| Message ID | 20221109234023.3111035-1-junxiao.chang@intel.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp626168wru;
Wed, 9 Nov 2022 15:52:23 -0800 (PST)
X-Google-Smtp-Source:
AMsMyM5Wnkhl53Z2A8eWZoSJYFIhgYnrF9bR2WFi4MA/LoGC7zwV+0nPoQT4piFW4gOEmOoaZuII
X-Received: by 2002:aa7:8c15:0:b0:56b:ead2:3950 with SMTP id
c21-20020aa78c15000000b0056bead23950mr63482820pfd.77.1668037943623;
Wed, 09 Nov 2022 15:52:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668037943; cv=none;
d=google.com; s=arc-20160816;
b=uAvriPGv3CMxRpatE/HaA7IpRfRyoCQwwlM4DmdYhECGMFck88zqTnS9ZWDfhaxRJo
VKGn5UuodO6aP8S/ijOPNTWStqkvYs/Bakj8otopBisIPRCgShfdlmYy1s3XdQlSigiA
IS48SUk0xiSCkpDTv/Ninr9iKJGK61X23N7gydZW6MpIWoFTEGRT98pUfvKBubeyvr2n
bc4omy69gyzmInm6anC6F0JScJRAb5i32voYjlM+vuQZHZdtCOCdfOTKrhm+5GTiqFS2
zP2EGpJ8OL35X05136uOQ5VMXA8fnJIePPXCAY+beql03ht7az/njLrXIFhTQMZwKgE9
CXeA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:to:from:dkim-signature;
bh=1eLXu+xckEb3H5vv6nL5xNcxBEXjQKmFv19ZYHkPpQw=;
b=cq+6wccvNqS7/xtvH8nY5c1Aej8km4tOx1i/tNc+zYSNBcqpKwoZBSddruHH9gsb8Z
OucEH0dQhq1IxS5qpfNBwNjD2UdhFaufHFQNPrdGLRUQL8bw4LZ9bH7DAkSwrWvbloRA
2/HpWz4kc3cPn0QIoVbetVSARlHbGb7C90mZVv4gtvFYomCA5AvH72DUL1Bge+S4NN5n
HYNXW47gaj9t3YzS932iM/XcupMFFYia+PrtPAcKaHr3671LqezEtntw68LpkuiiZZBL
fMW7GGNxRCrKF5YLDE/JF6ucC8qjBg3q+yhnowewls7Kx27Euu8e84B/3A4qXB6q8jUG
5h2g==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=jaDx7RvJ;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
d11-20020a170902cecb00b00180a7ff784csi21294771plg.360.2022.11.09.15.52.05;
Wed, 09 Nov 2022 15:52:23 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=jaDx7RvJ;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231916AbiKIXtg (ORCPT <rfc822;dexuan.linux@gmail.com>
+ 99 others); Wed, 9 Nov 2022 18:49:36 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47598 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S231908AbiKIXte (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 9 Nov 2022 18:49:34 -0500
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3971D642B
for <linux-kernel@vger.kernel.org>;
Wed, 9 Nov 2022 15:49:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1668037773; x=1699573773;
h=from:to:subject:date:message-id:mime-version:
content-transfer-encoding;
bh=c/DQyuJrqj3A3rcH2mu7EKu6GdPoG+wZ+dPrb8sqJoU=;
b=jaDx7RvJNLpbeYu02K0LaPlHBJtujD2Ybxs47h6/3W0BlpbMfmBJC+yl
zSmNAx++T/UGtDSCn6jEKeGu5i7jXw0xbz4nC+yl0d/amSr66iebKwQHL
LZsIkKeq3ycXeJ2nRj1Vj58M2EwC2XvjiK6z3r1/8l5sByPXs2vpgSbxc
GPaRLSjRVss8Q2el3lol1/LUQa/t4PIV2T6/7aRHZrBP1cY4myMj+LvOV
NLiIxdRtEVPHYuxZL+0HnBKxQm2CmHoK7hRHmK8zkvJj9C92tDkwXuM3K
ej4wjFkPy58qcB9/aw6PR7aSgWcrJNHqidDXyNnZkyXdp2clG+Vt4iPkD
g==;
X-IronPort-AV: E=McAfee;i="6500,9779,10526"; a="309869207"
X-IronPort-AV: E=Sophos;i="5.96,152,1665471600";
d="scan'208";a="309869207"
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
09 Nov 2022 15:49:21 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10526"; a="700568161"
X-IronPort-AV: E=Sophos;i="5.96,152,1665471600";
d="scan'208";a="700568161"
Received: from junxiaochang.bj.intel.com ([10.238.135.52])
by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
09 Nov 2022 15:49:18 -0800
From: Junxiao Chang <junxiao.chang@intel.com>
To: lgirdwood@gmail.com, broonie@kernel.org, perex@perex.cz,
tiwai@suse.com, pierre-louis.bossart@linux.intel.com,
kai.vehmanen@linux.intel.com, furong.zhou@intel.com,
cezary.rojewski@intel.com, alsa-devel@alsa-project.org,
linux-kernel@vger.kernel.org, junxiao.chang@intel.com
Subject: [PATCH] ASoC: hdac_hda: fix hda pcm buffer overflow issue
Date: Thu, 10 Nov 2022 07:40:23 +0800
Message-Id: <20221109234023.3111035-1-junxiao.chang@intel.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1749064554485780640?=
X-GMAIL-MSGID: =?utf-8?q?1749064554485780640?=
|
| Series |
ASoC: hdac_hda: fix hda pcm buffer overflow issue
|
|
Commit Message
Chang, Junxiao
Nov. 9, 2022, 11:40 p.m. UTC
When KASAN is enabled, below log might be dumped with Intel EHL hardware:
[ 48.583597] ==================================================================
[ 48.585921] BUG: KASAN: slab-out-of-bounds in hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[ 48.587995] Write of size 4 at addr ffff888103489708 by task pulseaudio/759
[ 48.589237] CPU: 2 PID: 759 Comm: pulseaudio Tainted: G U E 5.15.71-intel-ese-standard-lts #9
[ 48.591272] Hardware name: Intel Corporation Elkhart Lake Embedded Platform/ElkhartLake LPDDR4x T3 CRB, BIOS EHLSFWI1.R00.4251.A01.2206130432 06/13/2022
[ 48.593010] Call Trace:
[ 48.593648] <TASK>
[ 48.593852] dump_stack_lvl+0x34/0x48
[ 48.594404] print_address_description.constprop.0+0x1f/0x140
[ 48.595174] ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[ 48.595868] ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[ 48.596519] kasan_report.cold+0x7f/0x11b
[ 48.597003] ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[ 48.597885] hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
HDAC_LAST_DAI_ID is last index id, pcm buffer array size should
be +1 to avoid out of bound access.
Fixes: 608b8c36c371 ("ASoC: hdac_hda: add support for HDMI/DP as a HDA codec")
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Junxiao Chang <junxiao.chang@intel.com>
Signed-off-by: Furong Zhou <furong.zhou@intel.com>
---
sound/soc/codecs/hdac_hda.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On Thu, 10 Nov 2022 07:40:23 +0800, Junxiao Chang wrote: > When KASAN is enabled, below log might be dumped with Intel EHL hardware: > [ 48.583597] ================================================================== > [ 48.585921] BUG: KASAN: slab-out-of-bounds in hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda] > [ 48.587995] Write of size 4 at addr ffff888103489708 by task pulseaudio/759 > > [ 48.589237] CPU: 2 PID: 759 Comm: pulseaudio Tainted: G U E 5.15.71-intel-ese-standard-lts #9 > [ 48.591272] Hardware name: Intel Corporation Elkhart Lake Embedded Platform/ElkhartLake LPDDR4x T3 CRB, BIOS EHLSFWI1.R00.4251.A01.2206130432 06/13/2022 > [ 48.593010] Call Trace: > [ 48.593648] <TASK> > [ 48.593852] dump_stack_lvl+0x34/0x48 > [ 48.594404] print_address_description.constprop.0+0x1f/0x140 > [ 48.595174] ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda] > [ 48.595868] ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda] > [ 48.596519] kasan_report.cold+0x7f/0x11b > [ 48.597003] ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda] > [ 48.597885] hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda] > > [...] Applied to https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next Thanks! [1/1] ASoC: hdac_hda: fix hda pcm buffer overflow issue commit: 37882100cd0629d830db430a8cee0b724fe1fea3 All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark
diff --git a/sound/soc/codecs/hdac_hda.h b/sound/soc/codecs/hdac_hda.h index fc19c34ca00e5..b65560981abb2 100644 --- a/sound/soc/codecs/hdac_hda.h +++ b/sound/soc/codecs/hdac_hda.h @@ -14,7 +14,7 @@ enum { HDAC_HDMI_1_DAI_ID, HDAC_HDMI_2_DAI_ID, HDAC_HDMI_3_DAI_ID, - HDAC_LAST_DAI_ID = HDAC_HDMI_3_DAI_ID, + HDAC_DAI_ID_NUM }; struct hdac_hda_pcm { @@ -24,7 +24,7 @@ struct hdac_hda_pcm { struct hdac_hda_priv { struct hda_codec *codec; - struct hdac_hda_pcm pcm[HDAC_LAST_DAI_ID]; + struct hdac_hda_pcm pcm[HDAC_DAI_ID_NUM]; bool need_display_power; };