Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp433317imm; Wed, 18 Jul 2018 04:54:26 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfBNssYPkBJ+Ke7EwXhqlisrIFdTknv3To+czMn5jDKfFPdVnmpmDsmLjCiEY9mrd1Nhsck X-Received: by 2002:a63:66c7:: with SMTP id a190-v6mr5425707pgc.411.1531914866509; Wed, 18 Jul 2018 04:54:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531914866; cv=none; d=google.com; s=arc-20160816; b=GXoJXzUFqE4s/+YOQdJBVsv0Sl+QgsxIrKsiC4vUo738lcenc/6hD5QObRCVJkrntZ BUqvf4QaCh7oD2JAHHddBBNFDsZw2U/6CmNaE1SrGiJJmK+p9khwJaOL3647KLJApYBX oly69yPndfPZWKWjB8SZXg1k7s57xyRJeqXQ6Z695lAtZZ9OInTRZ8OxMziyqwiEwYfX W5Ul2Xf1Xm36T2o5Fm8bbZKh/tyJFowD74uQ7QVAl5yMaMh3PxLOf1DW3uhOXCVq2weZ yXKpyKwPr2RjVu3ZG518tVHvthkyGwY0T/jkSlfW+9vXYrUdyqdCWCoZ8HoQ/VgPcYYl 14qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :dlp-reaction:dlp-version:dlp-product:content-language :accept-language:message-id:date:thread-index:thread-topic:subject :cc:to:from:arc-authentication-results; bh=2sx2mhjin/Yy+YmbVQoKf0wmXUqeoTo+lUw5N3/BDjg=; b=CidkOgD2tVVCLyp0hkWE48Ju+QrkqZjWGpswxXYIB3KICD02nssOxV6JRNsevH1kgr C0zK2vH1C4x2Ilsu0LvXOva4D4El0bsNDjYrTlMqv4++MYpVjCFNx8BSCwMzrcV+9bQV zjqEdjd6YCPi0EDgXVeI64RoQFnbh5euh7E5k3XjD3cMFbbnhkZi+5+yvlTSUW1Y7jxE 1f9fKO5euQ2YUuGWvCJ8inj8U/+R4776mcRlguEFCtI3EWWjMb9QuMTer7wB+DUNDL5Z X/CR6WF/iFOohxLAomjoRJ4rVeRzf2lWsry6dXLqrdLTkWIAWXkyCyVDaXRCQa+X+nCq WS7A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d37-v6si2998934plb.481.2018.07.18.04.54.11; Wed, 18 Jul 2018 04:54:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730499AbeGRMab convert rfc822-to-8bit (ORCPT + 99 others); Wed, 18 Jul 2018 08:30:31 -0400 Received: from mga07.intel.com ([134.134.136.100]:7973 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729185AbeGRMab (ORCPT ); Wed, 18 Jul 2018 08:30:31 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Jul 2018 04:52:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,370,1526367600"; d="scan'208";a="55917652" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga008.fm.intel.com with ESMTP; 18 Jul 2018 04:52:48 -0700 Received: from fmsmsx124.amr.corp.intel.com (10.18.125.39) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 18 Jul 2018 04:52:48 -0700 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by fmsmsx124.amr.corp.intel.com (10.18.125.39) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 18 Jul 2018 04:52:48 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.81]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.100]) with mapi id 14.03.0319.002; Wed, 18 Jul 2018 19:52:46 +0800 From: "He, Bo" To: "linux-kernel@vger.kernel.org" , "alsa-devel@alsa-project.org" , "perex@perex.cz" , "tiwai@suse.com" CC: "Zhang, Jun" , "Zhang, Yanmin" Subject: [PATCH] ALSA: core: fix unsigned int pages overflow when comapred Thread-Topic: [PATCH] ALSA: core: fix unsigned int pages overflow when comapred Thread-Index: AdQejWjk55iqWVRYS2+apgz1v2Viqg== Date: Wed, 18 Jul 2018 11:52:45 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNTFhZGVkODMtZTFmMi00YzYwLTk1YjUtNjhjNDI3NmY2N2YxIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoieFR3NVFsa1haWDIrV1V6emQ2Qnp6bWt1NlwvUjA2QktVYjB6R1BsVENNMWlSeUsxYWlnc1pEMEpLNE9NUXNvWE8ifQ== dlp-product: dlpe-windows dlp-version: 11.0.200.100 dlp-reaction: no-action x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org we see the below kernel panic on stress suspend resume test in snd_malloc_sgbuf_pages(), snd_dma_alloc_pages_fallback() alloc chunk maybe larger than the left pages due to the pages alignment, which will cause the pages overflow. while (pages > 0) { ... pages -= chunk; } the patch is change the pages from unsigned int to int to fix the issue. BUG: unable to handle kernel paging request at ffff88000deb4000 IP: [] memset_erms+0x9/0x10 Call Trace: [] snd_dma_alloc_pages+0xff/0x210 [] snd_dma_alloc_pages_fallback+0x6f/0x90 [] snd_malloc_sgbuf_pages+0x145/0x370 [] snd_dma_alloc_pages+0x16e/0x210 [] hdac_ext_dma_alloc_pages+0x1d/0x40 [snd_hda_ext_core] [] snd_hdac_dsp_prepare+0xca/0x1c0 [snd_hda_core] [] skl_dsp_prepare+0x99/0xf0 [snd_soc_skl] [] bxt_load_base_firmware+0x9e/0x5c0 [snd_soc_skl_ipc] [] bxt_set_dsp_D0+0x14c/0x300 [snd_soc_skl_ipc] [] skl_dsp_get_core+0x43/0xd0 [snd_soc_skl_ipc] [] skl_dsp_wake+0x10/0x20 [snd_soc_skl_ipc] [] skl_resume_dsp+0x7e/0x140 [snd_soc_skl] [] skl_resume+0xda/0x170 [snd_soc_skl] [] pci_pm_resume+0x76/0xe0 [] dpm_run_callback+0x5a/0x180 [] device_resume+0xdc/0x2c0 [] dpm_resume+0x118/0x310 [] dpm_resume_end+0x11/0x20 [] suspend_devices_and_enter+0x11c/0x2b0 [] pm_suspend+0x35d/0x3d0 [] state_store+0x66/0x90 [] kobj_attr_store+0x12/0x20 [] sysfs_kf_write+0x3c/0x50 [] kernfs_fop_write+0x11d/0x1a0 [] __vfs_write+0x3a/0x150 [] vfs_write+0xb1/0x1a0 [] SyS_write+0x58/0xc0 [] do_syscall_64+0x6a/0xe0 [] entry_SYSCALL_64_after_swapgs+0x5d/0xd7 Signed-off-by: he, bo Signed-off-by: zhang jun --- sound/core/sgbuf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/core/sgbuf.c b/sound/core/sgbuf.c index 84fffab..33449ee 100644 --- a/sound/core/sgbuf.c +++ b/sound/core/sgbuf.c @@ -68,7 +68,8 @@ void *snd_malloc_sgbuf_pages(struct device *device, size_t *res_size) { struct snd_sg_buf *sgbuf; - unsigned int i, pages, chunk, maxpages; + unsigned int i, chunk, maxpages; + int pages; struct snd_dma_buffer tmpb; struct snd_sg_page *table; struct page **pgtable; -- 2.7.4