Message ID | 1509946476-31401-2-git-send-email-hui.wang@canonical.com |
---|---|
State | New |
Headers | show |
Series | [Z/A/linux-oem] ALSA: hda: Abort capability probe at invalid register read | expand |
Clean cherry-pick with limited impacts. Acked-by: Aaron Ma <aaron.ma@canonical.com> On 11/06/2017 01:34 PM, Hui Wang wrote: > From: Takashi Iwai <tiwai@suse.de> > > BugLink: http://bugs.launchpad.net/bugs/1730261 > > The loop in snd_hdac_bus_parse_capabilities() may go to nirvana when > it hits an invalid register value read: > > BUG: unable to handle kernel paging request at ffffad5dc41f3fff > IP: pci_azx_readl+0x5/0x10 [snd_hda_intel] > Call Trace: > snd_hdac_bus_parse_capabilities+0x3c/0x1f0 [snd_hda_core] > azx_probe_continue+0x7d5/0x940 [snd_hda_intel] > ..... > > This happened on a new Intel machine, and we need to check the value > and abort the loop accordingly. > > [Note: the fixes tag below indicates only the commit where this patch > can be applied; the original problem was introduced even before that > commit] > > Fixes: 6720b38420a0 ("ALSA: hda - move bus_parse_capabilities to core") > Cc: <stable@vger.kernel.org> > Acked-by: Vinod Koul <vinod.koul@intel.com> > Signed-off-by: Takashi Iwai <tiwai@suse.de> > (cherry picked from commit 098a0a62c1554f5a3813ef1b8539563214ada8f6) > Signed-off-by: Hui Wang <hui.wang@canonical.com> > --- > sound/hda/hdac_controller.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/sound/hda/hdac_controller.c b/sound/hda/hdac_controller.c > index 978dc18..f6d2985 100644 > --- a/sound/hda/hdac_controller.c > +++ b/sound/hda/hdac_controller.c > @@ -284,6 +284,11 @@ int snd_hdac_bus_parse_capabilities(struct hdac_bus *bus) > dev_dbg(bus->dev, "HDA capability ID: 0x%x\n", > (cur_cap & AZX_CAP_HDR_ID_MASK) >> AZX_CAP_HDR_ID_OFF); > > + if (cur_cap == -1) { > + dev_dbg(bus->dev, "Invalid capability reg read\n"); > + break; > + } > + > switch ((cur_cap & AZX_CAP_HDR_ID_MASK) >> AZX_CAP_HDR_ID_OFF) { > case AZX_ML_CAP_ID: > dev_dbg(bus->dev, "Found ML capability\n"); >
Acked and applied to linux-oem. On 06.11.2017 07:34, Hui Wang wrote: > From: Takashi Iwai <tiwai@suse.de> > > BugLink: http://bugs.launchpad.net/bugs/1730261 > > The loop in snd_hdac_bus_parse_capabilities() may go to nirvana when > it hits an invalid register value read: > > BUG: unable to handle kernel paging request at ffffad5dc41f3fff > IP: pci_azx_readl+0x5/0x10 [snd_hda_intel] > Call Trace: > snd_hdac_bus_parse_capabilities+0x3c/0x1f0 [snd_hda_core] > azx_probe_continue+0x7d5/0x940 [snd_hda_intel] > ..... > > This happened on a new Intel machine, and we need to check the value > and abort the loop accordingly. > > [Note: the fixes tag below indicates only the commit where this patch > can be applied; the original problem was introduced even before that > commit] > > Fixes: 6720b38420a0 ("ALSA: hda - move bus_parse_capabilities to core") > Cc: <stable@vger.kernel.org> > Acked-by: Vinod Koul <vinod.koul@intel.com> > Signed-off-by: Takashi Iwai <tiwai@suse.de> > (cherry picked from commit 098a0a62c1554f5a3813ef1b8539563214ada8f6) > Signed-off-by: Hui Wang <hui.wang@canonical.com> > --- > sound/hda/hdac_controller.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/sound/hda/hdac_controller.c b/sound/hda/hdac_controller.c > index 978dc18..f6d2985 100644 > --- a/sound/hda/hdac_controller.c > +++ b/sound/hda/hdac_controller.c > @@ -284,6 +284,11 @@ int snd_hdac_bus_parse_capabilities(struct hdac_bus *bus) > dev_dbg(bus->dev, "HDA capability ID: 0x%x\n", > (cur_cap & AZX_CAP_HDR_ID_MASK) >> AZX_CAP_HDR_ID_OFF); > > + if (cur_cap == -1) { > + dev_dbg(bus->dev, "Invalid capability reg read\n"); > + break; > + } > + > switch ((cur_cap & AZX_CAP_HDR_ID_MASK) >> AZX_CAP_HDR_ID_OFF) { > case AZX_ML_CAP_ID: > dev_dbg(bus->dev, "Found ML capability\n"); >
diff --git a/sound/hda/hdac_controller.c b/sound/hda/hdac_controller.c index 978dc18..f6d2985 100644 --- a/sound/hda/hdac_controller.c +++ b/sound/hda/hdac_controller.c @@ -284,6 +284,11 @@ int snd_hdac_bus_parse_capabilities(struct hdac_bus *bus) dev_dbg(bus->dev, "HDA capability ID: 0x%x\n", (cur_cap & AZX_CAP_HDR_ID_MASK) >> AZX_CAP_HDR_ID_OFF); + if (cur_cap == -1) { + dev_dbg(bus->dev, "Invalid capability reg read\n"); + break; + } + switch ((cur_cap & AZX_CAP_HDR_ID_MASK) >> AZX_CAP_HDR_ID_OFF) { case AZX_ML_CAP_ID: dev_dbg(bus->dev, "Found ML capability\n");