From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756512Ab3EGFe5 (ORCPT ); Tue, 7 May 2013 01:34:57 -0400 Received: from cantor2.suse.de ([195.135.220.15]:43731 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756007Ab3EGFe4 (ORCPT ); Tue, 7 May 2013 01:34:56 -0400 Date: Tue, 07 May 2013 07:34:59 +0200 Message-ID: From: Takashi Iwai To: Wang YanQing Cc: alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org, perex@perex.cz, david.henningsson@canonical.com Subject: Re: [PATCH]ALSA: HDA: Fix Oops caused by dereference NULL pointer In-Reply-To: <20130507032733.GA29944@udknight> References: <20130507032733.GA29944@udknight> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/24.2 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org At Tue, 7 May 2013 11:27:33 +0800, Wang YanQing wrote: > > The interrupt handler azx_interrupt will call azx_update_rirb, > which may call snd_hda_queue_unsol_event, snd_hda_queue_unsol_event > will dereference chip->bus pointer. > > The problem is we alloc chip->bus in azx_codec_create > which will be called after we enable IRQ and enable unsolicited > event in azx_probe. > > This will cause Oops due dereference NULL pointer. I meet it, good luck:) > > Signed-off-by: Wang YanQing Thanks, applied with a slight fix (put before the tracepoint so that it won't give more NULL dereference, and also put another NULL check of bus->workq as done in hda_intel.c.) Takashi > --- > sound/pci/hda/hda_codec.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c > index 622f726..9c76752 100644 > --- a/sound/pci/hda/hda_codec.c > +++ b/sound/pci/hda/hda_codec.c > @@ -618,6 +618,9 @@ int snd_hda_queue_unsol_event(struct hda_bus *bus, u32 res, u32 res_ex) > unsigned int wp; > > trace_hda_unsol_event(bus, res, res_ex); > + if (!bus) > + return 0; > + > unsol = bus->unsol; > if (!unsol) > return 0; > -- > 1.7.12.4.dirty >