ASoC: core: Do not call link_exit() on uninitialized rtd objects

[ Upstream commit dd9f9cc1e6b9391140afa5cf27bb47c9e2a08d02 ]

On init we have sequence:

	for_each_card_prelinks(card, i, dai_link) {
		ret = snd_soc_add_pcm_runtime(card, dai_link);

	ret = init_some_other_things(...);
	if (ret)
		goto probe_end:

	for_each_card_rtds(card, rtd) {
		ret = soc_init_pcm_runtime(card, rtd);

probe_end:

while on exit:
	for_each_card_rtds(card, rtd)
		snd_soc_link_exit(rtd);

If init_some_other_things() step fails due to error we end up with
not fully setup rtds and try to call snd_soc_link_exit on them, which
depending on contents on .link_exit handler, can end up dereferencing
NULL pointer.

Reviewed-by: Cezary Rojewski <cezary.rojewski@intel.com>
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Link: https://lore.kernel.org/r/20230929103243.705433-2-amadeuszx.slawinski@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/include/sound/soc.h b/include/sound/soc.h
index b27f84580c5b0b840ba360e6b822e82dea839d48..cf348108823470fe77f4a498bffbba1cfb40f7f9 100644 (file)
--- a/include/sound/soc.h
+++ b/include/sound/soc.h
@@ -1125,6 +1125,8 @@ struct snd_soc_pcm_runtime {
        unsigned int pop_wait:1;
        unsigned int fe_compr:1; /* for Dynamic PCM */
 
+       bool initialized;
+
        int num_components;
        struct snd_soc_component *components[]; /* CPU/Codec/Platform */
 };

diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
index 1a0bde23f5e6ff6283ba2d43bab6708fa8288d96..2d85164457f7333d9cb765bc529e483fc64a8b14 100644 (file)
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -1259,7 +1259,7 @@ static int soc_init_pcm_runtime(struct snd_soc_card *card,
        snd_soc_runtime_get_dai_fmt(rtd);
        ret = snd_soc_runtime_set_dai_fmt(rtd, dai_link->dai_fmt);
        if (ret)
-               return ret;
+               goto err;
 
        /* add DPCM sysfs entries */
        soc_dpcm_debugfs_add(rtd);
@@ -1284,17 +1284,26 @@ static int soc_init_pcm_runtime(struct snd_soc_card *card,
        /* create compress_device if possible */
        ret = snd_soc_dai_compress_new(cpu_dai, rtd, num);
        if (ret != -ENOTSUPP)
-               return ret;
+               goto err;
 
        /* create the pcm */
        ret = soc_new_pcm(rtd, num);
        if (ret < 0) {
                dev_err(card->dev, "ASoC: can't create pcm %s :%d\n",
                        dai_link->stream_name, ret);
-               return ret;
+               goto err;
        }
 
-       return snd_soc_pcm_dai_new(rtd);
+       ret = snd_soc_pcm_dai_new(rtd);
+       if (ret < 0)
+               goto err;
+
+       rtd->initialized = true;
+
+       return 0;
+err:
+       snd_soc_link_exit(rtd);
+       return ret;
 }
 
 static void soc_set_name_prefix(struct snd_soc_card *card,
@@ -1892,7 +1901,8 @@ static void soc_cleanup_card_resources(struct snd_soc_card *card)
 
        /* release machine specific resources */
        for_each_card_rtds(card, rtd)
-               snd_soc_link_exit(rtd);
+               if (rtd->initialized)
+                       snd_soc_link_exit(rtd);
        /* remove and free each DAI */
        soc_remove_link_dais(card);
        soc_remove_link_components(card);