merged.
SRCREV updates will follow with my next round of -stable bumps.
Bruce
On Tue, May 14, 2019 at 5:09 AM Liwei Song <liwei.s...@windriver.com> wrote:
> From: Takashi Iwai <ti...@suse.de>
>
> commit f495222e28275222ab6fd93813bd3d462e16d340 upstream.
>
> Currently the IRQ handler in HD-audio controller driver is registered
> before the chip initialization. That is, we have some window opened
> between the azx_acquire_irq() call and the CORB/RIRB setup. If an
> interrupt is triggered in this small window, the IRQ handler may
> access to the uninitialized RIRB buffer, which leads to a NULL
> dereference Oops.
>
> This is usually no big problem since most of Intel chips do register
> the IRQ via MSI, and we've already fixed the order of the IRQ
> enablement and the CORB/RIRB setup in the former commit b61749a89f82
> ("sound: enable interrupt after dma buffer initialization"), hence the
> IRQ won't be triggered in that room. However, some platforms use a
> shared IRQ, and this may allow the IRQ trigger by another source.
>
> Another possibility is the kdump environment: a stale interrupt might
> be present in there, the IRQ handler can be falsely triggered as well.
>
> For covering this small race, let's move the azx_acquire_irq() call
> after hda_intel_init_chip() call. Although this is a bit radical
> change, it can cover more widely than checking the CORB/RIRB setup
> locally in the callee side.
>
> Reported-by: Liwei Song <liwei.s...@windriver.com>
> Signed-off-by: Takashi Iwai <ti...@suse.de>
> Signed-off-by: Liwei Song <liwei.s...@windriver.com>
> ---
> sound/pci/hda/hda_intel.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
> index e5c49003e75f..7aeb5e81aa94 100644
> --- a/sound/pci/hda/hda_intel.c
> +++ b/sound/pci/hda/hda_intel.c
> @@ -1788,9 +1788,6 @@ static int azx_first_init(struct azx *chip)
> chip->msi = 0;
> }
>
> - if (azx_acquire_irq(chip, 0) < 0)
> - return -EBUSY;
> -
> pci_set_master(pci);
> synchronize_irq(bus->irq);
>
> @@ -1904,6 +1901,9 @@ static int azx_first_init(struct azx *chip)
> return -ENODEV;
> }
>
> + if (azx_acquire_irq(chip, 0) < 0)
> + return -EBUSY;
> +
> strcpy(card->driver, "HDA-Intel");
> strlcpy(card->shortname, driver_short_names[chip->driver_type],
> sizeof(card->shortname));
> --
> 2.7.4
>
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II
--
_______________________________________________
linux-yocto mailing list
linux-yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/linux-yocto
