When sound card is not registered, in a callback of unit removal, ALSA dice driver calls amdtp_stream_stop(). This causes a NULL pointer dereference in __mutex_lock_slowpath() because of uninitialized mutex data.
When private data is going to be released, no userspace applications refer to AMDTP stream data anymore. Thus no need to stop the streams. This commit just destroys the stream data to fix the bug.
Fixes: 4bdc495c87b3('ALSA: dice: handle several PCM substreams when any isochronous streams are available') Signed-off-by: Takashi Sakamoto o-takashi@sakamocchi.jp --- sound/firewire/dice/dice-stream.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/sound/firewire/dice/dice-stream.c b/sound/firewire/dice/dice-stream.c index 845d5e5..ec4db3a 100644 --- a/sound/firewire/dice/dice-stream.c +++ b/sound/firewire/dice/dice-stream.c @@ -446,18 +446,12 @@ end:
void snd_dice_stream_destroy_duplex(struct snd_dice *dice) { - struct reg_params tx_params, rx_params; - - snd_dice_transaction_clear_enable(dice); + unsigned int i;
- if (get_register_params(dice, &tx_params, &rx_params) == 0) { - stop_streams(dice, AMDTP_IN_STREAM, &tx_params); - stop_streams(dice, AMDTP_OUT_STREAM, &rx_params); + for (i = 0; i < MAX_STREAMS; i++) { + destroy_stream(dice, AMDTP_IN_STREAM, i); + destroy_stream(dice, AMDTP_OUT_STREAM, i); } - - release_resources(dice); - - dice->substreams_counter = 0; }
void snd_dice_stream_update_duplex(struct snd_dice *dice)