linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Srikanth Korangala Hari <srikanth.h@samsung.com>
To: Takashi Iwai <tiwai@suse.de>
Cc: "alsa-devel@alsa-project.org" <alsa-devel@alsa-project.org>,
	"keescook@chromium.org" <keescook@chromium.org>,
	"ben.hutchings@codethink.co.uk" <ben.hutchings@codethink.co.uk>,
	"perex@perex.cz" <perex@perex.cz>,
	"elfring@users.sourceforge.net" <elfring@users.sourceforge.net>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>,
	CPGS <cpgs@samsung.com>
Subject: RE: Re: [PATCH 1/1] Preventive fix in sound module
Date: Wed, 18 Jul 2018 16:28:20 +0530	[thread overview]
Message-ID: <20180718105820epcms5p173879897edd4cc93b381f8125c11b91b@epcms5p1> (raw)
In-Reply-To: <s5hfu0gzw5e.wl-tiwai@suse.de>


>> 
>> Signed-off-by: Srikanth K H <srikanth.h@samsung.com>
 
>What does this fix, and above all, why is this needed?

Hi,

When the sound driver creates the timer without sound card object, then while reading the sound info entry the timer object’s card information is dereferenced without checking for NULL pointer which will result for kernel panic. I tried to simulate this scenario and got below call stack,
[   36.668] E/DEVKMSG (P    0, T    0): Unable to handle kernel NULL pointer dereference at virtual address 00000000
[   36.668] E/DEVKMSG (P    0, T    0): pgd = e52f0000
[   36.668] E/DEVKMSG (P    0, T    0): [00000000] *pgd=00000000
[   36.668] E/DEVKMSG (P    0, T    0): Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[   36.668] E/DEVKMSG (P    0, T    0): Modules linked in:
[   36.668] E/DEVKMSG (P    0, T    0): CPU: 1 PID: 1258 Comm: cat Tainted: G        W    3.10.65-00121-g83e9b9b-dirty #54-Tizen
[   36.668] E/DEVKMSG (P    0, T    0): task: e653aec0 ti: e52ec000 task.ti: e52ec000
[   36.668] E/DEVKMSG (P    0, T    0): PC is at snd_timer_proc_read+0x104/0x278
[   36.668] E/DEVKMSG (P    0, T    0): LR is at snd_timer_proc_read+0xec/0x278
[   36.668] E/DEVKMSG (P    0, T    0): pc : [<c0527cfc>]    lr : [<c0527ce4>]    psr: 60040013\x0asp : e52eded0  ip : 00000000  fp : 10624dd3
[   36.668] E/DEVKMSG (P    0, T    0): r10: c08ded6c  r9 : e49e3bd8  r8 : c074f518
[   36.668] E/DEVKMSG (P    0, T    0): r7 : c0afbae4  r6 : eb95a000  r5 : e49e3240  r4 : eb257e00
[   36.668] E/DEVKMSG (P    0, T    0): r3 : 00000000  r2 : 00000000  r1 : c0987cd7  r0 : e49e3240
[   36.668] E/DEVKMSG (P    0, T    0): Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
[   36.668] E/DEVKMSG (P    0, T    0): Control: 10c53c7d  Table: a52f006a  DAC: 00000015

Hence this is a preventive patch to avoid kernel panic in case if the card object passed to timer function is NULL. This would not happen in normal case, but in case of buggy scenario this would results in kernel panic rather than graceful exit.

thanks,
srikanth

  parent reply	other threads:[~2018-07-18 10:58 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20180718100741epcas1p393bea852d102e903ab6a48ff952761db@epcas1p3.samsung.com>
2018-07-18 10:07 ` [PATCH 1/1] Preventive fix in sound module Srikanth K H
2018-07-18 10:16   ` Takashi Iwai
     [not found]   ` <CGME20180718100741epcas1p393bea852d102e903ab6a48ff952761db@epcms5p1>
2018-07-18 10:58     ` Srikanth Korangala Hari [this message]
2018-07-18 12:14       ` Takashi Iwai
     [not found]   ` <CGME20180718150653epcas2p3c2f0e36569529df72ce0b79a22867eac@epcas2p3.samsung.com>
2018-07-18 15:07     ` [PATCHv2 " Srikanth K H
2018-07-18 15:24       ` Takashi Iwai
     [not found]       ` <CGME20180718150653epcas2p3c2f0e36569529df72ce0b79a22867eac@epcms5p8>
2018-07-19  5:16         ` Srikanth Korangala Hari

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180718105820epcms5p173879897edd4cc93b381f8125c11b91b@epcms5p1 \
    --to=srikanth.h@samsung.com \
    --cc=alsa-devel@alsa-project.org \
    --cc=ben.hutchings@codethink.co.uk \
    --cc=cpgs@samsung.com \
    --cc=elfring@users.sourceforge.net \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=perex@perex.cz \
    --cc=tiwai@suse.de \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).