lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 22 Aug 2013 09:59:27 +0200
From:	Takashi Iwai <tiwai@...e.de>
To:	Stratos Karafotis <stratosk@...aphore.gr>
Cc:	Jaroslav Kysela <perex@...ex.cz>, alsa-devel@...a-project.org,
	"linux-kernel@...r.kernel.org >> LKML" <linux-kernel@...r.kernel.org>
Subject: Re: oops during boot with CONFIG_SND_DYNAMIC_MINORS not set

At Thu, 22 Aug 2013 00:42:41 +0300,
Stratos Karafotis wrote:
> 
> Hi,
> 
> I get the following oops during boot when build with CONFIG_SND_DYNAMIC_MINORS
> not set (3.11-rc6).
> The issue is vanished building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
> as suggested in printk message.
> 
> Regards,
> Stratos
> 
> 
> [    8.670497] ALSA sound/pci/hda/hda_codec.c:4506 Too many HDMI devices
> [    8.670500] ALSA sound/pci/hda/hda_codec.c:4508 Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
> [    8.670501] ALSA sound/pci/hda/hda_codec.c:4506 Too many HDMI devices
> [    8.670502] ALSA sound/pci/hda/hda_codec.c:4508 Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
> [    8.688015] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
> [    8.688609] IP: [<ffffffffa0086992>] snd_pcm_add_chmap_ctls+0xd2/0x160 [snd_pcm]
> [    8.689191] PGD 0 
> [    8.689762] Oops: 0000 [#1] SMP 
> [    8.690326] Modules linked in: snd_hda_codec_hdmi snd_hda_codec_realtek arc4 rt2800pci eeprom_93cx6 rt2x00pci rt2800lib crc_ccitt rt2x00mmio rt2x00lib mac80211 cfg80211 eeepc_wmi asus_wmi sparse_keymap rfkill snd_hda_intel(+) snd_hda_codec snd_hwdep snd_seq iTCO_wdt iTCO_vendor_support r8169 mii i2c_i801 i2c_core snd_seq_device snd_pcm serio_raw pcspkr lpc_ich mfd_core snd_page_alloc snd_timer snd soundcore binfmt_misc uinput usb_storage wmi video
> [    8.692808] CPU: 1 PID: 417 Comm: systemd-udevd Not tainted 3.11.0-rc6 #3
> [    8.693424] Hardware name: ASUSTeK COMPUTER INC. CM6870/CM6870, BIOS 0606 08/27/2012
> [    8.694044] task: ffff880210091750 ti: ffff880210598000 task.ti: ffff880210598000
> [    8.694666] RIP: 0010:[<ffffffffa0086992>]  [<ffffffffa0086992>] snd_pcm_add_chmap_ctls+0xd2/0x160 [snd_pcm]
> [    8.695310] RSP: 0018:ffff880210599968  EFLAGS: 00010246
> [    8.695954] RAX: ffffffffa008c51e RBX: ffff880212d20b80 RCX: 0000000000000000
> [    8.696607] RDX: ffffffffa008c533 RSI: ffff880212d20b80 RDI: ffff880210599980
> [    8.697261] RBP: ffff8802105999f8 R08: 0000000000000000 R09: ffff880216003b00
> [    8.697923] R10: 0000000000000000 R11: ffff8802133d93c0 R12: 0000000000000000
> [    8.698585] R13: ffff880210599a10 R14: 0000000000000000 R15: ffff880210599980
> [    8.699255] FS:  00007fe8eb8ea880(0000) GS:ffff88021ec40000(0000) knlGS:0000000000000000
> [    8.699936] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [    8.700619] CR2: 0000000000000018 CR3: 00000002101c2000 CR4: 00000000001407e0
> [    8.701310] Stack:
> [    8.702005]  0000000000000000 000000000b5a4000 0000000000000000 0000000000000003
> [    8.702715]  0000000000000000 ffffffffa008c51e 1000001100000000 0000000000000000
> [    8.703422]  ffffffffa0084a80 ffffffffa0086cd0 0000000000000000 ffffffffa0085b30
> [    8.704132] Call Trace:
> [    8.704836]  [<ffffffffa0084a80>] ? snd_pcm_hw_rule_msbits+0x50/0x50 [snd_pcm]
> [    8.705558]  [<ffffffffa0086cd0>] ? snd_pcm_hw_rule_ratdens+0x2b0/0x2b0 [snd_pcm]
> [    8.706281]  [<ffffffffa0085b30>] ? snd_pcm_hw_param_last+0x240/0x240 [snd_pcm]
> [    8.707008]  [<ffffffffa02af7ed>] generic_hdmi_build_controls+0x14d/0x1e0 [snd_hda_codec_hdmi]
> [    8.707748]  [<ffffffffa02ae827>] ? generic_hdmi_init+0xb7/0xd0 [snd_hda_codec_hdmi]
> [    8.708493]  [<ffffffffa013a812>] snd_hda_codec_build_controls+0x1c2/0x220 [snd_hda_codec]
> [    8.709242]  [<ffffffffa0135255>] ? snd_hda_codec_configure+0x295/0x450 [snd_hda_codec]
> [    8.709990]  [<ffffffffa013a898>] snd_hda_build_controls+0x28/0x80 [snd_hda_codec]
> [    8.710728]  [<ffffffffa00fbbed>] azx_probe_continue+0x84d/0xcc0 [snd_hda_intel]
> [    8.711456]  [<ffffffffa00fb060>] ? perf_trace_azx_pcm_trigger+0xe0/0xe0 [snd_hda_intel]
> [    8.712187]  [<ffffffffa00f9ee0>] ? azx_resume+0x130/0x130 [snd_hda_intel]
> [    8.712916]  [<ffffffffa00fac20>] ? azx_pcm_prepare+0x5f0/0x5f0 [snd_hda_intel]
> [    8.713646]  [<ffffffffa00f98f0>] ? azx_runtime_suspend+0x40/0x40 [snd_hda_intel]
> [    8.714377]  [<ffffffffa00f8800>] ? azx_remove+0x30/0x30 [snd_hda_intel]
> [    8.715111]  [<ffffffffa00fc4bf>] azx_probe+0x3bf/0x7e0 [snd_hda_intel]
> [    8.715845]  [<ffffffff8130b3ee>] local_pci_probe+0x3e/0x70
> [    8.716574]  [<ffffffff8130c6d1>] pci_device_probe+0x121/0x130
> [    8.717303]  [<ffffffff813bf3c7>] driver_probe_device+0x87/0x390
> [    8.718033]  [<ffffffff813bf7a3>] __driver_attach+0x93/0xa0
> [    8.718762]  [<ffffffff813bf710>] ? __device_attach+0x40/0x40
> [    8.719481]  [<ffffffff813bd303>] bus_for_each_dev+0x63/0xa0
> [    8.720189]  [<ffffffff813bee1e>] driver_attach+0x1e/0x20
> [    8.720886]  [<ffffffff813be9b8>] bus_add_driver+0x1e8/0x2a0
> [    8.721578]  [<ffffffffa016a169>] ? ftrace_define_fields_azx_get_position+0xcd/0xcd [snd_hda_intel]
> [    8.722277]  [<ffffffff813bfdc4>] driver_register+0x74/0x150
> [    8.722980]  [<ffffffffa016a169>] ? ftrace_define_fields_azx_get_position+0xcd/0xcd [snd_hda_intel]
> [    8.723682]  [<ffffffff8130b27b>] __pci_register_driver+0x4b/0x50
> [    8.724368]  [<ffffffffa016a187>] azx_driver_init+0x1e/0xe97 [snd_hda_intel]
> [    8.725043]  [<ffffffff810002c2>] do_one_initcall+0xf2/0x1a0
> [    8.725706]  [<ffffffff8103f183>] ? set_memory_nx+0x43/0x50
> [    8.726360]  [<ffffffff810b9f3d>] load_module+0x1b9d/0x2640
> [    8.726999]  [<ffffffff810b6270>] ? store_uevent+0x40/0x40
> [    8.727631]  [<ffffffff810bab56>] SyS_finit_module+0x86/0xb0
> [    8.728250]  [<ffffffff81621782>] system_call_fastpath+0x16/0x1b
> [    8.728856] Code: ff 48 89 de 4c 89 ff 48 89 43 18 8b 85 7c ff ff ff 89 43 20 48 c7 c0 1e c5 08 a0 4c 89 45 d0 48 0f 45 c2 49 c1 e2 07 48 89 45 98 <41> 8b 44 24 18 4f 8d 34 14 89 45 8c 41 8b 86 c8 00 00 00 89 45 
> [    8.730268] RIP  [<ffffffffa0086992>] snd_pcm_add_chmap_ctls+0xd2/0x160 [snd_pcm]
> [    8.730932]  RSP <ffff880210599968>
> [    8.731585] CR2: 0000000000000018
> [    8.732240] ---[ end trace 92e1db8c3a6c8fab ]---

Could you check the patch below?
Thanks!


Takashi

---
From: Takashi Iwai <tiwai@...e.de>
Subject: [PATCH] ALSA: hda - Fix NULL dereference with CONFIG_SND_DYNAMIC_MINORS=n

Without the dynamic minor assignment, HDMI codec may have less PCM
instances than the number of pins, which eventually leads to Oops.

Reported-by: Stratos Karafotis <stratosk@...aphore.gr>
Cc: <stable@...r.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@...e.de>
---
 sound/pci/hda/patch_hdmi.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
index 030ca86..e2cb92b 100644
--- a/sound/pci/hda/patch_hdmi.c
+++ b/sound/pci/hda/patch_hdmi.c
@@ -1781,6 +1781,9 @@ static int generic_hdmi_build_controls(struct hda_codec *codec)
 		struct snd_pcm_chmap *chmap;
 		struct snd_kcontrol *kctl;
 		int i;
+
+		if (pin_idx >= codec->num_pcms)
+			break;
 		err = snd_pcm_add_chmap_ctls(codec->pcm_info[pin_idx].pcm,
 					     SNDRV_PCM_STREAM_PLAYBACK,
 					     NULL, 0, pin_idx, &chmap);
-- 
1.8.3.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ