ALSA: pcm: Add sanity NULL check for the default mmap fault handler

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

A driver might allow the mmap access before initializing its
runtime->dma_area properly. Add a proper NULL check before passing to
virt_to_page() for avoiding a panic.

Reported-by: syzbot+4bf62a7b1d0f4fdb7ae2@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20241120141104.7060-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Takashi Iwai 1 year ago d2913a07 56386292

+4 -2

1 changed file

expand all

sound

core

pcm_native.c

+4 -2

sound/core/pcm_native.c

··· 3813 3813 return VM_FAULT_SIGBUS; 3814 3814 if (substream->ops->page) 3815 3815 page = substream->ops->page(substream, offset); 3816 - else if (!snd_pcm_get_dma_buf(substream)) 3816 + else if (!snd_pcm_get_dma_buf(substream)) { 3817 + if (WARN_ON_ONCE(!runtime->dma_area)) 3818 + return VM_FAULT_SIGBUS; 3817 3819 page = virt_to_page(runtime->dma_area + offset); 3818 - else 3820 + } else 3819 3821 page = snd_sgbuf_get_page(snd_pcm_get_dma_buf(substream), offset); 3820 3822 if (!page) 3821 3823 return VM_FAULT_SIGBUS;