• Takashi Iwai's avatar
    ALSA: timer: Fix zero-division by continue of uninitialized instance · c21f80e9
    Takashi Iwai authored
    [ Upstream commit 9f8a7658 ]
    
    When a user timer instance is continued without the explicit start
    beforehand, the system gets eventually zero-division error like:
    
      divide error: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN
      CPU: 1 PID: 27320 Comm: syz-executor Not tainted 4.8.0-rc3-next-20160825+ #8
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
       task: ffff88003c9b2280 task.stack: ffff880027280000
       RIP: 0010:[<ffffffff858e1a6c>]  [<     inline     >] ktime_divns include/linux/ktime.h:195
       RIP: 0010:[<ffffffff858e1a6c>]  [<ffffffff858e1a6c>] snd_hrtimer_callback+0x1bc/0x3c0 sound/core/hrtimer.c:62
      Call Trace:
       <IRQ>
       [<     inline     >] __run_hrtimer kernel/time/hrtimer.c:1238
       [<ffffffff81504335>] __hrtimer_run_queues+0x325/0xe70 kernel/time/hrtimer.c:1302
       [<ffffffff81506ceb>] hrtimer_interrupt+0x18b/0x420 kernel/time/hrtimer.c:1336
       [<ffffffff8126d8df>] local_apic_timer_interrupt+0x6f/0xe0 arch/x86/kernel/apic/apic.c:933
       [<ffffffff86e13056>] smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:957
       [<ffffffff86e1210c>] apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:487
       <EOI>
       .....
    
    Although a similar issue was spotted and a fix patch was merged in
    commit [6b760bb2: ALSA: timer: fix division by zero after
    SNDRV_TIMER_IOCTL_CONTINUE], it seems covering only a part of
    iceberg.
    
    In this patch, we fix the issue a bit more drastically.  Basically the
    continue of an uninitialized timer is supposed to be a fresh start, so
    we do it for user timers.  For the direct snd_timer_continue() call,
    there is no way to pass the initial tick value, so we kick out for the
    uninitialized case.
    Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    c21f80e9
Name
Last commit
Last update
..
aoa Loading commit data...
arm Loading commit data...
atmel Loading commit data...
core Loading commit data...
drivers Loading commit data...
firewire Loading commit data...
hda Loading commit data...
i2c Loading commit data...
isa Loading commit data...
mips Loading commit data...
oss Loading commit data...
parisc Loading commit data...
pci Loading commit data...
pcmcia Loading commit data...
ppc Loading commit data...
sh Loading commit data...
soc Loading commit data...
sparc Loading commit data...
spi Loading commit data...
synth Loading commit data...
usb Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
ac97_bus.c Loading commit data...
last.c Loading commit data...
sound_core.c Loading commit data...
sound_firmware.c Loading commit data...