From 5759bbcc0d24a0f84f9021cf06f02a08c4e739fe Mon Sep 17 00:00:00 2001
From: Yumi Yukimura <me.cafebabe@gmail.com>
Date: Sat, 23 Sep 2023 01:20:43 +0800
Subject: [PATCH] ANDROID: ALSA: jack: Revert mismerge done in v4.19.291

This reverts commit 839f4e860eb6aff659ad05900963cf0410063eda

As of the commit 839f4e860eb6 ("ALSA: jack: Fix mutex call in snd_jack_report()"),
the change was introduced in order to fix commit c093b62c4002 ("ALSA: jack: Access input_dev under mutex")
which was later on reverted in commit 9508bececcf5 ("Revert "ALSA: jack: Access input_dev under mutex"")
as of reason that it broke kernel ABI and is not relevant for Android system.

Furthermore, this mismerge also lead to following null pointer dereference
in certain scenarios like plugging in 3.5mm headset.

[ 1142.234701] Unable to handle kernel read from unreadable memory at virtual address 0000000000000028
[ 1142.234720] Mem abort info:
[ 1142.234729] ESR = 0x96000005
[ 1142.234739] Exception class = DABT (current EL), IL = 32 bits
[ 1142.234747] SET = 0, FnV = 0
[ 1142.234755] EA = 0, S1PTW = 0
[ 1142.234762] Data abort info:
[ 1142.234770] ISV = 0, ISS = 0x00000005
[ 1142.234778] CM = 0, WnR = 0
[ 1142.234790] user pgtable: 4k pages, 39-bit VAs, pgdp = 0000000016d049a1
[ 1142.234799] [0000000000000028] pgd=00000000eb5a7003, pud=00000000eb5a7003, pmd=0000000000000000
[ 1142.234817] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[ 1142.234828] Modules linked in:
[ 1142.234839] Process kworker/5:0 (pid: 5915, stack limit = 0x000000000ffb215a)
[ 1142.234853] CPU: 5 PID: 5915 Comm: kworker/5:0 Tainted: G W 4.19.294-Mi8937v2-gb3b17955ff52 #1
[ 1142.234862] Hardware name: Qualcomm Technologies, Inc. MSM8940-PMI8937 MTP (DT)
[ 1142.234886] Workqueue: events wcd_correct_swch_plug
[ 1142.234899] pstate: 80400005 (Nzcv daif +PAN -UAO)
[ 1142.234914] pc : input_event+0x2c/0x84
[ 1142.234929] lr : snd_jack_report+0xc4/0x17c
[ 1142.234937] sp : ffffff801c07bbe0
[ 1142.234945] x29: ffffff801c07bbe0 x28: 0000000000000402
[ 1142.234957] x27: ffffff800a110028 x26: ffffffc0d2e92480
[ 1142.234969] x25: ffffffc0cb9b32c0 x24: ffffff800a46f398
[ 1142.234981] x23: ffffff800a110028 x22: 0000000000000000
[ 1142.234992] x21: 0000000000000005 x20: 000000000000000c
[ 1142.235004] x19: ffffffc0cb9da400 x18: 0000000005f5e100
[ 1142.235015] x17: 0000000000000000 x16: 0000000000000000
[ 1142.235026] x15: ffffffffff21d823 x14: 0000000001312d00
[ 1142.235038] x13: 0000000000000000 x12: 0000000038e38e39
[ 1142.235049] x11: 0000000000000000 x10: 0000000000000003
[ 1142.235060] x9 : ffffff800a4ce000 x8 : 0000000000000000
[ 1142.235072] x7 : 0000000000000001 x6 : ffffffc0ef490a83
[ 1142.235083] x5 : 0000000000000001 x4 : 0000000000000001
[ 1142.235094] x3 : 0000000000000000 x2 : 0000000000000002
[ 1142.235105] x1 : 0000000000000005 x0 : 0000000000000000
[ 1142.235117] Call trace:
[ 1142.235128] input_event+0x2c/0x84
[ 1142.235140] snd_jack_report+0xc4/0x17c
[ 1142.235152] snd_soc_jack_report+0x1ec/0x21c
[ 1142.235164] wcd_mbhc_report_plug+0x414/0x6f4
[ 1142.235176] wcd_mbhc_find_plug_and_report+0xcc/0x27c
[ 1142.235188] wcd_correct_swch_plug+0x198/0xbf0
[ 1142.235203] process_one_work+0x224/0x3ec
[ 1142.235215] worker_thread+0x260/0x4a8
[ 1142.235227] kthread+0x138/0x154
[ 1142.235239] ret_from_fork+0x10/0x18
[ 1142.235254] Code: 53067c28 2a0103f5 aa0003f6 8b284c08 (f9401508)
[ 1142.235265] ---[ end trace 98bff2bd0de72df6 ]---
[ 1142.328772] Kernel panic - not syncing: Fatal exception

Bug: 304056831
Co-authored-by: Hridaya Prajapati <info.hridayaprajapati@gmail.com>
Signed-off-by: Hridaya Prajapati <info.hridayaprajapati@gmail.com>
Signed-off-by: Yumi Yukimura <me.cafebabe@gmail.com>
Change-Id: I146cf474603681243c62672491aaf3c5187551d7
---
 sound/core/jack.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/sound/core/jack.c b/sound/core/jack.c
index 68b098538827..b13b22e993c0 100644
--- a/sound/core/jack.c
+++ b/sound/core/jack.c
@@ -366,7 +366,6 @@ void snd_jack_report(struct snd_jack *jack, int status)
 {
 	struct snd_jack_kctl *jack_kctl;
 #ifdef CONFIG_SND_JACK_INPUT_DEV
-	struct input_dev *idev;
 	int i;
 #endif
 
@@ -385,14 +384,14 @@ void snd_jack_report(struct snd_jack *jack, int status)
 		int testbit = SND_JACK_BTN_0 >> i;
 
 		if (jack->type & testbit)
-			input_report_key(idev, jack->key[i],
+			input_report_key(jack->input_dev, jack->key[i],
 					 status & testbit);
 	}
 
 	for (i = 0; i < ARRAY_SIZE(jack_switch_types); i++) {
 		int testbit = 1 << i;
 		if (jack->type & testbit)
-			input_report_switch(idev,
+			input_report_switch(jack->input_dev,
 					    jack_switch_types[i],
 					    status & testbit);
 	}