ASoC: SOF: Intel: hda: Fix NULL pointer dereference #5650
+23
−5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ranj063
requested review from
dbaluta,
kv2019i,
lyakh and
plbossart
as code owners
If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopback capture for echo reference where we use the dummy DAI link. Return the error when the widget is not set to avoid a null pointer dereference like below when the topology is broken. RIP: 0010:hda_dai_get_ops.isra.0+0x14/0xa0 [snd_sof_intel_hda_common] Signed-off-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Add a virtual CPU DAI for loopback capture for echo reference implementation. We can't use the snd-soc-dummy-dai because it is already used for the bluetooth DAI link. Signed-off-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Don't use the dummy CPU DAI but use the virtual loopback capture CPU DAI instead. Signed-off-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
ranj063
force-pushed
the
fix/null_widget
branch
from
c3c4b5f to
b1a743e
Compare
bardliao
approved these changes
Jan 18, 2026
lyakh
reviewed
Jan 19, 2026
| * this is unlikely if the topology and the machine driver DAI links match. | ||
| * But if there's a missing DAI link in topology, this will prevent a NULL pointer | ||
| * dereference later on. | ||
| */ |
Collaborator
There was a problem hiding this comment.
is such a case viable? Shouldn't it be caught before this call, maybe even in the driver? But maybe this is indeed the first location where such a check is feasible, not sure really, just clarifying
Collaborator
Author
There was a problem hiding this comment.
@lyakh if the topology is clean and it matches the machine driver exactly, this isnt possible but I encountered the problem with echo ref defined in the machine driver and topology but BT only in the machine driver. This will not happen in production topologies but even for development topologies an error is more graceful than a crash
majunkier
approved these changes
Jan 19, 2026
majunkier
left a comment
majunkier
left a comment
There was a problem hiding this comment.
i have tested this PR, fixes problem. +1
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of iloopback capture for echo reference where we use the dummy DAI link. Return the error when the widget is not set to avoid a null pointer dereference like below when the topology is broken.
RIP: 0010:hda_dai_get_ops.isra.0+0x14/0xa0 [snd_sof_intel_hda_common]