[PATCH] ALSA: core: fix unsigned int pages overflow when comapred

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



we see the below kernel panic on stress suspend resume test in
snd_malloc_sgbuf_pages(), snd_dma_alloc_pages_fallback() alloc
chunk maybe larger than the left pages due to the pages alignment,
which will cause the pages overflow.

while (pages > 0) {
	...
	pages -= chunk;
}

the patch is change the pages from unsigned int to int to fix the issue.

BUG: unable to handle kernel paging request at ffff88000deb4000
IP: [<ffffffff81404fa9>] memset_erms+0x9/0x10
Call Trace:
 [<ffffffff818f222f>] snd_dma_alloc_pages+0xff/0x210
 [<ffffffff818f23af>] snd_dma_alloc_pages_fallback+0x6f/0x90
 [<ffffffff818f2b85>] snd_malloc_sgbuf_pages+0x145/0x370
 [<ffffffff818f229e>] snd_dma_alloc_pages+0x16e/0x210
 [<ffffffffc011930d>] hdac_ext_dma_alloc_pages+0x1d/0x40 [snd_hda_ext_core]
 [<ffffffffc010729a>] snd_hdac_dsp_prepare+0xca/0x1c0 [snd_hda_core]
 [<ffffffffc01880f9>] skl_dsp_prepare+0x99/0xf0 [snd_soc_skl]
 [<ffffffffc0162a7e>] bxt_load_base_firmware+0x9e/0x5c0 [snd_soc_skl_ipc]
 [<ffffffffc01630ec>] bxt_set_dsp_D0+0x14c/0x300 [snd_soc_skl_ipc]
 [<ffffffffc015f9c3>] skl_dsp_get_core+0x43/0xd0 [snd_soc_skl_ipc]
 [<ffffffffc015fa60>] skl_dsp_wake+0x10/0x20 [snd_soc_skl_ipc]
 [<ffffffffc0188e3e>] skl_resume_dsp+0x7e/0x140 [snd_soc_skl]
 [<ffffffffc0183c4a>] skl_resume+0xda/0x170 [snd_soc_skl]
 [<ffffffff81452726>] pci_pm_resume+0x76/0xe0
 [<ffffffff816616da>] dpm_run_callback+0x5a/0x180
 [<ffffffff81661e3c>] device_resume+0xdc/0x2c0
 [<ffffffff81663818>] dpm_resume+0x118/0x310
 [<ffffffff81663e11>] dpm_resume_end+0x11/0x20
 [<ffffffff810f8bcc>] suspend_devices_and_enter+0x11c/0x2b0
 [<ffffffff810f90bd>] pm_suspend+0x35d/0x3d0
 [<ffffffff810f78a6>] state_store+0x66/0x90
 [<ffffffff813f80e2>] kobj_attr_store+0x12/0x20
 [<ffffffff812a37bc>] sysfs_kf_write+0x3c/0x50
 [<ffffffff812a2cbd>] kernfs_fop_write+0x11d/0x1a0
 [<ffffffff8121dfaa>] __vfs_write+0x3a/0x150
 [<ffffffff8121f2b1>] vfs_write+0xb1/0x1a0
 [<ffffffff81220898>] SyS_write+0x58/0xc0
 [<ffffffff81001fca>] do_syscall_64+0x6a/0xe0
 [<ffffffff81b06560>] entry_SYSCALL_64_after_swapgs+0x5d/0xd7

Signed-off-by: he, bo <bo.he@xxxxxxxxx>
Signed-off-by: zhang jun <jun.zhang@xxxxxxxxx>
---
 sound/core/sgbuf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sound/core/sgbuf.c b/sound/core/sgbuf.c
index 84fffab..33449ee 100644
--- a/sound/core/sgbuf.c
+++ b/sound/core/sgbuf.c
@@ -68,7 +68,8 @@ void *snd_malloc_sgbuf_pages(struct device *device,
 			     size_t *res_size)
 {
 	struct snd_sg_buf *sgbuf;
-	unsigned int i, pages, chunk, maxpages;
+	unsigned int i, chunk, maxpages;
+	int pages;
 	struct snd_dma_buffer tmpb;
 	struct snd_sg_page *table;
 	struct page **pgtable;
-- 
2.7.4

_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel



[Index of Archives]     [ALSA User]     [Linux Audio Users]     [Pulse Audio]     [Kernel Archive]     [Asterisk PBX]     [Photo Sharing]     [Linux Sound]     [Video 4 Linux]     [Gimp]     [Yosemite News]

  Powered by Linux