releases/4.19.51/alsa-hda-register-irq-handler-after-the-chip-initial.patch

   1 From 36ac51fd19a2980d09fa7bf872c47c3bbfa96c8e Mon Sep 17 00:00:00 2001
   2 From: Takashi Iwai <tiwai@suse.de>
   3 Date: Tue, 30 Apr 2019 12:18:28 +0200
   4 Subject: ALSA: hda - Register irq handler after the chip initialization
   5
   6 [ Upstream commit f495222e28275222ab6fd93813bd3d462e16d340 ]
   7
   8 Currently the IRQ handler in HD-audio controller driver is registered
   9 before the chip initialization.  That is, we have some window opened
  10 between the azx_acquire_irq() call and the CORB/RIRB setup.  If an
  11 interrupt is triggered in this small window, the IRQ handler may
  12 access to the uninitialized RIRB buffer, which leads to a NULL
  13 dereference Oops.
  14
  15 This is usually no big problem since most of Intel chips do register
  16 the IRQ via MSI, and we've already fixed the order of the IRQ
  17 enablement and the CORB/RIRB setup in the former commit b61749a89f82
  18 ("sound: enable interrupt after dma buffer initialization"), hence the
  19 IRQ won't be triggered in that room.  However, some platforms use a
  20 shared IRQ, and this may allow the IRQ trigger by another source.
  21
  22 Another possibility is the kdump environment: a stale interrupt might
  23 be present in there, the IRQ handler can be falsely triggered as well.
  24
  25 For covering this small race, let's move the azx_acquire_irq() call
  26 after hda_intel_init_chip() call.  Although this is a bit radical
  27 change, it can cover more widely than checking the CORB/RIRB setup
  28 locally in the callee side.
  29
  30 Reported-by: Liwei Song <liwei.song@windriver.com>
  31 Signed-off-by: Takashi Iwai <tiwai@suse.de>
  32 Signed-off-by: Sasha Levin <sashal@kernel.org>
  33 ---
  34  sound/pci/hda/hda_intel.c | 6 +++---
  35  1 file changed, 3 insertions(+), 3 deletions(-)
  36
  37 diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
  38 index 9bc8a7cb40ea..45bf89ed31de 100644
  39 --- a/sound/pci/hda/hda_intel.c
  40 +++ b/sound/pci/hda/hda_intel.c
  41 @@ -1883,9 +1883,6 @@ static int azx_first_init(struct azx *chip)
  42                         chip->msi = 0;
  43         }
  44
  45 -       if (azx_acquire_irq(chip, 0) < 0)
  46 -               return -EBUSY;
  47 -
  48         pci_set_master(pci);
  49         synchronize_irq(bus->irq);
  50
  51 @@ -2000,6 +1997,9 @@ static int azx_first_init(struct azx *chip)
  52                 return -ENODEV;
  53         }
  54
  55 +       if (azx_acquire_irq(chip, 0) < 0)
  56 +               return -EBUSY;
  57 +
  58         strcpy(card->driver, "HDA-Intel");
  59         strlcpy(card->shortname, driver_short_names[chip->driver_type],
  60                 sizeof(card->shortname));
  61 --
  62 2.20.1
  63