Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-10-23 21:50:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
e81478bbe7
linux/sound
History
Kai Vehmanen e81478bbe7 ALSA: hda: fix general protection fault in azx_runtime_idle 
Fix a corner case between PCI device driver remove callback and
runtime PM idle callback.

Following sequence of events can happen:
  - at azx_create, context is allocated with devm_kzalloc() and
    stored as pci_set_drvdata()
  - user-space requests to unbind audio driver
  - dd.c:__device_release_driver() calls PCI remove
  - pci-driver.c:pci_device_remove() calls the audio
    driver azx_remove() callback and this is completed
  - pci-driver.c:pm_runtime_put_sync() leads to a call
    to rpm_idle() which again calls azx_runtime_idle()
  - the azx context object, as returned by dev_get_drvdata(),
    is no longer valid
  -> access fault in azx_runtime_idle when executing
	struct snd_card *card = dev_get_drvdata(dev);
	chip = card->private_data;
	if (chip->disabled || hda->init_failed)

This was discovered by i915_module_load test with 5.15.0 based
linux-next tree.

Example log caught by i915_module_load test with linux-next
https://intel-gfx-ci.01.org/tree/linux-next/

<4> [264.038232] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b73f0: 0000 [#1] PREEMPT SMP NOPTI
<4> [264.038248] CPU: 0 PID: 5374 Comm: i915_module_loa Not tainted 5.15.0-next-20211109-gc8109c2ba35e-next-20211109 #1
[...]
<4> [264.038267] RIP: 0010:azx_runtime_idle+0x12/0x60 [snd_hda_intel]
[...]
<4> [264.038355] Call Trace:
<4> [264.038359]  <TASK>
<4> [264.038362]  __rpm_callback+0x3d/0x110
<4> [264.038371]  rpm_idle+0x27f/0x380
<4> [264.038376]  __pm_runtime_idle+0x3b/0x100
<4> [264.038382]  pci_device_remove+0x6d/0xa0
<4> [264.038388]  device_release_driver_internal+0xef/0x1e0
<4> [264.038395]  unbind_store+0xeb/0x120
<4> [264.038400]  kernfs_fop_write_iter+0x11a/0x1c0

Fix the issue by setting drvdata to NULL at end of azx_remove().

Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Link: https://lore.kernel.org/r/20211110210307.1172004-1-kai.vehmanen@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-11-10 22:48:31 +01:00
..
ac97 bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
aoa Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
arm ALSA: pxa2xx: Use managed PCM buffer allocation 2021-08-04 08:08:21 +02:00
atmel
core ALSA: memalloc: Remove a stale comment 2021-11-10 07:35:23 +01:00
drivers ALSA: pcsp: Make hrtimer forwarding more robust 2021-09-28 10:58:08 +02:00
firewire ALSA: firewire-motu: add support for MOTU Track 16 2021-11-08 13:49:27 +01:00
hda ASoC: Updates for v5.16 2021-11-01 16:58:27 +01:00
i2c ALSA: i2c: tea6330t: Remove redundant initialization of variable err 2021-06-12 09:32:14 +02:00
isa ALSA: gus: fix null pointer dereference on pointer block 2021-10-26 08:02:16 +02:00
mips ALSA: n64: check return value after calling platform_get_resource() 2021-06-12 09:31:13 +02:00
oss sound/oss/dmasound: Remove superfluous "break" 2021-05-27 08:24:23 +02:00
parisc parisc architecture updates for kernel 5.15: 2021-09-02 13:16:00 -07:00
pci ALSA: hda: fix general protection fault in azx_runtime_idle 2021-11-10 22:48:31 +01:00
pcmcia ALSA: vx: Manage vx_core object with devres 2021-07-19 16:17:09 +02:00
ppc ALSA: ppc: fix error return code in snd_pmac_probe() 2021-06-16 08:52:29 +02:00
sh module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
soc ASoC: Updates for v5.16 2021-11-01 16:58:27 +01:00
sparc ALSA: sparc: Fix assignment in if condition 2021-06-09 17:30:29 +02:00
spi
synth ALSA: synth: missing check for possible NULL after the call to kstrdup 2021-11-09 07:18:50 +01:00
usb ALSA: usb-audio: Add quirk for Audient iD14 2021-11-02 17:19:26 +01:00
virtio ALSA: virtio: Replace zero-length array with flexible-array member 2021-09-30 13:47:57 +02:00
x86 ALSA: memalloc: Correctly name as WC 2021-08-04 08:07:58 +02:00
xen module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
ac97_bus.c
Kconfig ALSA: virtio: add virtio sound driver 2021-03-07 09:07:16 +01:00
last.c
Makefile ALSA: virtio: add virtio sound driver 2021-03-07 09:07:16 +01:00
sound_core.c