Commit d2913a07 authored by Takashi Iwai's avatar Takashi Iwai
Browse files

ALSA: pcm: Add sanity NULL check for the default mmap fault handler 



A driver might allow the mmap access before initializing its
runtime->dma_area properly.  Add a proper NULL check before passing to
virt_to_page() for avoiding a panic.

Reported-by: default avatar <syzbot+4bf62a7b1d0f4fdb7ae2@syzkaller.appspotmail.com>
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20241120141104.7060-1-tiwai@suse.de


Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
parent 56386292

sound/core/pcm_native.c

+4 −2
Original line number Diff line number Diff line
@@ -3813,9 +3813,11 @@ static vm_fault_t snd_pcm_mmap_data_fault(struct vm_fault *vmf) 
		return VM_FAULT_SIGBUS;

	if (substream->ops->page)

		page = substream->ops->page(substream, offset);

	else if (!snd_pcm_get_dma_buf(substream))

	else if (!snd_pcm_get_dma_buf(substream)) {

		if (WARN_ON_ONCE(!runtime->dma_area))

			return VM_FAULT_SIGBUS;

		page = virt_to_page(runtime->dma_area + offset);

	else

	} else

		page = snd_sgbuf_get_page(snd_pcm_get_dma_buf(substream), offset);

	if (!page)

		return VM_FAULT_SIGBUS;