[alsa-devel] [PATCH v4 03/15] ALSA: usb-audio: prevent NULL dereference on stop trigger
Takashi Iwai
tiwai at suse.de
Mon Oct 7 10:57:05 CEST 2013
At Sun, 6 Oct 2013 22:31:08 +0200,
Eldad Zack wrote:
>
> If an endpoint uses another endpoint for synchronization, and the
> other endpoint is stopped, an oops will occur on NULL dereference.
> Clearing the prepare/retire callbacks solves this issue.
>
> v2: Thanks to Daniel Mack, fixed (an ironic) NULL dereference when
> the pcm substream is opened and closed immediately.
>
> Signed-off-by: Eldad Zack <eldad at fogrefinery.com>
> ---
> sound/usb/pcm.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/sound/usb/pcm.c b/sound/usb/pcm.c
> index 1a9a018..525bc8c 100644
> --- a/sound/usb/pcm.c
> +++ b/sound/usb/pcm.c
> @@ -1205,6 +1205,11 @@ static int snd_usb_pcm_close(struct snd_pcm_substream *substream, int direction)
> subs->interface = -1;
> }
>
> + if (subs->data_endpoint) {
> + subs->data_endpoint->prepare_data_urb = NULL;
> + subs->data_endpoint->retire_data_urb = NULL;
> + }
> +
This is superfluous as the close callback is always called after
tigger stop and hw_free.
Takashi
> subs->pcm_substream = NULL;
> snd_usb_autosuspend(subs->stream->chip);
>
> @@ -1535,6 +1540,8 @@ static int snd_usb_substream_playback_trigger(struct snd_pcm_substream *substrea
> subs->running = 1;
> return 0;
> case SNDRV_PCM_TRIGGER_STOP:
> + subs->data_endpoint->prepare_data_urb = NULL;
> + subs->data_endpoint->retire_data_urb = NULL;
> stop_endpoints(subs, false);
> subs->running = 0;
> return 0;
> @@ -1565,6 +1572,7 @@ static int snd_usb_substream_capture_trigger(struct snd_pcm_substream *substream
> subs->running = 1;
> return 0;
> case SNDRV_PCM_TRIGGER_STOP:
> + subs->data_endpoint->retire_data_urb = NULL;
> stop_endpoints(subs, false);
> subs->running = 0;
> return 0;
> --
> 1.8.1.5
>
More information about the Alsa-devel
mailing list