At Sat, 21 Feb 2015 23:54:56 +0900, Takashi Sakamoto wrote:
Each FireWire sound driver causes kernel oops at unplugging during streaming. This bug affects:
- snd-bebob (in 3.16 or later)
- snd-fireworks (in 3.16 or later)
- snd-dice (in 3.19 or later)
- snd-oxfw (in 3.19 or later)
When streaming, any ALSA character devices are opened and sound card object is referred. Then 'struct snd_card.private_free()' is not executed in a context of 'struct fw_driver.remove()'. It's executed in a context of an application process in which the last ALSA character device is closed. In this case, any operation to instances of FireWire unit is invalid because it's already released, and causes kernel oops. I confirm GPF or Null-pointer-dereference.
To fix this problem, this patchset do: 1.delegate reference counting of an instance of FireWire unit from AMDTP helper functions to each driver, then do it in 'struct snd_card.private_free()'. 2.move stream or transaction destructor from 'struct fw_driver.remove()' to 'struct snd_card.private_free()'.
With this patchset, each driver keeps a reference to FireWire unit till all of ALSA applications close its character devices. This may be against IEEE 1394 bus driver developers' expectation to high-level drivers.
Thanks, now applied all four patches.
Takashi
Takashi Sakamoto (4): ALSA: fireworks/bebob/dice/oxfw: add reference-counting for FireWire unit ALSA: firewire-lib: remove reference counting ALSA: fireworks/bebob/dice/oxfw: allow stream destructor after releasing runtime ALSA: fireworks/bebob/dice/oxfw: make it possible to shutdown safely
sound/firewire/amdtp.c | 3 +-- sound/firewire/bebob/bebob.c | 20 ++++++++++++++++---- sound/firewire/bebob/bebob_stream.c | 16 ++++------------ sound/firewire/dice/dice-stream.c | 18 ++++++++++++------ sound/firewire/dice/dice.c | 16 +++++++++++----- sound/firewire/fireworks/fireworks.c | 20 ++++++++++++++------ sound/firewire/fireworks/fireworks_stream.c | 19 ++++++++++--------- sound/firewire/oxfw/oxfw-stream.c | 6 ++++-- sound/firewire/oxfw/oxfw.c | 21 ++++++++++++++------- 9 files changed, 86 insertions(+), 53 deletions(-)
-- 2.1.0