On Wed, 29 Sep 2021 13:36:20 +0200, John Keeping wrote:
If the sequencer device outlives the rawmidi device, then snd_rawmidi_dev_seq_free() will run after release_rawmidi_device() has freed the snd_rawmidi structure.
This can easily be reproduced with CONFIG_DEBUG_KOBJECT_RELEASE.
Keep a reference to the rawmidi device until the sequencer has been destroyed in order to avoid this.
Signed-off-by: John Keeping john@metanate.com
Thanks for the patch. I wonder, though, how this could be triggered. Is this the case where the connected sequencer device is being used while the sound card gets released? Or is it something else?
thanks,
Takashi
sound/core/rawmidi.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c index 6f30231bdb88..b015f5f69175 100644 --- a/sound/core/rawmidi.c +++ b/sound/core/rawmidi.c @@ -1860,6 +1860,7 @@ static void snd_rawmidi_dev_seq_free(struct snd_seq_device *device) struct snd_rawmidi *rmidi = device->private_data;
rmidi->seq_dev = NULL;
- put_device(&rmidi->dev);
} #endif
@@ -1936,6 +1937,9 @@ static int snd_rawmidi_dev_register(struct snd_device *device) #if IS_ENABLED(CONFIG_SND_SEQUENCER) if (!rmidi->ops || !rmidi->ops->dev_register) { /* own registration mechanism */ if (snd_seq_device_new(rmidi->card, rmidi->device, SNDRV_SEQ_DEV_ID_MIDISYNTH, 0, &rmidi->seq_dev) >= 0) {
/* Ensure we outlive the sequencer (see snd_rawmidi_dev_seq_free). */
get_device(&rmidi->dev);
rmidi->seq_dev->private_data = rmidi; rmidi->seq_dev->private_free = snd_rawmidi_dev_seq_free; sprintf(rmidi->seq_dev->name, "MIDI %d-%d", rmidi->card->number, rmidi->device);
-- 2.33.0