[haiku-development] Re: Intel HDA driver issues
- From: Adrien Destugues <pulkomandy@xxxxxxxxxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Sun, 25 Jun 2017 08:10:48 +0200
On Sun, Jun 25, 2017 at 05:39:44AM +0000, Jessica Hamilton wrote:
I've been tracing the hda driver to find out why I've had to blacklist it
on my macbook air with the x86_64 build, and have finally traced it to a
problem with the cookie passed into multi_audio_control, where
hda_audio_group->multi has a mangled pointer.
The top 32 bits of the pointer are 0yFFFFFF00 instead of 0xFFFFFFFF like
all other pointers.
I hope that's a 0x and not a 0y ;)
I've found as a workaround to fix up the high 32 bits of the address allows
the driver to run successfully.
There is only one place where the address is set, in hda_codec.cpp:1279.
Adding tracing here, and the pointer is valid.
I have no idea how this is happening, as other pointers don't appear to be
affected at all.
I would guess something is overwriting the pointer. Looking at the
structure, I see that just before it there is an array (associations)
with a fixed size of 16 items. Looking at the code that fills this
(hda_widget_get_associations), I notice that there is a loop with the
right bounds (i from 0 to 15), but then it uses another variable "index"
to fill the array. It looks like the condition to increment the index (i
== 15) is wrong. I thin it should be i != 15 to avoid running past the
array (with a warning telling us to increase MAX_ASSOCIATIONS).
As a result, if widget_count is larger than MAX_ASSOCIATIONS, we could end up
erasing what's after the array.
It's easy to check by verifying both widget_count and association_count
values.
--
Adrien.
Other related posts:
