From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Cezary Rojewski <cezary.rojewski@intel.com>,
Kai Vehmanen <kai.vehmanen@linux.intel.com>,
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>,
Takashi Iwai <tiwai@suse.de>, Sasha Levin <sashal@kernel.org>,
perex@perex.cz, tiwai@suse.com, mkumard@nvidia.com,
peter.ujfalusi@linux.intel.com, alsa-devel@alsa-project.org
Subject: [PATCH AUTOSEL 6.0 07/44] ALSA: hda: Fix page fault in snd_hda_codec_shutdown()
Date: Sun, 9 Oct 2022 19:48:55 -0400 [thread overview]
Message-ID: <20221009234932.1230196-7-sashal@kernel.org> (raw)
In-Reply-To: <20221009234932.1230196-1-sashal@kernel.org>
From: Cezary Rojewski <cezary.rojewski@intel.com>
[ Upstream commit f2bd1c5ae2cb0cf9525c9bffc0038c12dd7e1338 ]
If early probe of HDAudio bus driver fails e.g.: due to missing
firmware file, snd_hda_codec_shutdown() ends in manipulating
uninitialized codec->pcm_list_head causing page fault.
Initialization of HDAudio codec in ASoC is split in two:
- snd_hda_codec_device_init()
- snd_hda_codec_device_new()
snd_hda_codec_device_init() is called during probe_codecs() by HDAudio
bus driver while snd_hda_codec_device_new() is called by
codec-component's ->probe(). The second call will not happen until all
components required by related sound card are present within the ASoC
framework. With firmware failing to load during the PCI's deferred
initialization i.e.: probe_work(), no platform components are ever
registered. HDAudio codec enumeration is done at that point though, so
the codec components became registered to ASoC framework, calling
snd_hda_codec_device_init() in the process.
Now, during platform reboot snd_hda_codec_shutdown() is called for every
codec found on the HDAudio bus causing oops if any of them has not
completed both of their initialization steps. Relocating field
initialization fixes the issue.
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://lore.kernel.org/r/20220816111727.3218543-7-cezary.rojewski@intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/hda_codec.c | 41 +++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 21 deletions(-)
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
index 384426d7e9dd..4ae8b9574778 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -931,8 +931,28 @@ snd_hda_codec_device_init(struct hda_bus *bus, unsigned int codec_addr,
}
codec->bus = bus;
+ codec->depop_delay = -1;
+ codec->fixup_id = HDA_FIXUP_ID_NOT_SET;
+ codec->core.dev.release = snd_hda_codec_dev_release;
+ codec->core.exec_verb = codec_exec_verb;
codec->core.type = HDA_DEV_LEGACY;
+ mutex_init(&codec->spdif_mutex);
+ mutex_init(&codec->control_mutex);
+ snd_array_init(&codec->mixers, sizeof(struct hda_nid_item), 32);
+ snd_array_init(&codec->nids, sizeof(struct hda_nid_item), 32);
+ snd_array_init(&codec->init_pins, sizeof(struct hda_pincfg), 16);
+ snd_array_init(&codec->driver_pins, sizeof(struct hda_pincfg), 16);
+ snd_array_init(&codec->cvt_setups, sizeof(struct hda_cvt_setup), 8);
+ snd_array_init(&codec->spdif_out, sizeof(struct hda_spdif_out), 16);
+ snd_array_init(&codec->jacktbl, sizeof(struct hda_jack_tbl), 16);
+ snd_array_init(&codec->verbs, sizeof(struct hda_verb *), 8);
+ INIT_LIST_HEAD(&codec->conn_list);
+ INIT_LIST_HEAD(&codec->pcm_list_head);
+ INIT_DELAYED_WORK(&codec->jackpoll_work, hda_jackpoll_work);
+ refcount_set(&codec->pcm_ref, 1);
+ init_waitqueue_head(&codec->remove_sleep);
+
return codec;
}
EXPORT_SYMBOL_GPL(snd_hda_codec_device_init);
@@ -985,29 +1005,8 @@ int snd_hda_codec_device_new(struct hda_bus *bus, struct snd_card *card,
if (snd_BUG_ON(codec_addr > HDA_MAX_CODEC_ADDRESS))
return -EINVAL;
- codec->core.dev.release = snd_hda_codec_dev_release;
- codec->core.exec_verb = codec_exec_verb;
-
codec->card = card;
codec->addr = codec_addr;
- mutex_init(&codec->spdif_mutex);
- mutex_init(&codec->control_mutex);
- snd_array_init(&codec->mixers, sizeof(struct hda_nid_item), 32);
- snd_array_init(&codec->nids, sizeof(struct hda_nid_item), 32);
- snd_array_init(&codec->init_pins, sizeof(struct hda_pincfg), 16);
- snd_array_init(&codec->driver_pins, sizeof(struct hda_pincfg), 16);
- snd_array_init(&codec->cvt_setups, sizeof(struct hda_cvt_setup), 8);
- snd_array_init(&codec->spdif_out, sizeof(struct hda_spdif_out), 16);
- snd_array_init(&codec->jacktbl, sizeof(struct hda_jack_tbl), 16);
- snd_array_init(&codec->verbs, sizeof(struct hda_verb *), 8);
- INIT_LIST_HEAD(&codec->conn_list);
- INIT_LIST_HEAD(&codec->pcm_list_head);
- refcount_set(&codec->pcm_ref, 1);
- init_waitqueue_head(&codec->remove_sleep);
-
- INIT_DELAYED_WORK(&codec->jackpoll_work, hda_jackpoll_work);
- codec->depop_delay = -1;
- codec->fixup_id = HDA_FIXUP_ID_NOT_SET;
#ifdef CONFIG_PM
codec->power_jiffies = jiffies;
--
2.35.1
next prev parent reply other threads:[~2022-10-10 0:13 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-09 23:48 [PATCH AUTOSEL 6.0 01/44] drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() Sasha Levin
2022-10-09 23:48 ` [PATCH AUTOSEL 6.0 02/44] drm: Use size_t type for len variable in drm_copy_field() Sasha Levin
2022-10-09 23:48 ` [PATCH AUTOSEL 6.0 03/44] drm: Prevent drm_copy_field() to attempt copying a NULL pointer Sasha Levin
2022-10-09 23:48 ` [PATCH AUTOSEL 6.0 04/44] drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook Sasha Levin
2022-10-09 23:48 ` [PATCH AUTOSEL 6.0 05/44] gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() Sasha Levin
2022-10-09 23:48 ` [PATCH AUTOSEL 6.0 06/44] drm/amd/display: fix overflow on MIN_I64 definition Sasha Levin
2022-10-09 23:48 ` Sasha Levin [this message]
2022-10-25 14:27 ` [PATCH AUTOSEL 6.0 07/44] ALSA: hda: Fix page fault in snd_hda_codec_shutdown() Pierre-Louis Bossart
2022-10-25 14:50 ` Greg KH
2022-10-25 16:45 ` Pierre-Louis Bossart
2022-10-09 23:48 ` [PATCH AUTOSEL 6.0 08/44] ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support Sasha Levin
2022-10-09 23:48 ` [PATCH AUTOSEL 6.0 09/44] udmabuf: Set ubuf->sg = NULL if the creation of sg table fails Sasha Levin
2022-10-09 23:48 ` [PATCH AUTOSEL 6.0 10/44] platform/x86: pmc_atom: Improve quirk message to be less cryptic Sasha Levin
2022-10-09 23:48 ` [PATCH AUTOSEL 6.0 11/44] drm/amd: fix potential memory leak Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 12/44] drm: bridge: dw_hdmi: only trigger hotplug event on link change Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 13/44] drm/amd/display: Fix variable dereferenced before check Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 14/44] drm/amdgpu: Skip the program of MMMC_VM_AGP_* in SRIOV on MMHUB v3_0_0 Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 15/44] drm/admgpu: Skip CG/PG on SOC21 under SRIOV VF Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 16/44] drm: hide unregistered connectors from GETCONNECTOR IOCTL Sasha Levin
2022-10-13 19:31 ` Simon Ser
2022-10-16 14:51 ` Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 17/44] ALSA: usb-audio: Register card at the last interface Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 18/44] drm/vc4: vec: Fix timings for VEC modes Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 19/44] ACPI: video: Change disable_backlight_sysfs_if quirks to acpi_backlight=native Sasha Levin
2022-10-10 7:35 ` Hans de Goede
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 20/44] drm: panel-orientation-quirks: Add quirk for Anbernic Win600 Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 21/44] drm: panel-orientation-quirks: Add quirk for Aya Neo Air Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 22/44] platform/chrome: cros_ec: Notify the PM of wake events during resume Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 23/44] platform/x86: hp-wmi: Setting thermal profile fails with 0x06 Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 24/44] platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 25/44] ALSA: intel-dspconfig: add ES8336 support for AlderLake-PS Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 26/44] ASoC: SOF: pci: Change DMI match info to support all Chrome platforms Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 27/44] ASoC: sunxi: sun4i-codec: set debugfs_prefix for CPU DAI component Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 28/44] ASoC: SOF: add quirk to override topology mclk_id Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 29/44] drm/amdgpu: SDMA update use unlocked iterator Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 30/44] drm/amd/display: Fix urgent latency override for DCN32/DCN321 Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 31/44] drm/amd/display: correct hostvm flag Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 32/44] drm/amdgpu: fix initial connector audio value Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 33/44] ASoC: amd: yc: Add ASUS UM5302TA into DMI table Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 34/44] ASoC: amd: yc: Add Lenovo Yoga Slim 7 Pro X to quirks table Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 35/44] drm/meson: reorder driver deinit sequence to fix use-after-free bug Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 36/44] drm/meson: explicitly remove aggregate driver at module unload time Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 37/44] drm/meson: remove drm bridges at aggregate driver unbind time Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 38/44] drm/exynos: Fix return type for mixer_mode_valid and hdmi_mode_valid Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 39/44] mmc: sdhci-msm: add compatible string check for sdm670 Sasha Levin
2022-10-10 23:43 ` Richard Acayan
2022-10-13 17:59 ` Sasha Levin
2022-10-14 0:37 ` Richard Acayan
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 40/44] drm/dp: Don't rewrite link config when setting phy test pattern Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 41/44] drm/amd/display: Remove interface for periodic interrupt 1 Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 42/44] drm/amd/display: polling vid stream status in hpo dp blank Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 43/44] drm/amd/display: fix array-bounds error in dc_stream_remove_writeback() Sasha Levin
2022-10-09 23:49 ` [PATCH AUTOSEL 6.0 44/44] drm/amdkfd: Fix UBSAN shift-out-of-bounds warning Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221009234932.1230196-7-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=alsa-devel@alsa-project.org \
--cc=cezary.rojewski@intel.com \
--cc=kai.vehmanen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mkumard@nvidia.com \
--cc=perex@perex.cz \
--cc=peter.ujfalusi@linux.intel.com \
--cc=pierre-louis.bossart@linux.intel.com \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.com \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox