradead.org; Mon, 09 May 2016 10:47:22 +0000 Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: eballetbo) with ESMTPSA id 7FF7E265582 From: Enric Balletbo i Serra To: linux-kernel@vger.kernel.org, linux-rockchip@lists.infradead.org, alsa-devel@alsa-project.org Subject: [PATCH v2 1/5] ASoC: rockchip-max98090: Fix NULL pointer dereference while accessing to jack. Date: Mon, 9 May 2016 12:46:31 +0200 Message-Id: <1462790795-25345-2-git-send-email-enric.balletbo@collabora.com> X-Mailer: git-send-email 2.1.0 In-Reply-To: <1462790795-25345-1-git-send-email-enric.balletbo@collabora.com> References: <1462790795-25345-1-git-send-email-enric.balletbo@collabora.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160509_034721_623293_791DDC14 X-CRM114-Status: GOOD ( 14.92 ) X-Spam-Score: -1.9 (-) X-BeenThere: linux-rockchip@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Upstream kernel work for Rockchip platforms List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Brown , Heiko Stuebner MIME-Version: 1.0 Sender: "Linux-rockchip" Errors-To: linux-rockchip-bounces+patchwork-linux-rockchip=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-6.3 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Commit f2ed6b07645e ("ASoC: Make aux_dev more like a generic component") caused a regression on this driver, since now a kernel oops is seen when rockchip-mac98090 driver is loaded. That commit changed the probing of aux_devs before checking new DAI links, so for this driver rk_98090_headset_init is called before rk_init and then the kernel oops due a NULL pointer dereference inside rk_98090_headset_init function since there is a call that tries to access the jack pointer which has not been allocated yet. This is the call chain that causes the crash: rk_98090_headset_init -> ts3a227e_enable_jack_detect -> snd_jack_set_key rk_init -> snd_soc_card_jack_new This patch moves the new jack object creation from rk_init to rk_98090_headset_init function making sure the jack is created before is accessed. Signed-off-by: Enric Balletbo i Serra --- Changes since v1: - Improve log message. sound/soc/rockchip/rockchip_max98090.c | 50 ++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 23 deletions(-) diff --git a/sound/soc/rockchip/rockchip_max98090.c b/sound/soc/rockchip/rockchip_max98090.c index 5436102..abb64a5 100644 --- a/sound/soc/rockchip/rockchip_max98090.c +++ b/sound/soc/rockchip/rockchip_max98090.c @@ -114,43 +114,27 @@ static int rk_aif1_hw_params(struct snd_pcm_substream *substream, return ret; } -static int rk_init(struct snd_soc_pcm_runtime *runtime) -{ - /* Enable Headset and 4 Buttons Jack detection */ - return snd_soc_card_jack_new(runtime->card, "Headset Jack", - SND_JACK_HEADSET | - SND_JACK_BTN_0 | SND_JACK_BTN_1 | - SND_JACK_BTN_2 | SND_JACK_BTN_3, - &headset_jack, - headset_jack_pins, - ARRAY_SIZE(headset_jack_pins)); -} - -static int rk_98090_headset_init(struct snd_soc_component *component) -{ - return ts3a227e_enable_jack_detect(component, &headset_jack); -} - static struct snd_soc_ops rk_aif1_ops = { .hw_params = rk_aif1_hw_params, }; -static struct snd_soc_aux_dev rk_98090_headset_dev = { - .name = "Headset Chip", - .init = rk_98090_headset_init, -}; - static struct snd_soc_dai_link rk_dailink = { .name = "max98090", .stream_name = "Audio", .codec_dai_name = "HiFi", - .init = rk_init, .ops = &rk_aif1_ops, /* set max98090 as slave */ .dai_fmt = SND_SOC_DAIFMT_I2S | SND_SOC_DAIFMT_NB_NF | SND_SOC_DAIFMT_CBS_CFS, }; +static int rk_98090_headset_init(struct snd_soc_component *component); + +static struct snd_soc_aux_dev rk_98090_headset_dev = { + .name = "Headset Chip", + .init = rk_98090_headset_init, +}; + static struct snd_soc_card snd_soc_card_rk = { .name = "ROCKCHIP-I2S", .owner = THIS_MODULE, @@ -166,6 +150,26 @@ static struct snd_soc_card snd_soc_card_rk = { .num_controls = ARRAY_SIZE(rk_mc_controls), }; +static int rk_98090_headset_init(struct snd_soc_component *component) +{ + int ret; + + /* Enable Headset and 4 Buttons Jack detection */ + ret = snd_soc_card_jack_new(&snd_soc_card_rk, "Headset Jack", + SND_JACK_HEADSET | + SND_JACK_BTN_0 | SND_JACK_BTN_1 | + SND_JACK_BTN_2 | SND_JACK_BTN_3, + &headset_jack, + headset_jack_pins, + ARRAY_SIZE(headset_jack_pins)); + if (ret) + return ret; + + ret = ts3a227e_enable_jack_detect(component, &headset_jack); + + return ret; +} + static int snd_rk_mc_probe(struct platform_device *pdev) { int ret = 0;