Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4531968yba; Mon, 29 Apr 2019 23:14:34 -0700 (PDT) X-Google-Smtp-Source: APXvYqxV/HNcAyCkA6tZ/mPvP+w/6RiFjs98Ngzgti6FAIOpSdg6iEyzWB0ZZUItVVr8lgfkzBqj X-Received: by 2002:a17:902:4681:: with SMTP id p1mr8251038pld.139.1556604874492; Mon, 29 Apr 2019 23:14:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556604874; cv=none; d=google.com; s=arc-20160816; b=HmeLTIZ3wa8elP2LRCMbHJ2aatBIX5ma0Y5aKdIhE0msRdXDabSH9S+AX2oCHsp5hn dzx7zQwNxtgmk2V3fAVdNzphOsadiGMhJGNJBek4DRxySdnGAaAa5fRat6IxICC25xCH rY7Hif6q69FcRs49G2Tjwq1p6YZYAIGKq/ZZUGSqAjQkuxHVY8q8j/6f0G9iVVNRPiwH 5bj3IhXAIMHq298yzWZp3q+WtH4W6S+kGeGboFkEhtswR6pu9oio0ANG72vWqoJ1xCRi 0sADHamFMS80be7zypAxGrau5++GjKVzqWqDZXjqbV4XvlxVNO4zwrHtfsjj20zN3Hhh RkAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from; bh=8Cy8T5dR/tiieuW7xKcCwuVcPgwSm0L3Pf+mIjywhMc=; b=GANPSvJb/0ch1u0+bKlUhHtHqX7IG0RgjhT9sKILd1LEtw6kMw8nfQZcR+ZEzp3cII 5yFdHjNBnMoNvgG24/g2SO6J1GbTqLVx69UAhygR2TCxbVR4XJcGeI6ZABY3kqUSm9Rs QnvHKqyvxo7dwyrhm0nO1YCWsLeGG/uhqJhpFSEhdSq1+LKRzqGpY1qwGP6wHLxi5V5k Qcrujaw+a4wRP3V4iz3jd9IngMkTjVVqDwJTE1TCOyj7d4wzSd9u/TzFc/2yO+22LDk6 KS9MRYKii3of9NyyE6pUpS1AYzB4mebHQfSBX44JfYvajjZbTZZKCGJC8jaiFd0NgrYz abqw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r39si37571979pld.10.2019.04.29.23.14.18; Mon, 29 Apr 2019 23:14:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726225AbfD3GNK (ORCPT + 99 others); Tue, 30 Apr 2019 02:13:10 -0400 Received: from mail1.windriver.com ([147.11.146.13]:58527 "EHLO mail1.windriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725788AbfD3GNK (ORCPT ); Tue, 30 Apr 2019 02:13:10 -0400 Received: from ALA-HCA.corp.ad.wrs.com ([147.11.189.40]) by mail1.windriver.com (8.15.2/8.15.1) with ESMTPS id x3U6CAK5017535 (version=TLSv1 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 29 Apr 2019 23:12:10 -0700 (PDT) Received: from pek-lpggp3.wrs.com (128.224.153.76) by ALA-HCA.corp.ad.wrs.com (147.11.189.40) with Microsoft SMTP Server id 14.3.439.0; Mon, 29 Apr 2019 23:12:09 -0700 From: Song liwei To: CC: Jaroslav Kysela , Takashi Iwai , Yu Zhao , Mark Brown , Keyon Jie , linux-kernel , LiweiSong Subject: [PATCH] ALSA: hda: check RIRB to avoid use NULL pointer Date: Tue, 30 Apr 2019 02:10:53 -0400 Message-ID: <1556604653-47363-1-git-send-email-liwei.song@windriver.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Liwei Song Fix the following BUG: BUG: unable to handle kernel NULL pointer dereference at 000000000000000c Workqueue: events azx_probe_work [snd_hda_intel] RIP: 0010:snd_hdac_bus_update_rirb+0x80/0x160 [snd_hda_core] Call Trace: azx_interrupt+0x78/0x140 [snd_hda_codec] __handle_irq_event_percpu+0x49/0x300 handle_irq_event_percpu+0x23/0x60 handle_irq_event+0x3c/0x60 handle_edge_irq+0xdb/0x180 handle_irq+0x23/0x30 do_IRQ+0x6a/0x140 common_interrupt+0xf/0xf The Call Trace happened when run kdump on a NFS rootfs system. Exist the following calling sequence when boot the second kernel: azx_first_init() --> azx_acquire_irq() <-- interrupt come in, azx_interrupt() was called --> hda_intel_init_chip() --> azx_init_chip() --> snd_hdac_bus_init_chip() --> snd_hdac_bus_init_cmd_io(); --> init rirb.buf and corb.buf Interrupt happened after azx_acquire_irq() while RIRB still didn't got initialized, then NULL pointer will be used when process the interrupt. Check the value of RIRB to ensure it is not NULL, to aviod some special case may hang the system. Fixes: 14752412721c ("ALSA: hda - Add the controller helper codes to hda-core module") Signed-off-by: Liwei Song --- sound/hda/hdac_controller.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sound/hda/hdac_controller.c b/sound/hda/hdac_controller.c index 74244d8e2909..2f0fa5353361 100644 --- a/sound/hda/hdac_controller.c +++ b/sound/hda/hdac_controller.c @@ -195,6 +195,9 @@ void snd_hdac_bus_update_rirb(struct hdac_bus *bus) return; bus->rirb.wp = wp; + if (!bus->rirb.buf) + return; + while (bus->rirb.rp != wp) { bus->rirb.rp++; bus->rirb.rp %= AZX_MAX_RIRB_ENTRIES; -- 2.7.4