| Message ID | 20200905192613.420-1-trix@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | soundwire: stream: fix an invalid free | expand |
Hello Tom, On 05-09-20, 12:26, trix@redhat.com wrote: > From: Tom Rix <trix@redhat.com> > > clang static analyzer reports this problem > > stream.c:872:2: warning: Argument to kfree() is a constant > address (18446744073709551092), which is not memory > allocated by malloc() > kfree(stream); > ^~~~~~~~~~~~~ > > In sdw_shutdown_stream() the stream to free is set by > a call to snd_soc_dai_get_sdw_stream(). The problem block > is the check if the call was successful. > > if (!sdw_stream) { > dev_err(rtd->dev, "no stream found... > return; > } > > When snd_soc_dai_get_sdw_stream() fails, it does not > always return null, sometimes it returns -ENOTSUPP. > > So also check for error codes. > Fixes: 4550569bd779 ("soundwire: stream: add helper to startup/shutdown streams") > Signed-off-by: Tom Rix <trix@redhat.com> > --- > drivers/soundwire/stream.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/soundwire/stream.c b/drivers/soundwire/stream.c > index 6e36deb505b1..950231d593c2 100644 > --- a/drivers/soundwire/stream.c > +++ b/drivers/soundwire/stream.c > @@ -1913,7 +1913,7 @@ void sdw_shutdown_stream(void *sdw_substream) > > sdw_stream = snd_soc_dai_get_sdw_stream(dai, substream->stream); > > - if (!sdw_stream) { > + if (IS_ERR_OR_NULL(sdw_stream)) { Thanks for the patch. Please see commit 3471d2a192ba ("soundwire: stream: fix NULL/IS_ERR confusion") in soundwire-next. This has already been updated to IS_ERR() and Bard has already sent patches for snd_soc_dai_get_sdw_stream() to return proper values. So I you can rerun this on next, you should see this fixed.
On 9/7/20 7:14 AM, Vinod Koul wrote: > Hello Tom, > > On 05-09-20, 12:26, trix@redhat.com wrote: >> From: Tom Rix <trix@redhat.com> >> >> clang static analyzer reports this problem >> >> stream.c:872:2: warning: Argument to kfree() is a constant >> address (18446744073709551092), which is not memory >> allocated by malloc() >> kfree(stream); >> ^~~~~~~~~~~~~ >> >> In sdw_shutdown_stream() the stream to free is set by >> a call to snd_soc_dai_get_sdw_stream(). The problem block >> is the check if the call was successful. >> >> if (!sdw_stream) { >> dev_err(rtd->dev, "no stream found... >> return; >> } >> >> When snd_soc_dai_get_sdw_stream() fails, it does not >> always return null, sometimes it returns -ENOTSUPP. >> >> So also check for error codes. >> Fixes: 4550569bd779 ("soundwire: stream: add helper to startup/shutdown streams") >> Signed-off-by: Tom Rix <trix@redhat.com> >> --- >> drivers/soundwire/stream.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/soundwire/stream.c b/drivers/soundwire/stream.c >> index 6e36deb505b1..950231d593c2 100644 >> --- a/drivers/soundwire/stream.c >> +++ b/drivers/soundwire/stream.c >> @@ -1913,7 +1913,7 @@ void sdw_shutdown_stream(void *sdw_substream) >> >> sdw_stream = snd_soc_dai_get_sdw_stream(dai, substream->stream); >> >> - if (!sdw_stream) { >> + if (IS_ERR_OR_NULL(sdw_stream)) { > Thanks for the patch. Please see commit 3471d2a192ba ("soundwire: > stream: fix NULL/IS_ERR confusion") in soundwire-next. This has already > been updated to IS_ERR() and Bard has already sent patches for > snd_soc_dai_get_sdw_stream() to return proper values. > > So I you can rerun this on next, you should see this fixed. I am working on linux-next, so I will see Bard's patch when it lands there. Sorry for not working on soundwire-next, but since i am fixing everywhere linux-next is easiest. Thank you for the update. Tom >
On 07-09-20, 07:25, Tom Rix wrote: > > On 9/7/20 7:14 AM, Vinod Koul wrote: > > Hello Tom, > > > > On 05-09-20, 12:26, trix@redhat.com wrote: > >> From: Tom Rix <trix@redhat.com> > >> > >> clang static analyzer reports this problem > >> > >> stream.c:872:2: warning: Argument to kfree() is a constant > >> address (18446744073709551092), which is not memory > >> allocated by malloc() > >> kfree(stream); > >> ^~~~~~~~~~~~~ > >> > >> In sdw_shutdown_stream() the stream to free is set by > >> a call to snd_soc_dai_get_sdw_stream(). The problem block > >> is the check if the call was successful. > >> > >> if (!sdw_stream) { > >> dev_err(rtd->dev, "no stream found... > >> return; > >> } > >> > >> When snd_soc_dai_get_sdw_stream() fails, it does not > >> always return null, sometimes it returns -ENOTSUPP. > >> > >> So also check for error codes. > >> Fixes: 4550569bd779 ("soundwire: stream: add helper to startup/shutdown streams") > >> Signed-off-by: Tom Rix <trix@redhat.com> > >> --- > >> drivers/soundwire/stream.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/drivers/soundwire/stream.c b/drivers/soundwire/stream.c > >> index 6e36deb505b1..950231d593c2 100644 > >> --- a/drivers/soundwire/stream.c > >> +++ b/drivers/soundwire/stream.c > >> @@ -1913,7 +1913,7 @@ void sdw_shutdown_stream(void *sdw_substream) > >> > >> sdw_stream = snd_soc_dai_get_sdw_stream(dai, substream->stream); > >> > >> - if (!sdw_stream) { > >> + if (IS_ERR_OR_NULL(sdw_stream)) { > > Thanks for the patch. Please see commit 3471d2a192ba ("soundwire: > > stream: fix NULL/IS_ERR confusion") in soundwire-next. This has already > > been updated to IS_ERR() and Bard has already sent patches for > > snd_soc_dai_get_sdw_stream() to return proper values. > > > > So I you can rerun this on next, you should see this fixed. > > I am working on linux-next, so I will see Bard's patch when it lands there. It should be already there... And I checked, looks like there was no linux-next for last few days and it should be back tomorrow so should be there > > Sorry for not working on soundwire-next, but since i am fixing everywhere linux-next is easiest. Agree, timing this time around!
diff --git a/drivers/soundwire/stream.c b/drivers/soundwire/stream.c index 6e36deb505b1..950231d593c2 100644 --- a/drivers/soundwire/stream.c +++ b/drivers/soundwire/stream.c @@ -1913,7 +1913,7 @@ void sdw_shutdown_stream(void *sdw_substream) sdw_stream = snd_soc_dai_get_sdw_stream(dai, substream->stream); - if (!sdw_stream) { + if (IS_ERR_OR_NULL(sdw_stream)) { dev_err(rtd->dev, "no stream found for DAI %s", dai->name); return; }