lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 29 Apr 2019 13:45:46 -0500
From:   Pierre-Louis Bossart <pierre-louis.bossart@...ux.intel.com>
To:     Ross Zwisler <zwisler@...omium.org>, linux-kernel@...r.kernel.org
Cc:     Ross Zwisler <zwisler@...gle.com>,
        Jaroslav Kysela <perex@...ex.cz>,
        Jie Yang <yang.jie@...ux.intel.com>,
        Liam Girdwood <liam.r.girdwood@...ux.intel.com>,
        Mark Brown <broonie@...nel.org>, Takashi Iwai <tiwai@...e.com>,
        alsa-devel@...a-project.org, stable@...r.kernel.org
Subject: Re: [PATCH v2] ASoC: Intel: avoid Oops if DMA setup fails

On 4/29/19 1:25 PM, Ross Zwisler wrote:
> Currently in sst_dsp_new() if we get an error return from sst_dma_new()
> we just print an error message and then still complete the function
> successfully.  This means that we are trying to run without sst->dma
> properly set up, which will result in NULL pointer dereference when
> sst->dma is later used.  This was happening for me in
> sst_dsp_dma_get_channel():
> 
>          struct sst_dma *dma = dsp->dma;
> 	...
>          dma->ch = dma_request_channel(mask, dma_chan_filter, dsp);
> 
> This resulted in:
> 
>     BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
>     IP: sst_dsp_dma_get_channel+0x4f/0x125 [snd_soc_sst_firmware]
> 
> Fix this by adding proper error handling for the case where we fail to
> set up DMA.
> 
> This change only affects Haswell and Broadwell systems.  Baytrail
> systems explicilty opt-out of DMA via sst->pdata->resindex_dma_base
> being set to -1.
> 
> Signed-off-by: Ross Zwisler <zwisler@...gle.com>
> Cc: stable@...r.kernel.org

Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@...ux.intel.com>

Thanks Ross!

FWIW we should start deprecating this driver now and transition to SOF. 
I'll double-check how the upcoming 1.3 release works on my Pixel 
2015/Samus device later this week.


> ---
> 
> Changes in v2:
>   - Upgraded the sst_dma_new() failure message from dev_warn() to dev_err()
>     (Pierre-Louis).
>   - Noted in the changelog that this change only affects Haswell and
>     Broadwell (Pierre-Louis).
> 
> ---
>   sound/soc/intel/common/sst-firmware.c | 8 ++++++--
>   1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/sound/soc/intel/common/sst-firmware.c b/sound/soc/intel/common/sst-firmware.c
> index 1e067504b6043..f830e59f93eaa 100644
> --- a/sound/soc/intel/common/sst-firmware.c
> +++ b/sound/soc/intel/common/sst-firmware.c
> @@ -1251,11 +1251,15 @@ struct sst_dsp *sst_dsp_new(struct device *dev,
>   		goto irq_err;
>   
>   	err = sst_dma_new(sst);
> -	if (err)
> -		dev_warn(dev, "sst_dma_new failed %d\n", err);
> +	if (err)  {
> +		dev_err(dev, "sst_dma_new failed %d\n", err);
> +		goto dma_err;
> +	}
>   
>   	return sst;
>   
> +dma_err:
> +	free_irq(sst->irq, sst);
>   irq_err:
>   	if (sst->ops->free)
>   		sst->ops->free(sst);
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ