From: Tuo Li Date: Thu, 28 May 2026 06:41:06 +0000 (+0800) Subject: ASoC: mediatek: mt8365-afe-pcm: fix possible NULL-pointer dereferences in mt8365_afe_... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8948ac26efc395264a47f9a743889065adb5cff;p=thirdparty%2Flinux.git ASoC: mediatek: mt8365-afe-pcm: fix possible NULL-pointer dereferences in mt8365_afe_suspend() mt8365_afe_suspend() allocates the register backup buffer with devm_kcalloc(), but does not check for allocation failure before using the returned pointer. This may lead to a NULL pointer dereference when accessing afe->reg_back_up[i]. Add the missing NULL check and return -ENOMEM on allocation failure after disabling the main clock. Also propagate the return value of mt8365_afe_suspend() in mt8365_afe_dev_runtime_suspend() so that the suspended state is not updated when suspend fails. Signed-off-by: Tuo Li Link: https://patch.msgid.link/20260528064107.470824-1-islituo@gmail.com Signed-off-by: Mark Brown --- diff --git a/sound/soc/mediatek/mt8365/mt8365-afe-pcm.c b/sound/soc/mediatek/mt8365/mt8365-afe-pcm.c index d01793394f225..5966ca18c7c97 100644 --- a/sound/soc/mediatek/mt8365/mt8365-afe-pcm.c +++ b/sound/soc/mediatek/mt8365/mt8365-afe-pcm.c @@ -1974,10 +1974,15 @@ static int mt8365_afe_suspend(struct device *dev) mt8365_afe_enable_main_clk(afe); - if (!afe->reg_back_up) + if (!afe->reg_back_up) { afe->reg_back_up = devm_kcalloc(dev, afe->reg_back_up_list_num, sizeof(unsigned int), GFP_KERNEL); + if (!afe->reg_back_up) { + mt8365_afe_disable_main_clk(afe); + return -ENOMEM; + } + } for (i = 0; i < afe->reg_back_up_list_num; i++) regmap_read(regmap, afe->reg_back_up_list[i], @@ -2011,11 +2016,15 @@ static int mt8365_afe_resume(struct device *dev) static int mt8365_afe_dev_runtime_suspend(struct device *dev) { struct mtk_base_afe *afe = dev_get_drvdata(dev); + int ret; if (pm_runtime_status_suspended(dev) || afe->suspended) return 0; - mt8365_afe_suspend(dev); + ret = mt8365_afe_suspend(dev); + if (ret) + return ret; + afe->suspended = true; return 0; }