• Takashi Iwai's avatar
    ALSA: timer: Fix zero-division by continue of uninitialized instance · d14b394a
    Takashi Iwai authored
    [ Upstream commit 9f8a7658 ]
    
    When a user timer instance is continued without the explicit start
    beforehand, the system gets eventually zero-division error like:
    
      divide error: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN
      CPU: 1 PID: 27320 Comm: syz-executor Not tainted 4.8.0-rc3-next-20160825+ #8
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
       task: ffff88003c9b2280 task.stack: ffff880027280000
       RIP: 0010:[<ffffffff858e1a6c>]  [<     inline     >] ktime_divns include/linux/ktime.h:195
       RIP: 0010:[<ffffffff858e1a6c>]  [<ffffffff858e1a6c>] snd_hrtimer_callback+0x1bc/0x3c0 sound/core/hrtimer.c:62
      Call Trace:
       <IRQ>
       [<     inline     >] __run_hrtimer kernel/time/hrtimer.c:1238
       [<ffffffff81504335>] __hrtimer_run_queues+0x325/0xe70 kernel/time/hrtimer.c:1302
       [<ffffffff81506ceb>] hrtimer_interrupt+0x18b/0x420 kernel/time/hrtimer.c:1336
       [<ffffffff8126d8df>] local_apic_timer_interrupt+0x6f/0xe0 arch/x86/kernel/apic/apic.c:933
       [<ffffffff86e13056>] smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:957
       [<ffffffff86e1210c>] apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:487
       <EOI>
       .....
    
    Although a similar issue was spotted and a fix patch was merged in
    commit [6b760bb2: ALSA: timer: fix division by zero after
    SNDRV_TIMER_IOCTL_CONTINUE], it seems covering only a part of
    iceberg.
    
    In this patch, we fix the issue a bit more drastically.  Basically the
    continue of an uninitialized timer is supposed to be a fresh start, so
    we do it for user timers.  For the direct snd_timer_continue() call,
    there is no way to pass the initial tick value, so we kick out for the
    uninitialized case.
    Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
    Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
    d14b394a
timer.c 53.6 KB