On Thu, Mar 18, 2010 at 05:17:55PM +0100, Daniel Mack wrote:
So the first stream (PLAYBACK) already exported its dma_data which is now freed by the code initializing the second stream (CAPTURE). This corrupts all existing users of course, and in this particular case, the cleanup in __pxa2xx_pcm_hw_free() dereferences a pointer which is bogus.
What I really don't understand is why this didn't crash a lot earlier for many more users.
So how is this supposed to be fixed? Should dma_data become a member of some per-stream instance? I believe that also other platforms than PXA are actually affected - am I right?
It should really be per-substream, yes.
It's relatively hard to trigger problems on a lot of platform since the DAI data pointer is often only really used at stream setup, meaning that triggering a problem requires that a system not only does simultaneous playback and capture but also has overlapping startup of the two. PXA is also very rare in doing dynamic allocation here, most drivers use statically allocated resources which would make any problems much less obvious.
There's some more generic issues there to do with imposing constraints but that's a separate thing.