On 8/13/18 6:15 PM, Yong Zhi wrote:
Cold reboot stress test found that the hda irq could access rirb ring buffer before its memory gets allocated which resulting in null pointer dereference inside snd_hdac_bus_update_rirb().
Fix it by moving the skl_acquire_irq after ring buffer allocation. While here, also change err return from -EBUSY to actual error code.
I am not that familiar with PCI gory details but that patch was reviewed internally with no objections raised; there was also an agreement that the SOF driver would follow the same sequence, so
Acked-by: Pierre-Louis Bossart pierre-louis.bossart@linux.intel.com
Signed-off-by: Yong Zhi yong.zhi@intel.com
sound/soc/intel/skylake/skl.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/sound/soc/intel/skylake/skl.c b/sound/soc/intel/skylake/skl.c index dce649485649..cf09721ca13e 100644 --- a/sound/soc/intel/skylake/skl.c +++ b/sound/soc/intel/skylake/skl.c @@ -838,11 +838,7 @@ static int skl_first_init(struct hdac_bus *bus)
snd_hdac_bus_parse_capabilities(bus);
if (skl_acquire_irq(bus, 0) < 0)
return -EBUSY;
pci_set_master(pci);
synchronize_irq(bus->irq);
gcap = snd_hdac_chip_readw(bus, GCAP); dev_dbg(bus->dev, "chipset global capabilities = 0x%x\n", gcap);
@@ -875,6 +871,12 @@ static int skl_first_init(struct hdac_bus *bus) if (err < 0) return err;
- err = skl_acquire_irq(bus, 0);
- if (err < 0)
return err;
- synchronize_irq(bus->irq);
- /* initialize chip */ skl_init_pci(skl);