Hi Gyeongtaek
Thank you for your patch
If stop by underrun and DPCM BE disconnection is run simultaneously, data abort can be occurred by the sequence below.
/* In core X, running dpcm_be_dai_trigger() */ for_each_dpcm_be(fe, stream, dpcm) { /* In core Y, running dpcm_be_disconnect() */ spin_lock_irqsave(&fe->card->dpcm_lock, flags); list_del(&dpcm->list_be); list_del(&dpcm->list_fe); spin_unlock_irqrestore(&fe->card->dpcm_lock, flags); kfree(dpcm); /* In core X, running dpcm_be_dai_trigger() */ struct snd_soc_pcm_runtime *be = dpcm->be; <== Accessing freed memory
It is easy to read/understand if this code has alignment.
To prevent this situation, dpcm_lock should be acquired during iteration of dpcm list in dpcm_do_trigger().
Signed-off-by: Gyeongtaek Lee gt82.lee@samsung.com Cc: stable@vger.kernel.org
Is this bugfix patch for some recent commit ? If so, having Fixes: tag is helpful.
Thank you for your help !!
Best regards --- Kuninori Morimoto