Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-18 03:06:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ASoC: wm_adsp: For TLV controls only register TLV get/set

Browse Source 
Normal 512-byte get/set of a TLV isn't supported but we were
registering the normal get/set anyway and relying on omitting
the SNDRV_CTL_ELEM_ACCESS_[READ|WRITE] flags to prevent them
being called.

Trouble is if this gets broken in the core ALSA code - as it has
been since at least 4.14 - the standard get/set can be called
unexpectedly and corrupt memory.

There's no point providing functions that won't be called and
it's a trivial change. The benefit is that if the ALSA core gets
broken again we get a big fat immediate NULL dereference instead
of a memory corruption timebomb.

Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
This commit is contained in:
Richard Fitzgerald 2018-02-28 10:31:10 +00:00 committed by Mark Brown
parent 7928b2cbe5
commit d7789f5bcd
No known key found for this signature in database
GPG Key ID: 24D68B725D5487D0
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sound/soc/codecs/wm_adsp.c
View File

@ -1204,12 +1204,14 @@ static int wmfw_add_ctl(struct wm_adsp *dsp, struct wm_coeff_ctl *ctl)
kcontrol->put = wm_coeff_put_acked;
break;
default:
kcontrol->get = wm_coeff_get;
kcontrol->put = wm_coeff_put;
ctl->bytes_ext.max = ctl->len;
ctl->bytes_ext.get = wm_coeff_tlv_get;
ctl->bytes_ext.put = wm_coeff_tlv_put;
if (kcontrol->access & SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK) {
ctl->bytes_ext.max = ctl->len;
ctl->bytes_ext.get = wm_coeff_tlv_get;
ctl->bytes_ext.put = wm_coeff_tlv_put;
} else {
kcontrol->get = wm_coeff_get;
kcontrol->put = wm_coeff_put;
}
break;
}