1. Patchew
  2. linux
  3. View series

[PATCH v1] ALSA: hda/tas2781: Fix a potential race condition that causes a NULL pointer in case no efi.get_variable exsits

Shenghao Ding posted 1 patch 3 weeks ago 
sound/hda/codecs/side-codecs/tas2781_hda.c     | 5 +++++
sound/hda/codecs/side-codecs/tas2781_hda_i2c.c | 5 +++++
2 files changed, 10 insertions(+)
[PATCH v1] ALSA: hda/tas2781: Fix a potential race condition that causes a NULL pointer in case no efi.get_variable exsits
Posted by Shenghao Ding 3 weeks ago 
A a potential race condition reported by one of my customers that leads to
a NULL pointer dereference, where the call to efi.get_variable should be
guarded with efi_rt_services_supported() to ensure that function exists.

Fixes: 4fe238513407 ("ALSA: hda/tas2781: Move and unified the calibrated-data getting function for SPI and I2C into the tas2781_hda lib")
Signed-off-by: Shenghao Ding <shenghao-ding@ti.com>
---
 sound/hda/codecs/side-codecs/tas2781_hda.c     | 5 +++++
 sound/hda/codecs/side-codecs/tas2781_hda_i2c.c | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/sound/hda/codecs/side-codecs/tas2781_hda.c b/sound/hda/codecs/side-codecs/tas2781_hda.c
index 536940c78f00..96e6d82dc69e 100644
--- a/sound/hda/codecs/side-codecs/tas2781_hda.c
+++ b/sound/hda/codecs/side-codecs/tas2781_hda.c
@@ -193,6 +193,11 @@ int tas2781_save_calibration(struct tas2781_hda *hda)
 	efi_status_t status;
 	int i;
 
+	if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) {
+		dev_err(p->dev, "%s: NO EFI FOUND!\n", __func__);
+		return -EINVAL;
+	}
+
 	if (hda->catlog_id < LENOVO)
 		efi_guid = tasdev_fct_efi_guid[hda->catlog_id];
 
diff --git a/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c b/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c
index 008dbe1490a7..4dea442d8c30 100644
--- a/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c
+++ b/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c
@@ -317,6 +317,11 @@ static int tas2563_save_calibration(struct tas2781_hda *h)
 	unsigned int attr;
 	int ret, i, j, k;
 
+	if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) {
+		dev_err(p->dev, "%s: NO EFI FOUND!\n", __func__);
+		return -EINVAL;
+	}
+
 	cd->cali_dat_sz_per_dev = TAS2563_CAL_DATA_SIZE * TASDEV_CALIB_N;
 
 	/* extra byte for each device is the device number */
-- 
2.43.0
Re: [PATCH v1] ALSA: hda/tas2781: Fix a potential race condition that causes a NULL pointer in case no efi.get_variable exsits
Posted by Takashi Iwai 3 weeks ago 
On Thu, 11 Sep 2025 09:11:31 +0200,
Shenghao Ding wrote:
> 
> A a potential race condition reported by one of my customers that leads to
> a NULL pointer dereference, where the call to efi.get_variable should be
> guarded with efi_rt_services_supported() to ensure that function exists.
> 
> Fixes: 4fe238513407 ("ALSA: hda/tas2781: Move and unified the calibrated-data getting function for SPI and I2C into the tas2781_hda lib")
> Signed-off-by: Shenghao Ding <shenghao-ding@ti.com>

Thanks, applied now.


Takashi

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.