Commit e4d3386b authored May 17, 2026 by Takashi Iwai

ALSA: pcm: Don't setup bogus iov_iter for silencing



At transition to the iov_iter for PCM data transfer, we blindly
applied the iov_iter setup also for silencing (i.e. data = NULL), and
it leads to a calculation of bogus iov_iter.  Fortunately this didn't
cause troubles on most of architectures but it goes wrong on RISC-V
now, causing a NULL dereference.

Handle the NULL data case to treat the silencing in interleaved_copy()
for addressing the bug above.  noninterleaved_copy() has already the
NULL data handling, so it doesn't need changes.

Reported-by: Jiakai Xu <xujiakai24@mails.ucas.ac.cn>
Closes: https://lore.kernel.org/20260515051516.3103036-1-xujiakai24@mails.ucas.ac.cn
Fixes: cf393bab ("ALSA: pcm: Add copy ops with iov_iter")
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20260517165121.31399-1-tiwai@suse.de


Signed-off-by: Takashi Iwai <tiwai@suse.de>

parent 608d76ec

sound/core/pcm_lib.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -2138,6 +2138,9 @@ static int interleaved_copy(struct snd_pcm_substream *substream,
		off = frames_to_bytes(runtime, off);
		frames = frames_to_bytes(runtime, frames);

		if (!data)
		return fill_silence(substream, 0, hwoff, NULL, frames);

		return do_transfer(substream, 0, hwoff, data + off, frames, transfer,
		in_kernel);
		}