| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YKEAqdIAZ5K5FS+1@google.com>
Date: Sun, 16 May 2021 20:23:21 +0900
From: Sergey Senozhatsky <senozhatsky@...omium.org>
To: Takashi Iwai <tiwai@...e.de>
Cc: Sergey Senozhatsky <senozhatsky@...omium.org>,
Jaroslav Kysela <perex@...ex.cz>,
Takashi Iwai <tiwai@...e.com>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Leon Romanovsky <leon@...nel.org>, alsa-devel@...a-project.org,
linux-kernel@...r.kernel.org
Subject: Re: ALSA: intel8x0: div by zero in snd_intel8x0_update()
On (21/05/16 11:49), Takashi Iwai wrote:
> Subject: [PATCH] ALSA: intel8x0: Don't update period unless prepared
>
> The interrupt handler of intel8x0 calls snd_intel8x0_update() whenever
> the hardware sets the corresponding status bit for each stream. This
> works fine for most cases as long as the hardware behaves properly.
> But when the hardware gives a wrong bit set, this leads to a NULL
> dereference Oops, and reportedly, this seems what happened on a VM.
VM, yes. I didn't see NULL derefs, my VMs crash because of div by
zero in `% size`.
> For fixing the crash, this patch adds a internal flag indicating that
> the stream is ready to be updated, and check it (as well as the flag
> being in suspended) to ignore such spurious update.
I reproduced the "spurious IRQ" case, and the patch handled it correctly
(VM did not crash).
> Cc: <stable@...r.kernel.org>
> Reported-by: Sergey Senozhatsky <senozhatsky@...omium.org>
> Signed-off-by: Takashi Iwai <tiwai@...e.de>
I'll keep running test, but seems that it works as intended
Tested-by: Sergey Senozhatsky <senozhatsky@...omium.org>
Powered by blists - more mailing lists