[linux-yocto] [linux-yocto v5.0/standard/base][PATCH] ALSA: hda: check RIRB to avoid use NULL pointer

[Bruce Ashfield]

On Sun, Apr 28, 2019 at 4:42 AM Liwei Song <liwei.song at windriver.com> wrote:

> Fix the following BUG:
>
>
Is this also a bug in the mainline kernel ? If so, what's the resolution
for the issue there ?

Bruce



> BUG: unable to handle kernel NULL pointer dereference at 000000000000000c
> Workqueue: events azx_probe_work [snd_hda_intel]
> RIP: 0010:snd_hdac_bus_update_rirb+0x80/0x160 [snd_hda_core]
> Call Trace:
>  <IRQ>
>  azx_interrupt+0x78/0x140 [snd_hda_codec]
>  __handle_irq_event_percpu+0x49/0x300
>  handle_irq_event_percpu+0x23/0x60
>  handle_irq_event+0x3c/0x60
>  handle_edge_irq+0xdb/0x180
>  handle_irq+0x23/0x30
>  do_IRQ+0x6a/0x140
>  common_interrupt+0xf/0xf
>
> The Call Trace happened when run kdump on a NFS rootfs system.
> Exist the following calling sequence when boot the second kernel:
>
> azx_first_init()
>    --> azx_acquire_irq()
>                       <-- interrupt come in, azx_interrupt() was called
>    --> hda_intel_init_chip()
>       --> azx_init_chip()
>          --> snd_hdac_bus_init_chip()
>               --> snd_hdac_bus_init_cmd_io();
>                     --> init rirb.buf and corb.buf
>
> Interrupt happened after azx_acquire_irq() while RIRB still didn't got
> initialized, then NULL pointer will be used when process the interrupt.
>
> Considering adjust the calling sequence may import new issue like
> 2eeeb4f4733b ("ASoC: Intel: Skylake: Acquire irq after RIRB allocation")
> so here simply check the value of RIRB to avoid using NULL pointer.
>
> Fixes: 14752412721c ("ALSA: hda - Add the controller helper codes to
> hda-core module")
> Signed-off-by: Liwei Song <liwei.song at windriver.com>
> ---
>  sound/hda/hdac_controller.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/sound/hda/hdac_controller.c b/sound/hda/hdac_controller.c
> index 74244d8e2909..2f0fa5353361 100644
> --- a/sound/hda/hdac_controller.c
> +++ b/sound/hda/hdac_controller.c
> @@ -195,6 +195,9 @@ void snd_hdac_bus_update_rirb(struct hdac_bus *bus)
>                 return;
>         bus->rirb.wp = wp;
>
> +       if (!bus->rirb.buf)
> +               return;
> +
>         while (bus->rirb.rp != wp) {
>                 bus->rirb.rp++;
>                 bus->rirb.rp %= AZX_MAX_RIRB_ENTRIES;
> --
> 2.7.4
>
>

-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/linux-yocto/attachments/20190429/be8068ef/attachment.html>