[alsa-devel] Memory corruption in ASoC
Daniel Mack
daniel at caiaq.de
Thu Mar 18 17:48:53 CET 2010
On Thu, Mar 18, 2010 at 04:43:06PM +0000, Mark Brown wrote:
> On Thu, Mar 18, 2010 at 05:17:55PM +0100, Daniel Mack wrote:
>
> > So the first stream (PLAYBACK) already exported its dma_data which is
> > now freed by the code initializing the second stream (CAPTURE).
> > This corrupts all existing users of course, and in this particular case,
> > the cleanup in __pxa2xx_pcm_hw_free() dereferences a pointer which is
> > bogus.
>
> > What I really don't understand is why this didn't crash a lot earlier
> > for many more users.
>
> > So how is this supposed to be fixed? Should dma_data become a member of
> > some per-stream instance? I believe that also other platforms than PXA
> > are actually affected - am I right?
>
> It should really be per-substream, yes.
Do you want me to fix this or are you working on this already?
I know there are some pxa-ssp related things pending which will also
cause merge conflicts - which tree should thing apply to currently?
> It's relatively hard to trigger problems on a lot of platform since the
> DAI data pointer is often only really used at stream setup, meaning that
> triggering a problem requires that a system not only does simultaneous
> playback and capture but also has overlapping startup of the two.
Well, how would you initialize them in a non-overlapping way? The
example I sent does the setup fairly straight-forward, doesn't it?
I'd say any full-duplex system is affected.
Daniel
More information about the Alsa-devel
mailing list