[alsa-devel] [PATCH] ALSA: Remove the runtime local variable in snd_pcm_period_elapsed

Jaroslav Kysela perex at perex.cz
Fri Jun 27 21:00:44 CEST 2014 

Date 27.6.2014 20:13, JongHo Kim wrote:
>>From a46df32a4fc184364be45ffe8957d5a20818d979 Mon Sep 17 00:00:00 2001
> From: JongHo Kim <furmuwon at gmail.com>
> Date: Sat, 28 Jun 2014 02:49:13 +0900
> Subject: [PATCH] ALSA: Remove the runtime local variable in
>   snd_pcm_period_elapsed
> 
> The local runtime variable in snd_pcm_period_elapsed has the value
> of substream->runtime. If the substream->runtime memory was freed,
> The local runtime variable can point the invalid memory.
> If do not fix this, can refer to freed memory.
> This patch remove local runtime variable and check the NULL directly.

This patch looks wrong. Besides the wrong fix, the elapsed function MUST
NOT be called when the stream is inactive (stopped). The PCM core
functions calls the stop callback for the lowlevel drivers. It appears
like an issue in the hardware driver.

					Jaroslav

> 
> Signed-off-by: JongHo Kim <furmuwon at gmail.com>
> ---
>   sound/core/pcm_lib.c | 14 +++++++-------
>   1 file changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c
> index 9acc77e..c3de2d3 100644
> --- a/sound/core/pcm_lib.c
> +++ b/sound/core/pcm_lib.c
> @@ -1836,15 +1836,13 @@ EXPORT_SYMBOL(snd_pcm_lib_ioctl);
>    */
>   void snd_pcm_period_elapsed(struct snd_pcm_substream *substream)
>   {
> -	struct snd_pcm_runtime *runtime;
>   	unsigned long flags;
> 
>   	if (PCM_RUNTIME_CHECK(substream))
>   		return;
> -	runtime = substream->runtime;
> 
> -	if (runtime->transfer_ack_begin)
> -		runtime->transfer_ack_begin(substream);
> +	if (substream->runtime && substream->runtime->transfer_ack_begin)
> +		substream->runtime->transfer_ack_begin(substream);
> 
>   	snd_pcm_stream_lock_irqsave(substream, flags);
>   	if (!snd_pcm_running(substream) ||
> @@ -1855,9 +1853,11 @@ void snd_pcm_period_elapsed(struct 
> snd_pcm_substream *substream)
>   		snd_timer_interrupt(substream->timer, 1);
>    _end:
>   	snd_pcm_stream_unlock_irqrestore(substream, flags);
> -	if (runtime->transfer_ack_end)
> -		runtime->transfer_ack_end(substream);
> -	kill_fasync(&runtime->fasync, SIGIO, POLL_IN);
> +	if (substream->runtime && substream->runtime->transfer_ack_end)
> +		substream->runtime->transfer_ack_end(substream);
> +
> +	if (substream->runtime)
> +		kill_fasync(&substream->runtime->fasync, SIGIO, POLL_IN);
>   }
> 
>   EXPORT_SYMBOL(snd_pcm_period_elapsed);
> 


-- 
Jaroslav Kysela <perex at perex.cz>
Linux Kernel Sound Maintainer
ALSA Project; Red Hat, Inc.

More information about the Alsa-devel mailing list