All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Ozan Çağlayan" <ozan@pardus.org.tr>
To: Takashi Iwai <tiwai@suse.de>
Cc: alsa-devel@alsa-project.org
Subject: Re: [BUG] NULL pointer dereference in patch_sigmatel.c
Date: Thu, 06 Aug 2009 16:41:27 +0300	[thread overview]
Message-ID: <4A7ADD87.4030109@pardus.org.tr> (raw)
In-Reply-To: <s5hy6qn8wyj.wl%tiwai@suse.de>

Takashi Iwai wrote On 17-07-2009 12:45:
> At Fri, 17 Jul 2009 11:33:08 +0200,
> I wrote:
>   
>> At Thu, 16 Jul 2009 22:51:50 +0300,
>> Ozan Çağlayan wrote:
>>     
>>> Hi,
>>>
>>> One of our users is having a NULL ptr dereference upon loading the
>>> snd_hda_intel module with 20090624's snapshot. There's only one commit
>>> after that date in patch_sigmatel.c so I didn't tell him to try with the
>>> latest snapshot but if you think that the bug may be related to another
>>> part of the ALSA codebase, I can make him try the latest snapshot.
>>>       
>> I suppose you are using unstable tree, right?
>>     
>
> Looking through the stack trace, it's not...
>   

Okay I've founded the problem. Here's the relevant code portion that
I've got from gdb:

(gdb) list *cxt5051_init+0x90
0xdf4 is in cxt5051_init
(/var/pisi/alsa-driver-1.0.20_20090805-41/work/alsa-driver/pci/hda/../../alsa-kernel/pci/hda/patch_conexant.c:384).
379             jack->type = type;
380
381             err = snd_jack_new(codec->bus->card, name, type,
&jack->jack);
382             if (err < 0)
383                     return err;
384             jack->jack->private_data = jack;
385             jack->jack->private_free = conexant_free_jack_priv;
386             return 0;
387     }
388

and then I've checked the mainline linus-2.6 and found out the following
commit:

commit 95c0909961bc5ff18c78b2ab0d093cddc0a8b0b5
Author: Takashi Iwai <tiwai@suse.de>
Date:   Tue Apr 14 16:15:29 2009 +0200

    ALSA: hda - Avoid call of snd_jack_report at release

    Don't call snd_jack_report at release of sigmatel and conexnat codecs
    which results in Oops at unloading the module.

    The Oops is triggered by the power-up sequence during the free due to
    the pincfg restoration.  Since the power-up sequence is involved with
    the unsol handling, the jack reporting may be issued during that.
    The Oops occurs with this jack reporting because the jack instances
    have been already released but the codec doesn't do the proper
    book-keeping.

    This patch adds the book-keeping of jack instances to avoid the access
    to bogus pointers.

Reverting this fixed the problem on the machine which has the conexant
cx codec. Seen that the commit patches also the sigmatel one, it
explains the other oops in the beginning of this thread.

I'm not currently able to test the two machines on a newer kernel than
2.6.25.20 so I don't know if the problem is in the code or in the
wrappers/ABI-API patches in alsa-driver, etc.

Regards,
Ozan
_______________________________________________
Alsa-devel mailing list
Alsa-devel@alsa-project.org
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel

  parent reply	other threads:[~2009-08-06 13:38 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-07-16 19:51 [BUG] NULL pointer dereference in patch_sigmatel.c Ozan Çağlayan
2009-07-17  9:33 ` Takashi Iwai
2009-07-17  9:45   ` Takashi Iwai
2009-08-06 11:38     ` Ozan Çağlayan
2009-08-06 13:41     ` Ozan Çağlayan [this message]
2009-08-06 14:13       ` Takashi Iwai
2009-08-07  9:33         ` Ozan Çağlayan
2009-08-07  9:43           ` James Courtier-Dutton
2009-08-07  9:56             ` Takashi Iwai
2009-08-07 10:21               ` James Courtier-Dutton
2009-08-07 10:36               ` Ozan Çağlayan
2009-08-07 10:49                 ` Takashi Iwai
2009-08-07 13:39                   ` Ozan Çağlayan
2009-08-07 13:39                     ` Takashi Iwai
2009-08-09 12:10                       ` Ozan Çağlayan
2009-08-09 18:01                         ` Takashi Iwai
2009-08-09 23:02                           ` Ozan Çağlayan
2009-08-10  5:39                             ` Takashi Iwai
2009-08-10  5:48                               ` Takashi Iwai
2009-08-10  7:01                                 ` Ozan Çağlayan
2009-08-10  7:41                                   ` Takashi Iwai
2009-07-17  9:53   ` Ozan Çağlayan
2009-07-17 10:01     ` Takashi Iwai
2009-07-17 10:35       ` Ozan Çağlayan
2009-07-17 10:41         ` Takashi Iwai

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4A7ADD87.4030109@pardus.org.tr \
    --to=ozan@pardus.org.tr \
    --cc=alsa-devel@alsa-project.org \
    --cc=tiwai@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.