ASoC: rockchip-max98090: Fix NULL pointer dereference while accessing to jack.
authorEnric Balletbo i Serra <enric.balletbo@collabora.com>
Mon, 9 May 2016 10:46:31 +0000 (12:46 +0200)
committerMark Brown <broonie@kernel.org>
Mon, 30 May 2016 15:19:41 +0000 (16:19 +0100)
Commit f2ed6b07645e ("ASoC: Make aux_dev more like a generic
component") caused a regression on this driver, since now a
kernel oops is seen when rockchip-mac98090 driver is loaded.

That commit changed the probing of aux_devs before checking
new DAI links, so for this driver rk_98090_headset_init is
called before rk_init and then the kernel oops due a NULL
pointer dereference inside rk_98090_headset_init function
since there is a call that tries to access the jack pointer
which has not been allocated yet.

This is the call chain that causes the crash:

 rk_98090_headset_init
   -> ts3a227e_enable_jack_detect
      -> snd_jack_set_key
 rk_init
   -> snd_soc_card_jack_new

This patch moves the new jack object creation from rk_init
to rk_98090_headset_init function making sure the jack is
created before is accessed.

Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
sound/soc/rockchip/rockchip_max98090.c

index 543610282cdb05c007b5fbe52b0c2f77435b3a83..abb64a553967391f6df5328f0777e78cbd8ba11f 100644 (file)
@@ -114,43 +114,27 @@ static int rk_aif1_hw_params(struct snd_pcm_substream *substream,
        return ret;
 }
 
-static int rk_init(struct snd_soc_pcm_runtime *runtime)
-{
-       /* Enable Headset and 4 Buttons Jack detection */
-       return snd_soc_card_jack_new(runtime->card, "Headset Jack",
-                              SND_JACK_HEADSET |
-                              SND_JACK_BTN_0 | SND_JACK_BTN_1 |
-                              SND_JACK_BTN_2 | SND_JACK_BTN_3,
-                              &headset_jack,
-                              headset_jack_pins,
-                              ARRAY_SIZE(headset_jack_pins));
-}
-
-static int rk_98090_headset_init(struct snd_soc_component *component)
-{
-       return ts3a227e_enable_jack_detect(component, &headset_jack);
-}
-
 static struct snd_soc_ops rk_aif1_ops = {
        .hw_params = rk_aif1_hw_params,
 };
 
-static struct snd_soc_aux_dev rk_98090_headset_dev = {
-       .name = "Headset Chip",
-       .init = rk_98090_headset_init,
-};
-
 static struct snd_soc_dai_link rk_dailink = {
        .name = "max98090",
        .stream_name = "Audio",
        .codec_dai_name = "HiFi",
-       .init = rk_init,
        .ops = &rk_aif1_ops,
        /* set max98090 as slave */
        .dai_fmt = SND_SOC_DAIFMT_I2S | SND_SOC_DAIFMT_NB_NF |
                SND_SOC_DAIFMT_CBS_CFS,
 };
 
+static int rk_98090_headset_init(struct snd_soc_component *component);
+
+static struct snd_soc_aux_dev rk_98090_headset_dev = {
+       .name = "Headset Chip",
+       .init = rk_98090_headset_init,
+};
+
 static struct snd_soc_card snd_soc_card_rk = {
        .name = "ROCKCHIP-I2S",
        .owner = THIS_MODULE,
@@ -166,6 +150,26 @@ static struct snd_soc_card snd_soc_card_rk = {
        .num_controls = ARRAY_SIZE(rk_mc_controls),
 };
 
+static int rk_98090_headset_init(struct snd_soc_component *component)
+{
+       int ret;
+
+       /* Enable Headset and 4 Buttons Jack detection */
+       ret = snd_soc_card_jack_new(&snd_soc_card_rk, "Headset Jack",
+                                   SND_JACK_HEADSET |
+                                   SND_JACK_BTN_0 | SND_JACK_BTN_1 |
+                                   SND_JACK_BTN_2 | SND_JACK_BTN_3,
+                                   &headset_jack,
+                                   headset_jack_pins,
+                                   ARRAY_SIZE(headset_jack_pins));
+       if (ret)
+               return ret;
+
+       ret = ts3a227e_enable_jack_detect(component, &headset_jack);
+
+       return ret;
+}
+
 static int snd_rk_mc_probe(struct platform_device *pdev)
 {
        int ret = 0;