]>
Commit | Line | Data |
---|---|---|
cd033818 SL |
1 | From b7e320f31f2c6e97951ae4af91f75ab75c8f88f8 Mon Sep 17 00:00:00 2001 |
2 | From: Takashi Iwai <tiwai@suse.de> | |
3 | Date: Tue, 30 Apr 2019 12:18:28 +0200 | |
4 | Subject: ALSA: hda - Register irq handler after the chip initialization | |
5 | ||
6 | [ Upstream commit f495222e28275222ab6fd93813bd3d462e16d340 ] | |
7 | ||
8 | Currently the IRQ handler in HD-audio controller driver is registered | |
9 | before the chip initialization. That is, we have some window opened | |
10 | between the azx_acquire_irq() call and the CORB/RIRB setup. If an | |
11 | interrupt is triggered in this small window, the IRQ handler may | |
12 | access to the uninitialized RIRB buffer, which leads to a NULL | |
13 | dereference Oops. | |
14 | ||
15 | This is usually no big problem since most of Intel chips do register | |
16 | the IRQ via MSI, and we've already fixed the order of the IRQ | |
17 | enablement and the CORB/RIRB setup in the former commit b61749a89f82 | |
18 | ("sound: enable interrupt after dma buffer initialization"), hence the | |
19 | IRQ won't be triggered in that room. However, some platforms use a | |
20 | shared IRQ, and this may allow the IRQ trigger by another source. | |
21 | ||
22 | Another possibility is the kdump environment: a stale interrupt might | |
23 | be present in there, the IRQ handler can be falsely triggered as well. | |
24 | ||
25 | For covering this small race, let's move the azx_acquire_irq() call | |
26 | after hda_intel_init_chip() call. Although this is a bit radical | |
27 | change, it can cover more widely than checking the CORB/RIRB setup | |
28 | locally in the callee side. | |
29 | ||
30 | Reported-by: Liwei Song <liwei.song@windriver.com> | |
31 | Signed-off-by: Takashi Iwai <tiwai@suse.de> | |
32 | Signed-off-by: Sasha Levin <sashal@kernel.org> | |
33 | --- | |
34 | sound/pci/hda/hda_intel.c | 6 +++--- | |
35 | 1 file changed, 3 insertions(+), 3 deletions(-) | |
36 | ||
37 | diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c | |
38 | index 74c9600876d6..ef8955abd918 100644 | |
39 | --- a/sound/pci/hda/hda_intel.c | |
40 | +++ b/sound/pci/hda/hda_intel.c | |
41 | @@ -1707,9 +1707,6 @@ static int azx_first_init(struct azx *chip) | |
42 | chip->msi = 0; | |
43 | } | |
44 | ||
45 | - if (azx_acquire_irq(chip, 0) < 0) | |
46 | - return -EBUSY; | |
47 | - | |
48 | pci_set_master(pci); | |
49 | synchronize_irq(bus->irq); | |
50 | ||
51 | @@ -1820,6 +1817,9 @@ static int azx_first_init(struct azx *chip) | |
52 | return -ENODEV; | |
53 | } | |
54 | ||
55 | + if (azx_acquire_irq(chip, 0) < 0) | |
56 | + return -EBUSY; | |
57 | + | |
58 | strcpy(card->driver, "HDA-Intel"); | |
59 | strlcpy(card->shortname, driver_short_names[chip->driver_type], | |
60 | sizeof(card->shortname)); | |
61 | -- | |
62 | 2.20.1 | |
63 |