linux/sound/pci
Bob Copeland 81e43960dc ALSA: hda - fix read before array start
UBSAN reports the following warning from accessing path->path[-1]
in set_path_power():

[   16.078040] ================================================================================
[   16.078124] UBSAN: Undefined behaviour in sound/pci/hda/hda_generic.c:3981:17
[   16.078198] index -1 is out of range for type 'hda_nid_t [10]'
[   16.078270] CPU: 2 PID: 1738 Comm: modprobe Not tainted 4.7.0-rc1-wt+ #47
[   16.078274] Hardware name: LENOVO 3443CTO/3443CTO, BIOS G6ET23WW (1.02 ) 08/14/2012
[   16.078278]  ffff8800cb246000 ffff8800cb3638b8 ffffffff815c4fe3 0000000000000032
[   16.078286]  ffff8800cb3638e0 ffffffffffffffff ffff8800cb3638d0 ffffffff8162443d
[   16.078294]  ffffffffa0894200 ffff8800cb363920 ffffffff81624af7 0000000000000292
[   16.078302] Call Trace:
[   16.078311]  [<ffffffff815c4fe3>] dump_stack+0x86/0xd3
[   16.078317]  [<ffffffff8162443d>] ubsan_epilogue+0xd/0x40
[   16.078324]  [<ffffffff81624af7>] __ubsan_handle_out_of_bounds+0x67/0x70
[   16.078335]  [<ffffffffa087665f>] set_path_power+0x1bf/0x230 [snd_hda_codec_generic]
[   16.078344]  [<ffffffffa087880d>] add_pin_power_ctls+0x8d/0xc0 [snd_hda_codec_generic]
[   16.078352]  [<ffffffffa087f190>] ? pin_power_down_callback+0x20/0x20 [snd_hda_codec_generic]
[   16.078360]  [<ffffffffa0878947>] add_all_pin_power_ctls+0x107/0x150 [snd_hda_codec_generic]
[   16.078370]  [<ffffffffa08842b3>] snd_hda_gen_parse_auto_config+0x2d73/0x49e0 [snd_hda_codec_generic]
[   16.078376]  [<ffffffff81173360>] ? trace_hardirqs_on_caller+0x1b0/0x2c0
[   16.078390]  [<ffffffffa089df27>] alc_parse_auto_config+0x147/0x310 [snd_hda_codec_realtek]
[   16.078402]  [<ffffffffa08a332a>] patch_alc269+0x23a/0x560 [snd_hda_codec_realtek]
[   16.078417]  [<ffffffffa0838644>] hda_codec_driver_probe+0xa4/0x1a0 [snd_hda_codec]
[   16.078424]  [<ffffffff817bbac1>] driver_probe_device+0x101/0x380
[   16.078430]  [<ffffffff817bbdf9>] __driver_attach+0xb9/0x100
[   16.078438]  [<ffffffff817bbd40>] ? driver_probe_device+0x380/0x380
[   16.078444]  [<ffffffff817b8d20>] bus_for_each_dev+0x70/0xc0
[   16.078449]  [<ffffffff817bb087>] driver_attach+0x27/0x50
[   16.078454]  [<ffffffff817ba956>] bus_add_driver+0x166/0x2c0
[   16.078460]  [<ffffffffa0369000>] ? 0xffffffffa0369000
[   16.078465]  [<ffffffff817bd13d>] driver_register+0x7d/0x130
[   16.078477]  [<ffffffffa083816f>] __hda_codec_driver_register+0x6f/0x90 [snd_hda_codec]
[   16.078488]  [<ffffffffa036901e>] realtek_driver_init+0x1e/0x1000 [snd_hda_codec_realtek]
[   16.078493]  [<ffffffff8100215e>] do_one_initcall+0x4e/0x1d0
[   16.078499]  [<ffffffff8119f54d>] ? rcu_read_lock_sched_held+0x6d/0x80
[   16.078504]  [<ffffffff813701b1>] ? kmem_cache_alloc_trace+0x391/0x560
[   16.078510]  [<ffffffff812bb314>] ? do_init_module+0x28/0x273
[   16.078515]  [<ffffffff812bb387>] do_init_module+0x9b/0x273
[   16.078522]  [<ffffffff811e3782>] load_module+0x20b2/0x3410
[   16.078527]  [<ffffffff811df140>] ? m_show+0x210/0x210
[   16.078533]  [<ffffffff813b2b26>] ? kernel_read+0x66/0xe0
[   16.078541]  [<ffffffff811e4cfa>] SYSC_finit_module+0xba/0xc0
[   16.078547]  [<ffffffff811e4d1e>] SyS_finit_module+0xe/0x10
[   16.078552]  [<ffffffff81a860fc>] entry_SYSCALL_64_fastpath+0x1f/0xbd
[   16.078556] ================================================================================

Fix by checking path->depth before use.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-06-26 10:48:53 +02:00
..
ac97 ALSA: ac97: Fix ifdef CONFIG_PROC_FS 2015-05-29 07:52:43 +02:00
ali5451 ALSA: remove deprecated use of pci api 2015-04-16 12:19:52 +02:00
asihpi x86/mm: Decouple <linux/vmalloc.h> from <asm/io.h> 2015-06-03 12:02:00 +02:00
au88x0 ALSA: au88x0: Fix zero clear of stream->resources 2016-05-12 18:04:16 +02:00
aw2 ALSA: remove deprecated use of pci api 2015-04-16 12:19:52 +02:00
ca0106 ALSA: ca0106: Fix/cleanup ifdef CONFIG_PROC_FS 2015-05-29 07:54:45 +02:00
cs46xx ALSA: cs46xx: Fix suspend for all channels 2015-10-30 12:33:21 +01:00
cs5535audio ALSA: cs5535audio: constify cs5535audio_dma_ops structures 2015-12-30 22:49:40 +01:00
ctxfi ALSA: constify ct_timer_ops structures 2016-04-09 10:58:04 +02:00
echoaudio ALSA: echoaudio: Use standard C definitions of true and false 2015-08-10 14:27:16 +02:00
emu10k1 ALSA: emu10k1: correctly handling failed thread creation 2016-01-29 17:30:25 +01:00
hda ALSA: hda - fix read before array start 2016-06-26 10:48:53 +02:00
ice1712 ALSA: i2c: constify snd_i2c_ops structures 2015-11-30 11:40:08 +01:00
korg1212 ALSA: korg1212: Use snd_pcm_hw_constraint_single() 2015-10-21 14:24:27 +02:00
lola ALSA: Deletion of checks before the function call "iounmap" 2015-01-04 15:13:45 +01:00
lx6464es ALSA: lx646es: Fix possible uninitialized variable reference 2016-04-15 15:28:52 +02:00
mixart ALSA: mixart: silence an uninitialized variable warning 2016-03-16 16:35:16 +01:00
nm256 ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
oxygen ALSA: oxygen: Fix logical-not-parentheses warning 2015-08-03 10:15:09 +02:00
pcxhr ALSA: pcxhr: Fix missing mutex unlock 2016-04-21 17:37:54 +02:00
riptide ALSA: off by one bug in snd_riptide_joystick_probe() 2015-02-09 14:57:15 +01:00
rme9652 ALSA: hdsp: Fix wrong boolean ctl value accesses 2016-02-29 18:13:34 +01:00
trident ALSA: remove deprecated use of pci api 2015-04-16 12:19:52 +02:00
vx222 ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
ymfpci ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
ad1889.c ALSA: remove deprecated use of pci api 2015-04-16 12:19:52 +02:00
ad1889.h
ak4531_codec.c ALSA: pci: Drop superfluous ifdef CONFIG_PROC_FS 2015-05-29 08:00:06 +02:00
als300.c ALSA: remove deprecated use of pci api 2015-04-16 12:19:52 +02:00
als4000.c ALSA: remove deprecated use of pci api 2015-04-16 12:19:52 +02:00
atiixp_modem.c ALSA: atiixp: constify atiixp_dma_ops structures 2015-12-30 22:49:37 +01:00
atiixp.c ALSA: atiixp: constify atiixp_dma_ops structures 2015-12-30 22:49:37 +01:00
azt3328.c ALSA: azt3328: Remove unnecessary synchronize_irq() before free_irq() 2015-11-21 17:40:07 +01:00
azt3328.h ALSA: azt3328: fix previous breakage, improve suspend, cleanups 2009-07-15 12:03:26 +02:00
bt87x.c ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
cmipci.c ALSA: pci: Drop superfluous ifdef CONFIG_PROC_FS 2015-05-29 08:00:06 +02:00
cs4281.c ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
cs5530.c ASoC: sb16: Simplify snd_sb16dsp_pcm() 2015-01-02 16:28:35 +01:00
ens1370.c ALSA: ens1371: Fix "Line In->Rear Out Switch" control 2016-04-19 15:28:39 +02:00
ens1371.c
es1938.c ALSA: remove deprecated use of pci api 2015-04-16 12:19:52 +02:00
es1968.c [media] media, sound: tea575x: constify snd_tea575x_ops structures 2015-12-03 11:26:45 -02:00
fm801.c sound updates for 4.5-rc1 2016-01-17 12:05:31 -08:00
intel8x0.c ALSA: intel8x0: Drop superfluous VM checks 2016-04-06 07:46:28 +02:00
intel8x0m.c ALSA: pci: Drop superfluous ifdef CONFIG_PROC_FS 2015-05-29 08:00:06 +02:00
Kconfig ALSA: jack: Allow building the jack layer without input device 2016-02-23 09:03:07 +01:00
maestro3.c ALSA: maestro3: Fix Allegro mute until master volume/mute is touched 2015-11-02 08:46:30 +01:00
Makefile ALSA: Add the driver for Digigram Lola PCI-e boards 2011-05-03 16:31:05 +02:00
rme32.c ALSA: rme32: Use snd_pcm_hw_constraint_single() 2015-10-21 14:24:28 +02:00
rme96.c ALSA: rme96: Fix unexpected volume reset after rate changes 2015-12-04 20:39:49 +01:00
sis7019.c ALSA: remove deprecated use of pci api 2015-04-16 12:19:52 +02:00
sis7019.h trivial: fix typos s/paramter/parameter/ and s/excute/execute/ in documentation and source comments. 2009-06-12 18:01:46 +02:00
sonicvibes.c ALSA: remove deprecated use of pci api 2015-04-16 12:19:52 +02:00
via82xx_modem.c ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
via82xx.c ALSA: Use const struct ac97_quirk 2015-04-05 08:41:05 +02:00