From a4678087c7da8a881008b1223b7f77ece4748d99 Mon Sep 17 00:00:00 2001 From: Peter Ujfalusi Date: Thu, 19 Jun 2025 11:42:20 +0300 Subject: [PATCH] ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() stable inclusion from stable-v6.6.103 commit 41f53afe53a57a7c50323f99424b598190acf192 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ICWGGJ CVE: CVE-2025-38706 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=41f53afe53a57a7c50323f99424b598190acf192 -------------------------------- [ Upstream commit 2d91cb261cac6d885954b8f5da28b5c176c18131 ] snd_soc_remove_pcm_runtime() might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as ignore due to missing hardware component on the system. On module removal the soc_tplg_remove_link() would call snd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored, no runtime was created. Signed-off-by: Peter Ujfalusi Reviewed-by: Bard Liao Reviewed-by: Ranjani Sridharan Reviewed-by: Liam Girdwood Reviewed-by: Kai Vehmanen Link: https://patch.msgid.link/20250619084222.559-3-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown Signed-off-by: Sasha Levin Signed-off-by: Yu Wu --- sound/soc/soc-core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c index e65fe3a7c3e4..c5c82a7bdadc 100644 --- a/sound/soc/soc-core.c +++ b/sound/soc/soc-core.c @@ -1025,6 +1025,9 @@ static int soc_dai_link_sanity_check(struct snd_soc_card *card, void snd_soc_remove_pcm_runtime(struct snd_soc_card *card, struct snd_soc_pcm_runtime *rtd) { + if (!rtd) + return; + lockdep_assert_held(&client_mutex); /* -- Gitee