On 03 Dec 2020 07:33:03 +0900, Kuninori Morimoto wrote:
Hi Gyeongtaek
Thank you for your patch
If stop by underrun and DPCM BE disconnection is run simultaneously, data abort can be occurred by the sequence below.
/* In core X, running dpcm_be_dai_trigger() */ for_each_dpcm_be(fe, stream, dpcm) { /* In core Y, running dpcm_be_disconnect() */ spin_lock_irqsave(&fe->card->dpcm_lock, flags); list_del(&dpcm->list_be); list_del(&dpcm->list_fe); spin_unlock_irqrestore(&fe->card->dpcm_lock, flags); kfree(dpcm); /* In core X, running dpcm_be_dai_trigger() */ struct snd_soc_pcm_runtime *be = dpcm->be; <== Accessing freed memory
It is easy to read/understand if this code has alignment.
To prevent this situation, dpcm_lock should be acquired during iteration of dpcm list in dpcm_do_trigger().
Signed-off-by: Gyeongtaek Lee gt82.lee@samsung.com Cc: stable@vger.kernel.org
Is this bugfix patch for some recent commit ? If so, having Fixes: tag is helpful.
Thank you for your help !!
I tried to find out some change from the history. However, I saw that dpcm_lock never be held in dpcm_be_dai_trigger() from the beginning. So, I just fixed some miss from the commit comment and resend. If you have another suggestion or request, just let me know.
And I have a question. This patch can’t be applied to stable branches directly by conflict. I found out following commits are needed to apply this patch into the 5.4 stable. ASoC: soc-pcm: remove snd_soc_dpcm_be_get/set_state() ASoC: soc-pcm: add snd_soc_dpcm_can_be() and remove duplicate code In this case, what should I do when stable maintainer requests resolving conflict to me? Should I send those patches to the maintainer? Or rewrite the patch on the latest of the each stable?
Thank you! Gyeongtaek Lee
Best regards
Kuninori Morimoto
Gyeongtaek Lee (1): ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger()
sound/soc/soc-pcm.c | 62 ++++++++++++++++++++++++++++++++------------- 1 file changed, 44 insertions(+), 18 deletions(-)
base-commit: fa02fcd94b0c8dff6cc65714510cf25ad194b90d