From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Cezary Rojewski <cezary.rojewski@intel.com>,
Takashi Iwai <tiwai@suse.de>, Sasha Levin <sashal@kernel.org>,
perex@perex.cz, tiwai@suse.com, peter.ujfalusi@linux.intel.com,
mkumard@nvidia.com, alsa-devel@alsa-project.org
Subject: [PATCH AUTOSEL 5.18 08/39] ALSA: hda: Fix page fault in snd_hda_codec_shutdown()
Date: Sun, 14 Aug 2022 12:22:57 -0400 [thread overview]
Message-ID: <20220814162332.2396012-8-sashal@kernel.org> (raw)
In-Reply-To: <20220814162332.2396012-1-sashal@kernel.org>
From: Cezary Rojewski <cezary.rojewski@intel.com>
[ Upstream commit 980b3a8790b402e959a6d773b38b771019682be1 ]
If early probe of HDAudio bus driver fails e.g.: due to missing
firmware file, snd_hda_codec_shutdown() ends in manipulating
uninitialized codec->pcm_list_head causing page fault.
Iinitialization of HDAudio codec in ASoC is split in two:
- snd_hda_codec_device_init()
- snd_hda_codec_device_new()
snd_hda_codec_device_init() is called during probe_codecs() by HDAudio
bus driver while snd_hda_codec_device_new() is called by
codec-component's ->probe(). The second call will not happen until all
components required by related sound card are present within the ASoC
framework. With firmware failing to load during the PCI's deferred
initialization i.e.: probe_work(), no platform components are ever
registered. HDAudio codec enumeration is done at that point though, so
the codec components became registered to ASoC framework, calling
snd_hda_codec_device_init() in the process.
Now, during platform reboot snd_hda_codec_shutdown() is called for every
codec found on the HDAudio bus causing oops if any of them has not
completed both of their initialization steps. Relocating field
initialization fixes the issue.
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://lore.kernel.org/r/20220706120230.427296-7-cezary.rojewski@intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/hda_codec.c | 41 +++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 21 deletions(-)
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
index 5cbac315dbe1..527616b39043 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -931,8 +931,28 @@ snd_hda_codec_device_init(struct hda_bus *bus, unsigned int codec_addr,
}
codec->bus = bus;
+ codec->depop_delay = -1;
+ codec->fixup_id = HDA_FIXUP_ID_NOT_SET;
+ codec->core.dev.release = snd_hda_codec_dev_release;
+ codec->core.exec_verb = codec_exec_verb;
codec->core.type = HDA_DEV_LEGACY;
+ mutex_init(&codec->spdif_mutex);
+ mutex_init(&codec->control_mutex);
+ snd_array_init(&codec->mixers, sizeof(struct hda_nid_item), 32);
+ snd_array_init(&codec->nids, sizeof(struct hda_nid_item), 32);
+ snd_array_init(&codec->init_pins, sizeof(struct hda_pincfg), 16);
+ snd_array_init(&codec->driver_pins, sizeof(struct hda_pincfg), 16);
+ snd_array_init(&codec->cvt_setups, sizeof(struct hda_cvt_setup), 8);
+ snd_array_init(&codec->spdif_out, sizeof(struct hda_spdif_out), 16);
+ snd_array_init(&codec->jacktbl, sizeof(struct hda_jack_tbl), 16);
+ snd_array_init(&codec->verbs, sizeof(struct hda_verb *), 8);
+ INIT_LIST_HEAD(&codec->conn_list);
+ INIT_LIST_HEAD(&codec->pcm_list_head);
+ INIT_DELAYED_WORK(&codec->jackpoll_work, hda_jackpoll_work);
+ refcount_set(&codec->pcm_ref, 1);
+ init_waitqueue_head(&codec->remove_sleep);
+
return codec;
}
EXPORT_SYMBOL_GPL(snd_hda_codec_device_init);
@@ -980,29 +1000,8 @@ int snd_hda_codec_device_new(struct hda_bus *bus, struct snd_card *card,
if (snd_BUG_ON(codec_addr > HDA_MAX_CODEC_ADDRESS))
return -EINVAL;
- codec->core.dev.release = snd_hda_codec_dev_release;
- codec->core.exec_verb = codec_exec_verb;
-
codec->card = card;
codec->addr = codec_addr;
- mutex_init(&codec->spdif_mutex);
- mutex_init(&codec->control_mutex);
- snd_array_init(&codec->mixers, sizeof(struct hda_nid_item), 32);
- snd_array_init(&codec->nids, sizeof(struct hda_nid_item), 32);
- snd_array_init(&codec->init_pins, sizeof(struct hda_pincfg), 16);
- snd_array_init(&codec->driver_pins, sizeof(struct hda_pincfg), 16);
- snd_array_init(&codec->cvt_setups, sizeof(struct hda_cvt_setup), 8);
- snd_array_init(&codec->spdif_out, sizeof(struct hda_spdif_out), 16);
- snd_array_init(&codec->jacktbl, sizeof(struct hda_jack_tbl), 16);
- snd_array_init(&codec->verbs, sizeof(struct hda_verb *), 8);
- INIT_LIST_HEAD(&codec->conn_list);
- INIT_LIST_HEAD(&codec->pcm_list_head);
- refcount_set(&codec->pcm_ref, 1);
- init_waitqueue_head(&codec->remove_sleep);
-
- INIT_DELAYED_WORK(&codec->jackpoll_work, hda_jackpoll_work);
- codec->depop_delay = -1;
- codec->fixup_id = HDA_FIXUP_ID_NOT_SET;
#ifdef CONFIG_PM
codec->power_jiffies = jiffies;
--
2.35.1
next prev parent reply other threads:[~2022-08-14 16:29 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-14 16:22 [PATCH AUTOSEL 5.18 01/39] lib/list_debug.c: Detect uninitialized lists Sasha Levin
2022-08-14 16:22 ` [PATCH AUTOSEL 5.18 02/39] tty: serial: Fix refcount leak bug in ucc_uart.c Sasha Levin
2022-08-14 16:22 ` [PATCH AUTOSEL 5.18 03/39] KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings Sasha Levin
2022-08-14 16:22 ` [PATCH AUTOSEL 5.18 04/39] vfio: Clear the caps->buf to NULL after free Sasha Levin
2022-08-14 16:22 ` [PATCH AUTOSEL 5.18 05/39] mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start Sasha Levin
2022-08-14 16:22 ` [PATCH AUTOSEL 5.18 06/39] iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit Sasha Levin
2022-08-14 16:22 ` [PATCH AUTOSEL 5.18 07/39] riscv: dts: microchip: Add mpfs' topology information Sasha Levin
2022-08-14 16:22 ` Sasha Levin [this message]
2022-08-14 16:22 ` [PATCH AUTOSEL 5.18 09/39] modules: Ensure natural alignment for .altinstructions and __bug_table sections Sasha Levin
2022-08-14 16:22 ` [PATCH AUTOSEL 5.18 10/39] ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 11/39] riscv: dts: sifive: Add fu540 topology information Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 12/39] riscv: dts: sifive: Add fu740 " Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 13/39] riscv: dts: canaan: Add k210 " Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 14/39] riscv: mmap with PROT_WRITE but no PROT_READ is invalid Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 15/39] RISC-V: Add fast call path of crash_kexec() Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 16/39] ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 17/39] ASoC: SOF: Intel: hda: add sanity check on SSP index reported by NHLT Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 18/39] ASoC: Intel: sof_es8336: Fix GPIO quirks set via module option Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 19/39] ASoC: Intel: sof_es8336: ignore GpioInt when looking for speaker/headset GPIO lines Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 20/39] ASoC: Intel: sof_nau8825: Move quirk check to the front in late probe Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 21/39] watchdog: export lockup_detector_reconfigure Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 22/39] powerpc/watchdog: introduce a NMI watchdog's factor Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 23/39] powerpc/pseries/mobility: set NMI watchdog factor during an LPM Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 24/39] powerpc/32: Set an IBAT covering up to _einittext during init Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 25/39] powerpc/32: Don't always pass -mcpu=powerpc to the compiler Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 26/39] ASoC: codecs: va-macro: use fsgen as clock Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 27/39] ovl: warn if trusted xattr creation fails Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 28/39] powerpc/ioda/iommu/debugfs: Generate unique debugfs entries Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 29/39] ALSA: core: Add async signal helpers Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 30/39] ALSA: timer: Use deferred fasync helper Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 31/39] ALSA: pcm: " Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 32/39] ALSA: control: " Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 33/39] f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 34/39] f2fs: fix to do sanity check on segment type in build_sit_entries() Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 35/39] smb3: check xattr value length earlier Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 36/39] powerpc/64: Init jump labels before parse_early_param() Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 37/39] venus: pm_helpers: Fix warning in OPP during probe Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 38/39] video: fbdev: i740fb: Check the argument of i740_calc_vclk() Sasha Levin
2022-08-14 16:23 ` [PATCH AUTOSEL 5.18 39/39] MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220814162332.2396012-8-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=alsa-devel@alsa-project.org \
--cc=cezary.rojewski@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mkumard@nvidia.com \
--cc=perex@perex.cz \
--cc=peter.ujfalusi@linux.intel.com \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.com \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox