[haiku-development] Re: Intel HDA driver issues

• From: "Earl Pottinger" <dmarc-noreply@xxxxxxxxxxxxx> (Redacted sender "earl_colby_pottinger" for DMARC)
• To: "haiku-development@xxxxxxxxxxxxx" <haiku-development@xxxxxxxxxxxxx>
• Date: Sun, 25 Jun 2017 10:15:33 +0000 (UTC)

Suggestion, just as a test - can the array (hda_widget_get_associations) be 
padded to a large enough size to prevent the over-write? That would confirm the 
cause.

      From: Adrien Destugues <pulkomandy@xxxxxxxxxxxxx>
 To: haiku-development@xxxxxxxxxxxxx 
 Sent: Sunday, June 25, 2017 2:11 AM
 Subject: [haiku-development] Re: Intel HDA driver issues
   
On Sun, Jun 25, 2017 at 05:39:44AM +0000, Jessica Hamilton wrote:

I've been tracing the hda driver to find out why I've had to blacklist it
on my macbook air with the x86_64 build, and have finally traced it to a
problem with the cookie passed into multi_audio_control, where
hda_audio_group->multi has a mangled pointer.

The top 32 bits of the pointer are 0yFFFFFF00 instead of 0xFFFFFFFF like
all other pointers.

I hope that's a 0x and not a 0y ;)

I've found as a workaround to fix up the high 32 bits of the address allows
the driver to run successfully.

There is only one place where the address is set, in hda_codec.cpp:1279.
Adding tracing here, and the pointer is valid.

I have no idea how this is happening, as other pointers don't appear to be
affected at all.

I would guess something is overwriting the pointer. Looking at the
structure, I see that just before it there is an array (associations)
with a fixed size of 16 items. Looking at the code that fills this
(hda_widget_get_associations), I notice that there is a loop with the
right bounds (i from 0 to 15), but then it uses another variable "index"
to fill the array. It looks like the condition to increment the index (i
== 15) is wrong. I thin it should be i != 15 to avoid running past the
array (with a warning telling us to increase MAX_ASSOCIATIONS).

As a result, if widget_count is larger than MAX_ASSOCIATIONS, we could end up
erasing what's after the array.

It's easy to check by verifying both widget_count and association_count
values.

-- 
Adrien.



   

• References:
  • [haiku-development] Intel HDA driver issues
    • From: Jessica Hamilton
  • [haiku-development] Re: Intel HDA driver issues
    • From: Adrien Destugues

Other related posts:

• » [haiku-development] Intel HDA driver issues- Jessica Hamilton
• » [haiku-development] Re: Intel HDA driver issues- Adrien Destugues
• » [haiku-development] Re: Intel HDA driver issues - Earl Pottinger

1. Home
2. haiku-development
3. Archive
4. 06-2017

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---