FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-29 04:45:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
81e43960dc
linux/sound/pci/hda
History
Bob Copeland 81e43960dc ALSA: hda - fix read before array start 
UBSAN reports the following warning from accessing path->path[-1]
in set_path_power():

[   16.078040] ================================================================================
[   16.078124] UBSAN: Undefined behaviour in sound/pci/hda/hda_generic.c:3981:17
[   16.078198] index -1 is out of range for type 'hda_nid_t [10]'
[   16.078270] CPU: 2 PID: 1738 Comm: modprobe Not tainted 4.7.0-rc1-wt+ #47
[   16.078274] Hardware name: LENOVO 3443CTO/3443CTO, BIOS G6ET23WW (1.02 ) 08/14/2012
[   16.078278]  ffff8800cb246000 ffff8800cb3638b8 ffffffff815c4fe3 0000000000000032
[   16.078286]  ffff8800cb3638e0 ffffffffffffffff ffff8800cb3638d0 ffffffff8162443d
[   16.078294]  ffffffffa0894200 ffff8800cb363920 ffffffff81624af7 0000000000000292
[   16.078302] Call Trace:
[   16.078311]  [<ffffffff815c4fe3>] dump_stack+0x86/0xd3
[   16.078317]  [<ffffffff8162443d>] ubsan_epilogue+0xd/0x40
[   16.078324]  [<ffffffff81624af7>] __ubsan_handle_out_of_bounds+0x67/0x70
[   16.078335]  [<ffffffffa087665f>] set_path_power+0x1bf/0x230 [snd_hda_codec_generic]
[   16.078344]  [<ffffffffa087880d>] add_pin_power_ctls+0x8d/0xc0 [snd_hda_codec_generic]
[   16.078352]  [<ffffffffa087f190>] ? pin_power_down_callback+0x20/0x20 [snd_hda_codec_generic]
[   16.078360]  [<ffffffffa0878947>] add_all_pin_power_ctls+0x107/0x150 [snd_hda_codec_generic]
[   16.078370]  [<ffffffffa08842b3>] snd_hda_gen_parse_auto_config+0x2d73/0x49e0 [snd_hda_codec_generic]
[   16.078376]  [<ffffffff81173360>] ? trace_hardirqs_on_caller+0x1b0/0x2c0
[   16.078390]  [<ffffffffa089df27>] alc_parse_auto_config+0x147/0x310 [snd_hda_codec_realtek]
[   16.078402]  [<ffffffffa08a332a>] patch_alc269+0x23a/0x560 [snd_hda_codec_realtek]
[   16.078417]  [<ffffffffa0838644>] hda_codec_driver_probe+0xa4/0x1a0 [snd_hda_codec]
[   16.078424]  [<ffffffff817bbac1>] driver_probe_device+0x101/0x380
[   16.078430]  [<ffffffff817bbdf9>] __driver_attach+0xb9/0x100
[   16.078438]  [<ffffffff817bbd40>] ? driver_probe_device+0x380/0x380
[   16.078444]  [<ffffffff817b8d20>] bus_for_each_dev+0x70/0xc0
[   16.078449]  [<ffffffff817bb087>] driver_attach+0x27/0x50
[   16.078454]  [<ffffffff817ba956>] bus_add_driver+0x166/0x2c0
[   16.078460]  [<ffffffffa0369000>] ? 0xffffffffa0369000
[   16.078465]  [<ffffffff817bd13d>] driver_register+0x7d/0x130
[   16.078477]  [<ffffffffa083816f>] __hda_codec_driver_register+0x6f/0x90 [snd_hda_codec]
[   16.078488]  [<ffffffffa036901e>] realtek_driver_init+0x1e/0x1000 [snd_hda_codec_realtek]
[   16.078493]  [<ffffffff8100215e>] do_one_initcall+0x4e/0x1d0
[   16.078499]  [<ffffffff8119f54d>] ? rcu_read_lock_sched_held+0x6d/0x80
[   16.078504]  [<ffffffff813701b1>] ? kmem_cache_alloc_trace+0x391/0x560
[   16.078510]  [<ffffffff812bb314>] ? do_init_module+0x28/0x273
[   16.078515]  [<ffffffff812bb387>] do_init_module+0x9b/0x273
[   16.078522]  [<ffffffff811e3782>] load_module+0x20b2/0x3410
[   16.078527]  [<ffffffff811df140>] ? m_show+0x210/0x210
[   16.078533]  [<ffffffff813b2b26>] ? kernel_read+0x66/0xe0
[   16.078541]  [<ffffffff811e4cfa>] SYSC_finit_module+0xba/0xc0
[   16.078547]  [<ffffffff811e4d1e>] SyS_finit_module+0xe/0x10
[   16.078552]  [<ffffffff81a860fc>] entry_SYSCALL_64_fastpath+0x1f/0xbd
[   16.078556] ================================================================================

Fix by checking path->depth before use.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-06-26 10:48:53 +02:00
..
ca0132_regs.h ALSA: hda: ca0132_regs.h: Fix typo in include guard 2014-08-22 11:24:11 +02:00
dell_wmi_helper.c ALSA: hda - add mic mute led hook for dell machines 2014-07-31 09:21:42 +02:00
hda_auto_parser.c ALSA: hda - remove no physical connection pins from pin_quirk table 2015-08-03 10:16:20 +02:00
hda_auto_parser.h ALSA: hda - Sort input pins depending on amp caps 2014-09-23 15:57:32 +02:00
hda_beep.c ALSA: hda-beep: Update authors dead email address 2015-06-13 09:13:26 +02:00
hda_beep.h ALSA: hda-beep: Update authors dead email address 2015-06-20 09:24:40 +02:00
hda_bind.c ALSA: hda - Fix missing module loading with model=generic option 2016-01-20 15:56:42 +01:00
hda_codec.c ASoC: Updates for v4.4 2015-10-26 12:14:49 +01:00
hda_codec.h Merge branch 'topic/hda-modalias' into for-next 2015-10-20 10:19:40 +02:00
hda_controller_trace.h ALSA: hda - rename hda_intel_trace.h to hda_controller_trace.h 2015-05-18 10:06:32 +02:00
hda_controller.c ALSA: hda - Loop interrupt handling until really cleared 2016-02-26 08:50:31 +01:00
hda_controller.h ALSA: hda - Drop unused AZX_DCAPS_REVERSE_ASSIGN 2015-12-17 12:47:18 +01:00
hda_eld.c ALSA: hda - Use snd_hdac namespace prefix for chmap exported APIs 2016-03-07 15:46:06 +01:00
hda_generic.c ALSA: hda - fix read before array start 2016-06-26 10:48:53 +02:00
hda_generic.h ALSA: hda - Make snd_hda_parse_nid_path() local 2015-12-08 11:48:39 +01:00
hda_hwdep.c ALSA: hda - Add card field to hda_codec struct 2015-03-03 11:25:16 +01:00
hda_intel_trace.h ALSA: hda - add hda_intel_trace.h 2015-05-18 10:06:44 +02:00
hda_intel.c ALSA: hda - Add PCI ID for Kabylake 2016-06-09 08:09:37 +02:00
hda_intel.h ALSA: hda - Spell vga_switcheroo consistently 2015-10-19 11:00:45 +02:00
hda_jack.c ALSA: hda - Fix bad dereference of jack object 2016-02-09 12:16:31 +01:00
hda_jack.h ALSA: hda - Fix bad dereference of jack object 2016-02-09 12:16:31 +01:00
hda_local.h ALSA: hda: make use of core codec fns 2015-10-08 19:09:36 +02:00
hda_proc.c ALSA: hda/proc - Fix racy string access for power states 2015-08-17 15:12:04 +02:00
hda_sysfs.c ALSA: hda - Fix broken reconfig 2016-05-10 10:30:13 +02:00
hda_tegra.c ALSA: hda/tegra: iomem fixups for sparse warnings 2016-06-22 15:19:10 +02:00
Kconfig ALSA: hda - Clarify CONFIG_SND_HDA_RECONFIG usages 2016-05-09 17:47:37 +02:00
local.h ALSA: hda - Move a part of hda_codec stuff into hdac_device 2015-03-23 13:17:17 +01:00
Makefile ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
patch_analog.c ALSA: hda - convert to hda_device_id 2015-10-20 10:15:20 +02:00
patch_ca0110.c ALSA: hda - convert to hda_device_id 2015-10-20 10:15:20 +02:00
patch_ca0132.c ALSA: hda - Fix bad dereference of jack object 2016-02-09 12:16:31 +01:00
patch_cirrus.c ALSA: hda - Keep powering up ADCs on Cirrus codecs 2016-04-19 22:07:50 +02:00
patch_cmedia.c ALSA: hda - convert to hda_device_id 2015-10-20 10:15:20 +02:00
patch_conexant.c ALSA: hda - Apply reboot D3 fix for CX20724 codec, too 2016-03-10 11:37:44 +01:00
patch_hdmi.c Merge branch 'for-next' into for-linus 2016-05-16 09:13:08 +02:00
patch_realtek.c ALSA: hda / realtek - add two more Thinkpad IDs (5050,5053) for tpt460 fixup 2016-06-24 15:16:50 +02:00
patch_si3054.c ALSA: hda - convert to hda_device_id 2015-10-20 10:15:20 +02:00
patch_sigmatel.c ALSA: hda - Fix bad dereference of jack object 2016-02-09 12:16:31 +01:00
patch_via.c ALSA: hda - convert to hda_device_id 2015-10-20 10:15:20 +02:00
thinkpad_helper.c ACPI / utils: Rename acpi_dev_present() 2016-04-09 03:12:58 +02:00