From: Tzung-Bi Shih <tzun...@google.com>

[ Upstream commit 70fc53734e71ce51f46dfcfd1a1c319e1cfe080c ]

Kernel crashes when an ASoC component rebinding.

The dai_link->platforms has been reset to NULL by soc_cleanup_platform()
in soc_cleanup_card_resources() when un-registering component.  However,
it has no chance to re-allocate the dai_link->platforms when registering
the component again.

Move the DAI pre-links initiation from snd_soc_register_card() to
snd_soc_instantiate_card() to make sure all DAI pre-links get initiated
when component rebinding.

As an example, by using the following commands:
- echo -n max98357a > /sys/bus/platform/drivers/max98357a/unbind
- echo -n max98357a > /sys/bus/platform/drivers/max98357a/bind

Got the error message:
"Unable to handle kernel NULL pointer dereference at virtual address".

The call trace:
snd_soc_is_matching_component+0x30/0x6c
soc_bind_dai_link+0x16c/0x240
snd_soc_bind_card+0x1e4/0xb10
snd_soc_add_component+0x270/0x300
snd_soc_register_component+0x54/0x6c

Signed-off-by: Tzung-Bi Shih <tzun...@google.com>
Signed-off-by: Mark Brown <broo...@kernel.org>
Signed-off-by: Sasha Levin <sas...@kernel.org>
---
 sound/soc/soc-core.c | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
index a4668a788ed5..9df3bdeb5c47 100644
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -2069,6 +2069,16 @@ static int snd_soc_instantiate_card(struct snd_soc_card 
*card)
        int ret, i, order;
 
        mutex_lock(&client_mutex);
+       for_each_card_prelinks(card, i, dai_link) {
+               ret = soc_init_dai_link(card, dai_link);
+               if (ret) {
+                       soc_cleanup_platform(card);
+                       dev_err(card->dev, "ASoC: failed to init link %s: %d\n",
+                               dai_link->name, ret);
+                       mutex_unlock(&client_mutex);
+                       return ret;
+               }
+       }
        mutex_lock_nested(&card->mutex, SND_SOC_CARD_CLASS_INIT);
 
        card->dapm.bias_level = SND_SOC_BIAS_OFF;
@@ -2793,26 +2803,9 @@ static int snd_soc_bind_card(struct snd_soc_card *card)
  */
 int snd_soc_register_card(struct snd_soc_card *card)
 {
-       int i, ret;
-       struct snd_soc_dai_link *link;
-
        if (!card->name || !card->dev)
                return -EINVAL;
 
-       mutex_lock(&client_mutex);
-       for_each_card_prelinks(card, i, link) {
-
-               ret = soc_init_dai_link(card, link);
-               if (ret) {
-                       soc_cleanup_platform(card);
-                       dev_err(card->dev, "ASoC: failed to init link %s\n",
-                               link->name);
-                       mutex_unlock(&client_mutex);
-                       return ret;
-               }
-       }
-       mutex_unlock(&client_mutex);
-
        dev_set_drvdata(card->dev, card);
 
        snd_soc_initialize_card_lists(card);
-- 
2.20.1

Reply via email to